• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.181-190
• /
• 2009

DBMS access that used high speed internet web service through WAS is increasing. Need application of DB security technology for 3-Tier about DBMS by unspecified majority and access about roundabout way connection and competence control. If do roundabout way connection to DBMS through WAS, DBMS server stores WAS's information that is user who do not store roundabout way connection user's IP information, and connects to verge system. To DBMS in this investigation roundabout way connection through WAS do curie information that know chasing station security thanks recording and Forensic data study. Store session about user and query information that do login through web constructing MetaDB in communication route, and to DBMS server log storing done query information time stamp query because do comparison mapping actuality user discriminate. Apply making Rule after Pattern analysis receiving log by elevation method of security authoritativeness, and develop Module and keep in the data storing place through collection and compression of information. Kept information can minimize false positives of station chase through control of analysis and policy base administration module that utilize intelligence style DBMS security client.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.61-72
• /
• 2007

We developed a convenience-featured Web browser which is intended to enhance Web users' convenience. The integrated convenience functions are VPV(Visited Page Viewer), APV(Aligned Page Viewer), USC(User Specified Capture), and VAC(Video and Audio Converter) which is the most important feature of FLV(FLash Video file) in UCC (User Created Contents). The four functions are considered ad the most needed functions to the Web users and we referred to the opinion of frequent and advanced Web users. We addressed important algorithms and techniques in terms of the implementation of the above four functions. The implementation methods based on the MDI application using rendering technique same as in Internet Explorer 6.0 are shown with codes. The results of implementation is compared with the survey conducted on 134 Computer Science and Multimedia Engineering major students. All four integrated functions are considered to be useful.

• Journal of Information Technology Applications and Management
• /
• v.25 no.2
• /
• pp.147-159
• /
• 2018

The changes of internet environment have made services through web application server (WAS) popular. Accordingly, technical difficulties in identifying users who access databases through WAS were incurred. In order to solve these problems, many companies adopt an agent-based approach for identifying users by installing additional software on WAS. However, this approach must submit to some disadvantages in terms of cost, maintenance, and development process. In this paper, we devise an non-agent based approach for identifying database users in 3-tier environments.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1222-1225
• /
• 2007

보안수준 평가 및 개선에 있어서 온라인 웹사이트 응용프로그램의 경우 측정 기준 설정과 보안 수준 표시에 많은 어려운 점이 있다. 이에 모토롤라부터 도입한 경영혁신 도구로서의 6 시그마 수준 표현 및 개선 기법을 웹사이트 보안수준 평가에 적용할 수 있도록, WASC(Web Application Security Consortium)에서 제공하고 있는 웹 애플리케이션 보안 평가 체크리스트를 사용하여 Bottom-Up 방식으로 웹 사이트에 대한 실제 침해 시도의 결과를 측정, 이를 보안수준 측정 및 개선에 활용할 수 있는 방안을 제시한다.

• Journal of Korea Multimedia Society
• /
• v.24 no.2
• /
• pp.255-266
• /
• 2021

Most common web or application system architectures have central network. As a result, central network can be supervised and controlled in all situation. And It has the advantage of easy to manage and fast to work. However, central network have a disadvantage of weak to security and unclear. In particular, many institutions used by web system be has many problems by central network. In this paper, we proposed blokchain technology based on ethereum to resolve of problem and trading structure that arise in cental network. We propose a decentralized application based on points including cryptocurrency functions and smart contract to the advantages of blockchain with a decentralized structure. The results of the performance experiment are as follows; It has shown the advantages of reliable use and security in a variety of environments(Windows, Ubuntu, Mac).

• The Journal of the Korea Contents Association
• /
• v.8 no.4
• /
• pp.10-16
• /
• 2008

Quantity of encrypted data that transmitted through the network are increasing by development of encipherment technology. We have many problems; it is caused by technical development and service increase of user requests. It is necessary that create a many encryption key in one web application system. As a result, service quality comes to be low because of increased network traffic and system overload. There must be a system. That should be improved in secure service quality to process data. This paper describes a new approach for design and implementation of distributed encryption key processing for web application system. In this paper, it is based on distributed encipherment key, for the purpose of confidentially, integrity and authentication. It can prevent system degradation from server's data bottleneck and can improve service quality. For distributed encipherment system, we use java object activation technology. It can service while some distributed server are fail.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.10
• /
• pp.117-124
• /
• 2014

Software Development Security is defined as a sequential procedure such as deleting potential security vulnerability for secure software development, designing or implementing various functions with considering security, and so on. In this paper, we research on domestic or international hacking cases that could damage us mentally or financially. Seventy five percent of Web-site attacks abuses weak points of application programs, or software. We also research on major issues related to software development security with these demerits. And then, we propose public and private laws, regulations, or systems and give some examples with detailed descriptions.

• Journal of the Institute of Convergence Signal Processing
• /
• v.10 no.4
• /
• pp.256-261
• /
• 2009

While .NET and J2EE bisects recent distributed environment, .NET displays "Remoting" as a technology to call remote object. Remoting is frequently used as a protocol in OLTP's WEB program development in form of RPC that exchange data in XML form under HTTP environment. Purpose of this research is to draw problems when applying security to .NET remoting technology that is recently used in web programming, and to find effective application plan by implementing. The main discussion is following. First, network layer security should be replaced to application layer security for better performance and flexibility. Second, the serialization procedure that is repeated in both remoting and encryption module should take place once. Lastly, implementation of "Surrogate" and "Compress" will be discussed that enables to eliminate unnecessary data(table relations, keys, etc) that is used in dataset object of .NET in order to reduce the size of data. It is possible to achieve improvement in speed by two times through immediate implementation in these cases. In order for easier use, component based framework should be supplied hereafter.

• Journal of information and communication convergence engineering
• /
• v.12 no.4
• /
• pp.252-256
• /
• 2014

Traditional block cipher Advanced Encryption Standard (AES) is widely used in the field of network security, but it has high overhead on each operation. In the 15th international workshop on information security applications, a novel lightweight and low-power encryption algorithm named low-power encryption algorithm (LEA) was released. This algorithm has certain useful features for hardware and software implementations, that is, simple addition, rotation, exclusive-or (ARX) operations, non-Substitute-BOX architecture, and 32-bit word size. In this study, we further improve the LEA encryptions for cloud computing. The Web-based implementations include JavaScript and assembly codes. Unlike normal implementation, JavaScript does not support unsigned integer and rotation operations; therefore, we present several techniques for resolving this issue. Furthermore, the proposed method yields a speed-optimized result and shows high performance enhancements. Each implementation is tested using various Web browsers, such as Google Chrome, Internet Explorer, and Mozilla Firefox, and on various devices including personal computers and mobile devices. These results extend the use of LEA encryption to any circumstance.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.01a
• /
• pp.85-86
• /
• 2018

본 논문에서는 사이버공격의 주요 대상인 웹 애플리케이션의 보안을 위하여 취약점진단 및 제거, 이행점검의 웹 통합보안관리 플랫폼을 제안한다. 이 플랫폼은 동적진단엔진, 취약점제거보안모듈, UI를 제공하는 통합관리시스템, 진단 결과를 저장하는 결과 및 통계 DB, 와 진단을 위한 관련 정보를 저장하는 진단 및 보안정보 DB로 구성되며, 동적진단결과에 대한 상관관계분석 기능과 취약점 개선 활동 시 스마트 보안모듈을 통해 빠르고 손쉬운 취약점 제거수정, 완화할 수 있는 통합플랫폼 연구를 통하여 웹 애플리케이션보안을 효율적으로 할 수 있다.