• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.10
• /
• pp.3750-3770
• /
• 2021

This study investigates open-source dynamic XSS filters used as security devices in web applications to account for the effectiveness of filters in protecting against XSS attacks. The experiment involves twelve representative filters, which are examined individually by placing them into the final output function of a custom-built single-input-form web application. To assess the effectiveness of the filters in their tasks of sanitizing XSS payloads and in preserving benign payloads, a black-box testing method is applied using an automated XSS testing framework. The result in working with malicious and benign payloads shows an important trade-off in the filters' tasks. Because the filters that only check for dangerous or safe elements, they seem to neglect to validate their values. As some safe values are mistreated as dangerous elements, their benign payload function is lost in the way. For the filters to be more effective, it is suggested that they should be able to validate the respective values of malicious and benign payloads; thus, minimizing the trade-off. This particular assessment of XSS filters provides important insight regarding the filters that can be used to mitigate threats, including the possible configurations to improve them in handling both malicious and benign payloads.

• International Journal of Computer Science & Network Security
• /
• v.21 no.3
• /
• pp.141-144
• /
• 2021

Modern concepts of management of construction production systems require solving the problems of harmonization of the distribution of structural elements on the way to overcoming global destabilization processes. An effective ratio of functional subsystems of production in an environment of mutual influence create sustainable opportunities for production management and contribute to the logical development of the system as a whole in achieving the main goal of harmonious management. The purpose of the study is to develop the concept of effective management of production systems in construction with the harmonious formation of organizational structures. The results of the study allowed to reveal the harmonization approach in improving the interaction of structural elements of production and accelerating their functional sensitivity to changes in the environment. Harmonious production system more effectively adapts to the diversity of interests, goals and actions at all levels of management of different subsystems in any environment.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.117-127
• /
• 2023

In many training institutions, the major advancement of Information Technology is having a profound impact on the way in which instructors teach and students learn, as well as how the two interact. The training process is continuing with the goal of enhancing the calibre of instruction and engagement. Top colleges and institutions have more recently developed a variety of Massive Open Online Courses (MOOC) systems centred on the development of new educational offering ways. These have not only captured the interest of students and scholars in the field of higher education, but also that of staff members in the private and public sectors. This study uses a Unified Theory of Acceptance and Use of Technology (UTAUT) model to assess the top MOOC providers and pinpoint the key elements influencing learner acceptance of MOOCs in Saudi Arabian training. A total of 382 government trainees in Saudi Arabia participated in an online survey, the results of which underwent analysis using structural equation modelling. This study identifies the key elements influencing Saudi government employee trainees' intentions to use MOOCs, with the findings indicating that the suggested model can account for 86.2% of user behaviour and 88.5% of user intentions.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.7
• /
• pp.85-92
• /
• 2020

Following the development of Internet of Things (IoT) technology, the scope of application of IoT technology is expanding to industrial safety areas that detect and prevent possible risks in outdoor environments in advance, away from improving the convenience of living in indoor environments. Although this expansion of IoT service provides many advantages, it also causes security problems such as data leakage and modulation, so research on security response strategies is being actively carried out. In this paper, the IoT-based road construction risk management system in outdoor environment is proposed as a research subject. As a result of investigating the security vulnerabilities of the low-power wide-area (LPWA, BLE) communication protocol applied to the research targets, the security vulnerabilities were identified in terms of confidentiality, integrity, and availability, which are the three major elements of information security, and countermeasures for each vulnerability were proposed. This study is meaningful in investigating and analyzing possible vulnerabilities in the operation of the IoT-based risk management system and proposing practical security guidelines for each vulnerability.

