• The KIPS Transactions:PartD
• /
• v.9D no.4
• /
• pp.687-696
• /
• 2002

In this paper, we describe the implementation of the configuration platform (LonWare) based on Linux for LonWorks which is one of the popular standard of home control network. LonWare consists of three modules NMML, Lonware API, LonWare DB, and it provides semantically well-defined APls for application device developers to easily access and control. And, LonWare DB is not needed to be located the outside of home, so the security-safe configurator can be made.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.514-517
• /
• 2014

HTML5 는 웹 문서를 작성하기 위한 HTML(Hyper Text Markup Language)의 차세대 웹 표준 이다. HTML5 는 아직 개발 중에 있으며 2014 년 하반기에 최종표준이 발표 될 것으로 전망 된다. HTML5 는 이전 버전의 HTML 과 호환성을 유지하면서 개발자에게 동영상, 위치정보, 소켓통신 및 다양한 미디어 서비스 을 별도의 플러그인 없이 HTML5 의 확장된 표준 태그로 Dynamic 한 기능을 구현할 수 있게 한다. 그러나 HTML5 에 새롭게 추가된 일부 표준 태그 에서 웹 어플리케이션(Web application) 서비스의 데이터 보안 취약점이 발견되었다. 본 논문에서는 HTML5 로 웹 어플리케이션 소프트웨어 개발 과정에서 발견된 표준 태그 및 API 보안 취약점을 분석하고 공격대상이 되는 소스코드 의 취약점을 개선 하였다. 보안에 취약한 소스코드 취약점을 개선하여 외부 공격자의 위협으로 부터 보안 취약점을 예방 할 수 있는 대응방법을 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.5
• /
• pp.1871-1890
• /
• 2021

The transition toward a contactless society has been rapidly progressing owing to the recent COVID-19 pandemic. As a result, the IT environment of organizations and enterprises is changing rapidly; in particular, data security is expanding to the private sector. To adapt to these changes, organizations and companies have started to securely transfer confidential data to residential PCs and personally owned devices of employees working from home or from other locations. Therefore, organizations and companies are introducing streaming data services, such as the virtual desktop infrastructure (VDI) or cloud services, to securely connect internal and external networks. These methods have the advantage of providing data without the need to download to a third terminal; however, while the data are being streamed, attacks such as screen shooting or capturing are performed. Therefore, there is an increasing interest in prevention techniques against screen capture threats that may occur in a contactless environment. In this study, we analyze possible screen capture methods in a PC and a mobile phone environment and present techniques that can protect the screens against specific attack methods. The detection and defense for screen capture of PC applications on Windows OS and Mac OS could be solved with a single agent using our proposed techniques. Screen capture of mobile devices can be prevented by applying our proposed techniques on Android and iOS.

• Journal of Information Technology Services
• /
• v.22 no.1
• /
• pp.29-42
• /
• 2023

Amid the global movement to harness individual data and boost the data economy, MyData services that utilize personal data are being implemented in earnest in the financial sector in Korea due to the government's active encouragement policy. To this end, MyData service providers must have a service system for business operators that collects and efficiently loads personal information scattered in various financial institutions with individual consent, and comprehensively analyzes and provides it. The system must not only have strict security management capabilities, but also be built in a flexible form that takes into account future data scalability and additional services. In this paper, it has been proposed to be implemented the essential functions that MyData service system must have and the core functions that can manage the entire data life cycle from data collection, distribution to disposal in the form of a platform. In addition, the strengths of the platform structure were reviewed, and the effectiveness of the platform model was examined upon application.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.3
• /
• pp.704-719
• /
• 2024

Botnet pandemics are becoming more prevalent with the growing use of mobile phone technologies. Mobile phone technologies provide a wide range of applications, including entertainment, commerce, education, and finance. In addition, botnet refers to the collection of compromised devices managed by a botmaster and engaging with each other via a command server to initiate an attack including phishing email, ad-click fraud, blockchain, and much more. As the number of botnet attacks rises, detecting harmful activities is becoming more challenging in handheld devices. Therefore, it is crucial to evaluate mobile botnet assaults to find the security vulnerabilities that occur through coordinated command servers causing major financial and ethical harm. For this purpose, we propose a hybrid analysis approach that integrates permissions and API and experiments on the machine-learning classifiers to detect mobile botnet applications. In this paper, the experiment employed benign, botnet, and malware applications for validation of the performance and accuracy of classifiers. The results conclude that a classifier model based on a simple decision tree obtained 99% accuracy with a low 0.003 false-positive rate than other machine learning classifiers for botnet applications detection. As an outcome of this paper, a hybrid approach enhances the accuracy of mobile botnet detection as compared to static and dynamic features when both are taken separately.

• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.21-38
• /
• 2017

It is actively opening the market to fintech companies through open platforms, such as financial institutions and public institutions. In this thesis, we will look at the conceptual differences between the "provision of third-party information" and "entrustment" of information protection related laws, such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Data Protection Etc (Network Utilization Protection Act). In addition, the legal obligation to provide information regarding the legal rights of information is considered to be relevant, whereas the legal obligation of the private information provided by the company is excessively mitigated, whereas the legal obligation of the company to provide information is excessively mitigated. In addition, I suggest self-diagnosis checklist to help fintech companies improve their privacy levels. It was found that the level of information protection was relatively insufficient compared to the consignees based on the results of a survey conducted for 31 fintech companies. Aggressive use of the checklist is suggested to raise the level of information protection for those companies.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.59-66
• /
• 2018

Android Things is an Android-based platform running in Google's IoT environment. Android smartphones require permissions from application users to use certain features, but in the case of Android Things, there is no display to send request notifications to users. Therefore Does not make a request to use the permissions and automatically accepts the permissions from the system. If the privilege is used indiscriminately, malicious behavior such as system failure or leakage of personal information can be performed by a function which is not related to the function originally. Therefore, By monitoring the privileges that a device uses in an Android-based IoT system, users can proactively respond to security threats that can arise through unauthorized use of the IoT system. This paper proposes a system that manages the rights currently being used by IoT devices in the Android Things based IoT environment, so that Android-based IoT devices can cope with irrelevant use of rights.

• Journal of Service Research and Studies
• /
• v.13 no.1
• /
• pp.108-126
• /
• 2023

This study explored the sustainability of a blockchain-based cultural art performance video platform through the construction of Gyeonggi Art On, a new media art broadcasting station in Gyeonggi-do. In addition, the technical limitations of video content transaction using block chain, legal and institutional issues, and the protection of personal information and intellectual property rights were reviewed. As for the research method, participatory observation methods such as in-depth interviews with developers and operators and participation in meetings were conducted. The researcher participated in and observed the entire development process, including designing and developing blockchain nodes, smart contracts, APIs, UI/UX, and testing interworking between blockchain and content distribution services. Research Question 1: The results of the study on 'Which technology model is suitable for a blockchain-based performance video content distribution public platform?' are as follows. 1) The blockchain type suitable for the public platform for distribution of art performance video contents based on the blockchain is the private type that can be intervened only when the blockchain manager directly invites it. 2) In public platforms such as Gyeonggi ArtOn, among the copyright management model, which is an art based on NFT issuance, and the BC token and cloud-based content distribution model, the model that provides content to external demand organizations through API and uses K-token for fee settlement is suitable. 3) For public platform initial services such as Gyeonggi ArtOn, a closed blockchain that provides services only to users who have been granted the right to use content is suitable. Research question 2: What legal and institutional problems should be reviewed when operating a blockchain-based performance video distribution public platform? The results of the study are as follows. 1) Blockchain-based smart contracts have a party eligibility problem due to the nature of blockchain technology in which the identities of transaction parties may not be revealed. 2) When a security incident occurs in the block chain, it is difficult to recover the loss because it is unclear how to compensate or remedy the user's loss. 3) The concept of default cannot be applied to smart contracts, and even if the obligations under the smart contract have already been fulfilled, the possibility of incomplete performance must be reviewed.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.75-80
• /
• 2021

