• Journal of Information Processing Systems
• /
• v.9 no.1
• /
• pp.157-172
• /
• 2013

There are many recommendation systems available to provide users with personalized services. Among them, the most frequently used in electronic commerce is 'collaborative filtering', which is a technique that provides a process of filtering customer information for the preparation of profiles and making recommendations of products that are expected to be preferred by other users, based on such information profiles. Collaborative filtering systems, however, have in their nature both technical issues such as sparsity, scalability, and transparency, as well as security issues in the collection of the information that becomes the basis for preparation of the profiles. In this paper, we suggest a movie recommendation system, based on the selection of optimal personal propensity variables and the utilization of a secure collaborating filtering system, in order to provide a solution to such sparsity and scalability issues. At the same time, we adopt 'push attack' principles to deal with the security vulnerability of collaborative filtering systems. Furthermore, we assess the system's applicability by using the open database MovieLens, and present a personal propensity framework for improvement in the performance of recommender systems. We successfully come up with a movie recommendation system through the selection of optimal personalization factors and the embodiment of a safe collaborative filtering system.

• Journal of KIISE:Software and Applications
• /
• v.31 no.9
• /
• pp.1218-1225
• /
• 2004

S/KEY system was proposed to guard against intruder's password replay attack. But S/KEY system has vulnerability that if an attacker derive passphrase from his dictionary file, he can acquire one-time password required for user authentication. In this paper, we propose a correct S/KEY system mixed with EKE to solve the problem. Also, we specify a new S/KEY system with Casper and CSP, verify its secrecy and authentication requirements using FDR model checking tool.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.76
• /
• pp.1-20
• /
• 2017

The industrial technology (including trade secrets), which is commonly understood as systematic and applied technical knowledge, can be transferred to third parties by contracting for the transfer of technology or by granting of a licence. The activity of industrial espionage, due to the gradual increase of the economic interests of intellectual property, is displaying intensively in order to gain advanced technology information. With our outstanding high technology, but compared to the level of the advanced countries, the technical protection systems, the legal protection measures and the systematic management thereof may still be insufficient. Our industrial technology outflow abroad, due to the vulnerability to the security control system in our country, has been increasing since the 2000. Computer software and SNS, such as smart devices, appear as a rapid change in the technical information environment. In order to minimize the dead zone of a new industrial security, the country's organic activity is being conducted. In 2006, Industrial Technology Outflow Prevention and Protection Law was enacted, which emphasized the responsibilities of the country. In this paper for the economic entity's efforts to prevent technology leakage oversea, I have looked to how the industrial technology can be protected in terms of national security and economic benefits of our enterprises. To solve the above-mentioned problems hereof, Korean government should willingly establish a reliable legal system for supporting to enterprise's operations, and Korean companies should autonomously introduce a synthetic technology protection system and incorporate the confidentiality clauses in an international transfer of technology agreement with third parties.

• Journal of KIISE
• /
• v.43 no.11
• /
• pp.1179-1187
• /
• 2016

Android- and Linux-based embedded systems require device drivers, which are structured and built in kernel functions. However, device driver software (firmware) provided by various 3rd parties is not usually checked in terms of their security requirements but is simply included in the final products, that is, Android-based smart phones. In addition, static analysis, which is generally used to detect vulnerabilities, may result in extra cost to detect critical security issues such as privilege escalation due to its large proportion of false positive results. In this paper, we propose and evaluate an effective technique to detect vulnerabilities in Android device drivers using both static and dynamic analyses.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.2
• /
• pp.83-90
• /
• 2015

Almost of current Automatic Incident Detection(AID) algorithms involve the vulnerability that detects the traffic accident in open road or in tunnel as the traffic jam not as the traffic accident. This paper proposes the improved accident detection algorithm to enhance the detection probability based on accident detection algorithms applied in open roads. The improved accident detection algorithm provides the preliminary judgment of potential accident by detecting the stopped object by Gaussian Mixture Model. Afterwards, it measures the detection area is divided into blocks so that the occupancy rate can be determined for each block. All experimental results of applying the new algorithm on a real incident was detected image without error.

