• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1057-1059
• /
• 2012

스마트폰이 대중화되면서 안드로이드 애플리케이션의 보안문제가 대두되고 있다. PC환경의 소프트웨어는 개발단계에서부터 시큐어코딩을 통해 안전성을 확보하고 있으나 안드로이드 애플리케이션의 경우는 연구가 더 필요한 상황이다. 본 논문에서는 CWE(Common Weakness Enumeration)의 취약점 분류 체계와 CAPEC(Common Attack Pattern Enumeration and Classification)의 공격 패턴 분류 체계와 CERT(Computer Emergency Response Team)의 취약점 발생 예방을 위한 정책들을 통해 안드로이드 애플리케이션의 최신화된 취약점 목록을 도출하고 카테고리별로 분류하여 취약점을 효율적으로 분석하는 기법을 제안한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.347-350
• /
• 2016

Analysis of vulnerability of the software for risk. The weakness of the software material, the importance of strengthening security in accordance with financial damage occurred is emerging. There is a potential risk factor not only from the case, the manufacturing to use the software company that appropriate to use a software business and personal risk of loss to size.In this paper due to diagnose and vulnerabilities in software, diagnosis, the curriculum and to cultivate a diagnostic guide, and security vulnerabilities in software.Proposal system for increased.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.3
• /
• pp.63-68
• /
• 2000

Y. Zheng suggested a new concept called signcryption that provides confidentiality with digital signature properties. The signcryption scheme is more efficient than general method what we call first-sign-then-encrypt of first-encrypt-then-sign in computational and communicational cost. But H. Petersen et al pointed out weakness to Y. Zheng' scheme and suggested new one. In this paper we survey three signcryption schemes suggested by Y, Zheng and H. Petersen et al respectively and cryptanalysis. M. Michel's revised scheme. And we suggest a new signcryption is more efficient when originator makes several signcryption on the same document.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.655-658
• /
• 2012

Recently, Gu and Xue proposed an improved secret handshakes scheme with unlinkability by modifying the Huang-Cao scheme. Their proposal not only solves security weakness in the Huang-Cao scheme but also is more efficient than previously proposed secret handshakes schemes. In this letter, we examine the correctness of Gu and Xue's security requirements and show that the adversary model is not correctly defined. We also show that the Gu-Xue scheme is not secure against the attacks under correctly defined adversary model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.745-759
• /
• 2012

It is shown in this paper that Yuksel-Nielson's key distribution scheme is not secure against key de-synchronization attack even though their scheme supplement ZigBee-2007 specification's security problems. Furthermore, a new key distribution scheme is proposed, which is the one to fix the security weakness of Yuksel-Nielson's scheme, as well as its security and performance analysis to verify its effectiveness.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.252-255
• /
• 2010

소프트웨어가 대형화되고 복잡해짐에 따라 소프트웨어에 내재하고 있는 소프트웨어 허점(weakness)의 발생률이 높다. 이런 허점은 컴파일러에 의해 탐지되지 않고, 공격자에 의해 발견되기 쉽다는 특징이 있기 때문에 소프트웨어 취약성을 야기한다. 스마트폰의 확산으로 인해 다양한 종류의 스마트폰 앱이 개발되고 있다. 이에 따라 스마트폰 앱이 대형화되고 복잡해지고 있으므로, 여기에 내재하는 소프트웨어 허점을 사전에 예방하는 것은 중요하다. 본 논문에서는 안드로이드 앱을 개발할 때, 소프트웨어 취약점을 야기하며, 개발자가 간과하기 쉬운 소프트웨어 허점을 사전에 제거하고자 안드로이드에 특화된 시큐어 코딩 가이드를 제시한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.449-450
• /
• 2020

최근 블록체인이 많은 분야에서 활용되고 있다. 본 연구에서는 블록체인과 관련된 개발 도구에 포함된 보안약점을 분석하고 그 보안약점을 진단하기 위한 정보를 기반으로 분류한다. 또한 일부 보안약점의 예를 통하여 진단하기 위한 알고리즘을 llvm의 Clang 도구에 적용하기 위한 방법을 연구한다. 이를 통하여 블록체인과 관련된 보안약점을 분류하고 그에 대한 진단 방법을 연구하였다. 향후 기존 정적 분석 도구를 확장함으로써 진단 성능을 높일 수 있을 것이며, 줄리엣 코드와 같은 벤치마크 테스트를 통해 그 결과를 비교해볼 수 있을 것이다.

• Journal of Information Processing Systems
• /
• v.20 no.1
• /
• pp.67-75
• /
• 2024

In the promotion of Chinese language, the funding that Confucius Institutes can rely on only comes from Hanban. From 2009 to 2014, the number of new Confucius Institutes opened is much higher than before. With the increasing number of Confucius Institutes established in various countries, the funding for promoting Chinese language has limited its development. The development situation of Confucius Institutes in Australia is diversified with very rich experience. The market-oriented development of Confucius Institutes has also tried many times. The Confucius Institutes in the Lancang-Mekong region have less experience but they can learn from various experiences from Australia to provide better ideas and paths for the development of Confucius Institutes in this region and the promotion of Chinese. This paper uses the strength, weakness, opportunity, and threat (SWOT) model to analyze the market feasibility of financial support for the development of Confucius Institutes and makes certain suggestions for the promotion of Chinese language in the Lancang-Mekong region.

• Convergence Security Journal
• /
• v.1 no.1
• /
• pp.9-20
• /
• 2001

In the 3rd Wave of information revolution, technical research & development for more rapid and safe information exchange take a sudden turn currently According to a step up in importance and efficiency value of information, it's necessary to research technical development in various field altogether. Especially information security is the very core of essential technology. However most System attacks are based on the weakness of OS, it is difficult to achieve the security goal in the only application level. For the solution of this problem, so many technology researches to serve secure, trust information security in OS itself are activated. Consequently we introduce the tendency of current secure OS development projects of security kernel all over world in this report and inquire into security mechanism of the File Griffin which prevents file system forgery, modification perfectly by performing digital signature certificate on kernel level.

• Journal of Korean Institute of Industrial Engineers
• /
• v.39 no.1
• /
• pp.20-29
• /
• 2013

Medical errors such as adverse drug event, improper transfusion, wrong-site surgery, mistaken patient identity and so on commonly occur at health care practice. Information technology, like Drug Utilization Review(DUR) system which reviews, analyzes, and interprets medication data when prescribing, can play a key role in reducing such medical errors and improving patient safety. Korean Government has guided all hospitals to implement concurrent DUR(cDUR) system, which is the first case worldwide in that all healthcare providers have to use cDUR system when prescribing. This paper introduced a case study that a tertiary hospital has integrated the cDUR system into its comprehensive Hospital Information System(HIS) and analyzed the whole prescription data during a week right after adoption of cDUR system. Considering technical strength and weakness, the cDUR system was integrated into the HIS, using Broker Servers for minimizing doctors' anxiety. As the quantitative analysis of the whole prescription data, DUR conflict events, which mainly included duplicate medications and contra-indicated drug interactions for outpatients, were 2.77%. Although only 0.7% is for the contra-indicated drug interactions, it will be greatly devoted to achieve the purpose of DUR such as improving patient safety.