• Journal of Digital Convergence
• /
• v.18 no.11
• /
• pp.169-176
• /
• 2020

With widespread use of information technologies the importance of information security has been heightened. Security policies which deal with fundamental direction of information security are critical elements of information security management. Numerous studies have been conducted on users' intention to comply security policies. They were based on various theoretical foundations and the theory of planned behavior(TPB) was the most frequently used. This research employed one of the quantitatively synthesizing meta-analytic techniques called Two-Stage Structural Equation Modeling to investigate factors influencing information security policy compliance behavior based on TPB. Analysis results indicated that all three factors of TPB were significantly influencing the behavioral intention. Moreover, the overall fit indices of structural model exhibited satisfactory level.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.457-465
• /
• 2015

Internet of Things(IoT) technologies should be able to communication with various embedded platforms. We will need to select an appropriate cryptographic algorithm in various embedded environments because we should consider security elements in IoT communications. Therefore the lightweight block cryptographic algorithm is essential for secure communication between these kinds of embedded platforms. However, the lightweight block cryptographic algorithm has a vulnerability which can be leaked in side channel analysis. Thus we also have to consider side channel countermeasure. In this paper, we will propose the scenario of side channel analysis and confirm the vulnerability for HIGHT algorithm which is composed of ARX structure. Additionally, we will suggest countermeasure for HIGHT against side channel analysis. Finally, we will explain how much the effectiveness can be provided through comparison between countermeasure for AES and HIGHT.

• Journal of Internet Computing and Services
• /
• v.16 no.5
• /
• pp.1-9
• /
• 2015

As attacks in cyber space become advanced and complex, monotonous defense approach of one-one matching manner between attack and defense may be limited to defend them. More efficient defense method is required. This paper proposes multi layers security scheme that can support to defend assets against diverse cyber attacks in systematical and adaptive. We model multi layers security scheme based on Defense Zone including several defense layers and also discuss essential technical elements necessary to realize multi layers security scheme such as cyber threats analysis and automated assignment of defense techniques. Also effects of multi layers security scheme and its applicability are explained. In future, for embodiment of multi layers security scheme, researches about detailed architecture design for Defense Zone, automated method to select the best defense technique against attack and modeling normal state of asset for attack detection are needed.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.69-76
• /
• 2018

One of the most remarkable technologies in the era of the 4th industrial revolution is the interest in the field of smart cars. In the near future, it will not only be possible to move to a place where you want to ride a smart car, but smart cars, including artificial intelligence elements, can avoid sudden car accidents. However, as the field of smart automobiles develops, the risks are expected to increase. Therefore, based on the understanding of security vulnerabilities that may occur in smart car networks, we can apply safe information security technology using FIDO and attribute-based authorization delegation technique to provide smart car control technology that is safe and secure. I want to. In this paper, we show that the proposed method can solve security vulnerabilities by using secure smart car control technology. We will further study various proposals to solve security vulnerabilities in the field of smart car networks through future research.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.35-40
• /
• 2017

The control system can have such threats as information leakage and falsification through various routes due to communications network fusion with public network. As the issues about security and the infringe cases by new attack methods are diversified recently, with the security system that makes information data database by simply blocking and checking it is difficult to cope with new types of threats. It is also difficult to respond security threats by insiders who have security access authority with the existing security equipment. To respond the threats by insiders, it is necessary to collect and analyze Event Log occurring in the internal system realtime. Therefore, this study could find out whether there is correlation of the elements among Event Logs through correlation analysis based on Event Logs that occur real time in the control system, and based on the analysis result, the study is expected to contribute to studies in this field.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.385-393
• /
• 2022

In the study of the mechanism of labor motivation as a determinant of economic security of the enterprise in competitive conditions, it was found that motivation is determinant in creating the conditions for production and ensuring the active functioning of the enterprise. It is substantiated that the motivational mechanism is the presence of a system of levers, incentives, measures and other elements for economic and administrative incentives for employees, which are used for incentives to work, increase productivity and safety, and more. The motivational mechanism plays an important role in ensuring the economic security of the enterprise and at the same time is a lever to increase competitiveness in the market. The functions of the mechanism of labor motivation are singled out, among which: explanatory-substantiating, regulative, communicative, socialization, regulating. The stages of occurrence of the motive for the employee are classified. The interrelation of motives and incentives in the mechanism of labor motivation as determinants of economic security of the enterprise in competitive conditions is proved. It is proved that the mechanism of labor motivation as a determinant of economic security of the enterprise in competitive conditions should be aimed at: assistance in forming and achieving goals and objectives of the enterprise and achieving balance and equilibrium of economic goals and social responsibility of the enterprise; ensuring close cooperation between management and employees of the enterprise; focus on building a flexible mechanism; transition to a democratic style of governance and involvement of employees in decision-making.