This study provided personnel and recruitment information related to job offer and job hunting, and proposed a non-face-to-face platform that can facilitate matching of one-time services as well as periodic services. The existing recruitment and job search method for personal assistant of the disabled is a one-way matching method in which a person in charge of the service providing centers assigns an activity assistant belonging to the institution when a consumer requests an personal assistant service, so the choice of job seekers is very weak. The job matching platform of the activity assistant for the disabled can be logged in separately by dividing users and separating them into the interface of the disabled or the disabled family members (job seekers) and activity assistants for the disabled (job seekers). Search for job offer and job seekers that meet their respective conditions, and real-time bidirectional decision-making through the chat function, and when the activity assistance service is completed, recruiters and job seekers can write service reviews and evaluations from their own point of view. The real-time interactive decision-making matching platform will also help minimize blind spots where it is difficult to provide services when short-term or one-time assistance is needed.

• Journal of Intelligence and Information Systems
• /
• v.25 no.4
• /
• pp.123-139
• /
• 2019

The job classification system of major job sites differs from site to site and is different from the job classification system of the 'SQF(Sectoral Qualifications Framework)' proposed by the SW field. Therefore, a new job classification system is needed for SW companies, SW job seekers, and job sites to understand. The purpose of this study is to establish a standard job classification system that reflects market demand by analyzing SQF based on job offer information of major job sites and the NCS(National Competency Standards). For this purpose, the association analysis between occupations of major job sites is conducted and the association rule between SQF and occupation is conducted to derive the association rule between occupations. Using this association rule, we proposed an intelligent job classification system based on data mapping the job classification system of major job sites and SQF and job classification system. First, major job sites are selected to obtain information on the job classification system of the SW market. Then We identify ways to collect job information from each site and collect data through open API. Focusing on the relationship between the data, filtering only the job information posted on each job site at the same time, other job information is deleted. Next, we will map the job classification system between job sites using the association rules derived from the association analysis. We will complete the mapping between these market segments, discuss with the experts, further map the SQF, and finally propose a new job classification system. As a result, more than 30,000 job listings were collected in XML format using open API in 'WORKNET,' 'JOBKOREA,' and 'saramin', which are the main job sites in Korea. After filtering out about 900 job postings simultaneously posted on multiple job sites, 800 association rules were derived by applying the Apriori algorithm, which is a frequent pattern mining. Based on 800 related rules, the job classification system of WORKNET, JOBKOREA, and saramin and the SQF job classification system were mapped and classified into 1st and 4th stages. In the new job taxonomy, the first primary class, IT consulting, computer system, network, and security related job system, consisted of three secondary classifications, five tertiary classifications, and five fourth classifications. The second primary classification, the database and the job system related to system operation, consisted of three secondary classifications, three tertiary classifications, and four fourth classifications. The third primary category, Web Planning, Web Programming, Web Design, and Game, was composed of four secondary classifications, nine tertiary classifications, and two fourth classifications. The last primary classification, job systems related to ICT management, computer and communication engineering technology, consisted of three secondary classifications and six tertiary classifications. In particular, the new job classification system has a relatively flexible stage of classification, unlike other existing classification systems. WORKNET divides jobs into third categories, JOBKOREA divides jobs into second categories, and the subdivided jobs into keywords. saramin divided the job into the second classification, and the subdivided the job into keyword form. The newly proposed standard job classification system accepts some keyword-based jobs, and treats some product names as jobs. In the classification system, not only are jobs suspended in the second classification, but there are also jobs that are subdivided into the fourth classification. This reflected the idea that not all jobs could be broken down into the same steps. We also proposed a combination of rules and experts' opinions from market data collected and conducted associative analysis. Therefore, the newly proposed job classification system can be regarded as a data-based intelligent job classification system that reflects the market demand, unlike the existing job classification system. This study is meaningful in that it suggests a new job classification system that reflects market demand by attempting mapping between occupations based on data through the association analysis between occupations rather than intuition of some experts. However, this study has a limitation in that it cannot fully reflect the market demand that changes over time because the data collection point is temporary. As market demands change over time, including seasonal factors and major corporate public recruitment timings, continuous data monitoring and repeated experiments are needed to achieve more accurate matching. The results of this study can be used to suggest the direction of improvement of SQF in the SW industry in the future, and it is expected to be transferred to other industries with the experience of success in the SW industry.