• Journal of Internet Computing and Services
• /
• v.15 no.6
• /
• pp.55-64
• /
• 2014

In a Web application, you can pass without restrictions special network security devices such as IPS and F/W, URL parameter, which is an important element of communication between the client and the server, is forwarded to the Web server. Parameters are modulated by an attacker requests a URL, disclose confidential information or through e-commerce, can take financial gain. Vulnerability parameter manipulation thereof cannot be able to determine whether to operate in only determined logical application, blocked with Web Application Firewall. In this paper, I will present a technique OTACUS(One-Time Access Control URL System) to complement the shortcomings of the measures existing approaches. OTACUS can be effectively blocked the modulation of the POST or GET method parameters passed to the server by preventing the exposure of the URL to the attacker by using clean URL technique simplifies complex URL that contains the parameter. Performance test results of the actual implementation OTACUS proves that it is possible to show a stable operation of less than 3% increase in the load.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.9B
• /
• pp.1073-1081
• /
• 2011

An URL parameter can hold some information that is confidential or vulnerable to illegitimate tampering. We propose Link-E-Param(Link with Encrypted Parameters) to protect the whole URL parameter names as well as their values. Unlike other techniques concealing only some of the URL parameters, it will successfully discourage attacks based on URL analysis to steal secret information on the Web sites. We implement Link-E-Param in the form of a servlet filter to be deployed on any Java Web server by simply copying a jar file and setting a few configuration values. Thus it can be used for any existing Web application without modifying the application. It also supports numerous encryption algorithms to choose from. Experiments show that our implementation induces only 2~3% increase in user response time due to encryption and decryption, which is deemed acceptable.

• Journal of Nuclear Fuel Cycle and Waste Technology(JNFCWT)
• /
• v.10 no.1
• /
• pp.63-75
• /
• 2012

This paper gives some basic requirements and preferences of various geological environmental conditions for the final deep geological repository of spent nuclear fuel (SNF). This study also indicates how the requirements and preferences are to be considered prior to the selection of sites for a site investigation as well as the final disposal in Korea. The results of the study are based on the knowledge and experience from the IAEA and NEA/OECD as well as the advanced countries in SNF disposal project. This study discusses and suggests preliminary guideline of the disposal requirements including geological, mechanical, thermal, hydrogeological, chemical and transport properties of host rock with long term geological stabilities which influence the functions of a multi-barrier disposal system. To apply and determine whether requirements and preferences for a given parameter are satisfied at different stages during a site selection and suitability assessment of a final disposal site, the quantitative criteria in each area should be formulated with credibility through relevant research and development efforts for the deep geological environment during the site screening and selection processes as well as specific studies such as productions of safety cases and validation studies using a generic underground research laboratory (URL) in Korea.