• Earthquakes and Structures
• /
• v.7 no.4
• /
• pp.449-462
• /
• 2014

Seismically induced structural damage, as well as any damage caused by a natural catastrophic event, covers a wide area. This suggests to supervise the event consequences by vision tools. This paper reports the evolution from the results obtained by the project RADATT (RApid Damage Assessment Telematics Tool) funded by the European Commission within FP4. The aim was to supply a rapid and reliable damage detector/estimator for an area where a catastrophic event had occurred. Here, a general open-source methodology for the detection and the estimation of the damage caused by natural catastrophes is developed. The suitable available hazard and vulnerability data and satellite pictures covering the area of interest represent the required bits of information for updated telematics tools able to manage it. As a result the global damage is detected by the simple use of open source software. A case-study to a highly dense agglomerate of buildings is discussed in order to provide the main details of the proposed methodology.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.3
• /
• pp.17-25
• /
• 2017

In this paper, we compared four analyzers Clang, CppCheck, Compass, and a commercial one from a domestic startup using the NIST's Juliet test suit and STONESOUP that is introduced recently. Tools showed detection efficacy in the order of Clang, CppCheck, the domestic one, and Compass under Juliet tests; and Clang, the domestic one, Compass, and CppCheck under STONESOUP tests. We expect it would be desirable to utilize symbolic execution for vulnerability analysis in the future. On the other hand, the results of tool evaluation also testifies that Juliet and STONESOUP as a benchmark for static analysis tools can reveal differences among tools. Finally, each analyzer has different CWEs that it can detect all given test programs. This result can be used for selection of proper tools with respect to specific CWEs.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.7
• /
• pp.1447-1454
• /
• 2012

Recently P2P is the most popular network service on Internet and is applied various areas such as streaming, file sharing and software distribution, but there are many security threats depending on vulnerabilities by P2P network environments. Conceptually P2P network is a overlay network based on Internet, and it has security concerns of itself as well as those of Internet environments. In this paper, we analyze the vulnerabilities and threats for domestic P2P services through various experiments and describe their risk analysis. We expect that this work contributes to new domestic P2P services in consideration of service qualities and security vulnerabilities.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06d
• /
• pp.106-109
• /
• 2010

컴퓨터의 대중화와 네트워크의 발달로 인해 우리 사회는 컴퓨터와 통신이 없이는 생각조차 할 수 없는 시대에 살고 있으며, 또한 많은 정보시스템들을 일상생활 속에서 접하고 살고 있다. 하지만 소프트웨어들의 보안 취약점으로 인해 개인뿐만 아니라 기업은 물론이고 국가에 이르기까지 그 위험성은 모두 열거할 수 없을 정도이며 그에 따른 정보보호의 중요성이 더욱 강조가 되고 있으며, 어느 시스템도 이러한 정보보호에서 자유로울 수 없다. 이러한 보안적 및 오류의 위험은 현재 개발되고 있는 소프트웨어 뿐만 아니라, 정상적으로 운영되고 있는 시스템도 예외가 될 수 없다. 이러한 보안취약점 및 오류의 위험은 소프트웨어 개발시 방어적 프로그램(Defensive Programming)을 포함하는 시큐어 코딩(Secure Coding)기법을 적용하여 보다 안정적인 프로그램을 개발 할 수 있다. 본 논문에서는 소프트웨어의 잠재적인 오류를 발생할 수 있는 요소와 보안 취약점으로 인하여 생길 수 있는 요소들을 살펴보고 실제 java로 개발되어 운영되고 있는 시스템들의 보안 취약점을 분석하였다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.10
• /
• pp.5123-5129
• /
• 2013

In this paper, it is proposed that JTAG fault injection environment and the results of the classification techniques that the reliability of embedded systems can be tested. As applying these, this is possible to quantitative analysis of vulnerable factor for system. The quantitative analysis for the degree of vulnerability of system is evaluated by faults errors, and failures classification schemes. When applying these schemes, it is possible to verify process and classify for fault that might occur in the system.