• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.1
• /
• pp.33-54
• /
• 2010

Providing a secure 3-tier Web application has become a high priority for companies as e-businesses have increased the amount and the sensitivity of corporate information that can be accessed through the web. Web applications become more difficult to secure with this very increase in online traffic and transactions. This paper first reviews the 3-tier of web application, types of attacks that can threaten web application services and security principles. We then are designing and implementing a secure web application with open source software that able to mitigate the web application vulnerable to attack.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.377-386
• /
• 2003

In this paper, we present an application layer protocol to support secure wireless Internet services, called Application Layer Security(ALS). The drawbacks of the two traditional approaches to secure wireless applications motivated the development of ALS. One is that in the conventional application-specific security protocol such as Secure HyperText Transfer Protocol(S-HTTP), security mechanism is included in the application itself. This gives a disadvantage that the security services are available only to that particular application. The other is that a separate protocol layer is inserted between the application and transport layers, as in the Secure Sockets Layer(SSL)/Transport Layer Security(TLS). In this case, all channel data are encrypted regardless of the specific application's requirements, resulting in much waste of network resources. To overcome these problems, ALS is proposed to be implemented on top of HTTP so that it is independent of the various transport layer protocols, and provides a common security interface with security applications so that it greatly improves the portability of security applications. In addition, since ALS takes advantages of well-known TLS mechanism, it eliminates the danger of malicious attack and provides applications with various security services such as authentication, confidentiality integrity and digital signature, and partial encryption. We conclude this paper with an example of applying ALS to the solution of end-to-end security in a present commercial wireless protocol stack, Wireless Application Protocol.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.41-48
• /
• 2024

Existing PoS (Point of Sale) based payment frameworks are vulnerable as the Payment Application's integrity in the smart phone and PoS are compromised, vulnerable to reverse engineering attacks. In addition to these existing PoS (Point of Sale) based payment frameworks do not perform point-to-point encryption and do not ensure communication security. We propose a Smart and Secure PoS (SSPoS) Framework which overcomes these attacks. Our proposed SSPoS framework ensures point-to-point encryption (P2PE), Application hardening and Application wrapping. SSPoS framework overcomes repackaging attacks. SSPoS framework has very less communication and computation cost. SSPoS framework also addresses Heartbleed vulnerability. SSPoS protocol is successfully verified using Burrows-Abadi-Needham (BAN) logic, so it ensures all the security properties. SSPoS is threat modeled and implemented successfully.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.11-17
• /
• 2012

According to ISO/IEC 9000, quality to satisfy users' requirements when using the product or service is defined as the characteristics of the synthesized concept. Secure web application coding information systems with the reliability and quality of service is one of the determining factor. Secure coding in order to achieve the quality based on the model is necessary. The reason is that the security is in quality properties in the range of non-functional requirements that necessitates. Secure coding for the design of quality systems based on the quality of the definition of quality attributes, quality requirements, quality attribute scenarios are defined, and must be set. To this end, referring to IEEE 1061 quality model for web application, quality model structure is developed. Secure web application architecture design is composed of coding quality of the model systems, web applications draw interest to stakeholders, decision drivers secure coding architecture, quality attributes, eliciting quality requirements of the security settings, creating web application architecture descriptions and security framework.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.8
• /
• pp.651-662
• /
• 2013

In this study, we suggest the selecting evaluation method considering 6 major factors like Compliance system application (Development language conformance, Platform Compliance), threat evaluation (criticality of security incident, possibility of security incident), application benefit (Reliability / quality improvement, Modify Cost) for appropriate secure coding rule selecting evaluation. Using this method, we selected and make a set consist of 197 secure coding rules for Battlefield Management System Software. And calculated the application priority for each rules.

• Journal of Korean Society for Quality Management
• /
• v.47 no.1
• /
• pp.151-162
• /
• 2019

Purpose: This study is in order to secure high quality of military supplies, it is important to secure design quality in the development phase. I will review how to establish a quality assurance system in the development phase based on the author's seminar presentation contents and application example of Hanwha Systems Co., Ltd. Methods: To guarantee design quality in the development phase, in 2002, quality assurance system that is adequate for SQA(Software Quality Assurance)'s requirements of CMM(Capability Maturity Model) was conduct. In 2009, based on the CMMI(Capability Maturity Model Integration) Level 5, there has been continuous and reenforced quality assurance activities. Results: By suggesting the construction and a case study on application of R&D quality assurance, it would be helpful for companies aiming to construct or enhance quality assurance system. Conclusion: To secure high quality for military supplies, a development QA system should be established to secure quality in the development phase. In addition, Total life cycle QA system for development, mass production and operation phase should be reestablished.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.3
• /
• pp.49-55
• /
• 2012

Recently, with the rapid development of android-based smartphones, it is becomes a major security issue that the case of Android platform is an open platform. so it is easy to be a target of mobile virus penetration and hacking. Even there are a variety of security mechanisms to prevent the vulnerable points of the Android platform but the reason of most of the security mechanisms were designed at application-level that highly vulnerable to the attacks directly to the operating system or attacks using the disadvantages of an application's. It is necessary that the complementary of the android platform kernel blocks the kernel vulnerability and the application vulnerability. In this paper, we proposed a secure system using linux-based android kernel applied to LIDS(Linux Intrusion Detection and Defense System) and applied a smart phone with s5pc110 chip. As a result, the unauthorized alteration of the application was prevented with a proposed secure system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.901-911
• /
• 2012

The removal of security vulnerabilities during the developmental stage is found to be much more effective and much more efficient than performing the application during the operational phase. The underlying security vulnerabilities in software have become the major cause of cyber security incidents. Thus, secure coding is drawing much attention for one of its abilities includes minimizing security vulnerabilities at the source code level. Removal of security vulnerabilities at the software's developmental stage is not only effective but can also be regarded as a fundamental solution. This thesis is a research about the methods of Mobile-Secure Coding Self Assessment in order to evaluate the security levels in accordance to the application of mobile secure coding of every individual, groups, and organizations.

• Journal of Korea Multimedia Society
• /
• v.19 no.10
• /
• pp.1792-1807
• /
• 2016

Android application is vulnerable to reverse engineering attack. And by this, it is easy to extract significant module from source code and repackage it. To prevent this problem, dynamic class loading technique, which is able to exclude running code from distributed source code and is able to load running code dynamically during runtime can be used. Recently, this technique was adapted on variety of fields and applications like updating pre-loaded android application, preventing from repacking malicious application, etc. Despite the fact that this technique is used on variety of fields and applications, there is fundamental lack on the study of potential weakness or related secure coding. This paper would deal with potential weaknesses during the implementation of dynamic class loading technique with analysing related international/domestic standard of weaknesses and suggest a secure way for the implementation of dynamic class loading technique. Finally, we believe that this technique described here could increase the level of trust by decreasing the weakness related to dynamic class loading technique.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.3 no.4
• /
• pp.319-324
• /
• 2002

The Integration of agent technology and security technology is needed to many application areas like electronic commerce. This paper suggests a model of extended multi-agent engine which supports privacy, integrity, authentication and non-repudiation on agent communication. Each agent which is developed with the agent engine is composed of agent engine layer and agent application layer. We describe and use the concepts self-to-self messages, secure communication channel, and distinction of KQML messages in agent application layer and messages in agent engine layer. The suggested agent engine provides an agent communication language which is extended to enable secure communication between agents without any modifications or restrictions to content layer and message layer of KQML. Also, in the model of our multi-agent engine, secure communication is expressed and processed transparently on the agent communication language.