• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.10
• /
• pp.4191-4203
• /
• 2015

WebView is a vital component in smartphone platforms like Android, Windows and iOS that enables smartphone applications (apps) to embed a simple yet powerful web browser inside them. WebView not only provides the same functionalities as web browser, it, more importantly, enables a rich interaction between apps and webpages loaded inside the WebView. However, the design and the features of WebView lays path to tamper the sandbox protection mechanism implemented by browsers. As a consequence, malicious attacks can be launched either against the apps or by the apps through the exploitation of WebView APIs. This paper presents a critical attack called Supplementary Event-Listener Injection (SEI) attack which adds auxiliary event listeners, for executing malicious activities, on the HTML elements in the webpage loaded by the WebView via JavaScript Injection. This paper also proposes an automated static analysis system for analyzing WebView embedded apps to classify the kind of vulnerability possessed by them and a solution for the mitigation of the attack.

• The Journal of the Korea Contents Association
• /
• v.9 no.8
• /
• pp.64-72
• /
• 2009

AMR(Automatic Meter Reading), which means that it reads the meter of electricity, gas, or water, etc at a remote place automatically through wired or wireless communication, has been studied in terms of Power Line Communication method and Local Area Wireless Communication method, etc. In this paper, we designed and implemented JCA(Java Card for AMR) capable of AMR, which is based on java Card technology indispensable to the ubiquitous world. In this paper, JCA follows standard transactional procedures offered by power supply company and manages power usage log and billing data, and is designed in order to satisfy EMV multi-functional specifications. Because JCA is a multi-functional smart card capable of post-issuance applets as an open platform, it is installed into other applications of affiliated concerns as well as credit card and traffic card applications. Not only the proposed JCA is a low cost system, compared to other AMR systems, but is capable of paying rates in advance or later by applying authentication and security function of java Card. In addition the proposed JCA system can create value added services such as affiliated services with corporate alliance.

• Journal of Korea Multimedia Society
• /
• v.8 no.3
• /
• pp.389-397
• /
• 2005

In this paper, we study the synchronization method of animated simulations and VRs for on-line virtual reality education system. To build the data of animated simulations and synchronization modules of VRML content, the media-synchronizing technology, HTML + TIME and scripts are used. The VRML control module ismade into Java applet using the Java EAI provided for the web and the interface for VRML contents. To control the animation of VRML contents, the node information is extracted, and an animation production template capable of controlling animation in inter-connection with VRML content is made. With evaluation of the animation control performance, processing speed, synchronization performance between media in the system built, more improved results are obtained. We would like to suggest a education system with easy system construction and various multi-medium applicability by realizing HTML + TIME media synchronization and VRML web 3D virtual reality creation techniques, and animated images and 3D animation controls according to time using Java through this study.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.121-124
• /
• 2007

This paper describes the development of a brickwork game with three-dimensional computer graphics as one of web-based game contents. Client user using web can access and run lava applet program with the independence of hardware system. It consists of graphic user interface module, initial space generation module, event handler module, player control module, and thread control module. It uses 3-D array data structure for the 3-D graphic objects that are located in three-dimensional space for high-speed object searching and sorting. It enhances to compare with predetermined construction in three-dimensional space. We can use the developed racing game to inform game users of information for an advertisement like tourism information, and can apply the proposed 3-D drawing technology to 3-D game graphic engine core.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.3
• /
• pp.660-672
• /
• 2011

The Web is widely used to share information, utilizing the client-server model. In the client-server model, since the server only responds according to explicit requests from the client, the model seems hard to support sharing of massive information rapidly changing in today's Internet. The technology known as Server Push enables the server to actively provide information to clients without explicit requests from the clients using Web pages. Although various studies have been done to realize the Server Push technologies, there are many problems in the development of push application without push engines which support infrastructures for the effective development of push application. In this paper, we develop JPE(Java Push Engine) which presents the effective support for push services over the Internet. JPE is composed of two main components: the JPE Core supporting Epoll and the JPE Library supporting asynchronous communication. In addition, JPE defines various push functions and provides programming interfaces supporting the functions. Push applications developed using JPE effectively manages client connections with Epoll mechanism, providing push services through AJAX-based asynchronous communication.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.902-905
• /
• 2005

In this paper we challenge the mobile node Authentication using Java Card authentication protocol in Ad-hoc network environment. Ad-hoc network is a collection of wireless mobile nodes without the support of a stationary infrastructure. and DSR routing protocol, which is one of famous mobile ad-hoc rooting protocols, has the following network path problem. this paper is the security structure that defined in a mobile network and security and watches all kinds of password related technology related to the existing authentication system. It looks up weakness point on security with a problem on the design that uses Ad-hoc based structure and transmission hierarchical security back of a mobile network, and a server-client holds for user authentication of an application level all and all, and it provides one counterproposal. Java Card Authentication of mobile node can possibly be applied to the area of M-Commerce, Wireless Security, and Ubiquitous Computing and so on.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2014.01a
• /
• pp.83-87
• /
• 2014

본 논문에서는 안드로이드 스마트폰 환경에서 높은 점유율을 가진 카카오톡 모바일 메신저 앱에 대하여 행정안전부가 고시한 Android-JAVA 시큐어 코딩가이드의 입력 데이터 검증 및 표현, API악용, 보안특성, 시간 및 상태, 에러처리, 코드 품질, 캡슐화 등 18가지 보안 취약점을 분석하고, 해당 취약점에 대한 시큐어 코딩 기법을 적용한다. 먼저 현재 상용화되고 있는 카카오톡 모바일 메신저 코드를 역공학(리버스엔지니어링)방법을 이용하여 코드단에서 소스를 분석한다. 실제 코드에서 시큐어 코딩이 안드로이드 스마트폰 환경에서 행정안전부가 고시한 Android-JAVA 시큐어 코딩가이드를 기준으로 취약한 부분을 찾고, 적용이 안 되어 있는 부분에 안드로이드 환경에 맞는 시큐어 코딩 기법을 적용한다.

• Journal of Information Processing Systems
• /
• v.13 no.4
• /
• pp.1014-1028
• /
• 2017

Social networking services (SNSs) such as Twitter, MySpace, and Facebook have become progressively significant with its billions of users. Still, alongside this increase is an increase in security threats such as cross-site scripting (XSS) threat. Recently, a few approaches have been proposed to detect an XSS attack on SNSs. Due to the certain recent features of SNSs webpages such as JavaScript and AJAX, however, the existing approaches are not efficient in combating XSS attack on SNSs. In this paper, we propose a machine learning-based approach to detecting XSS attack on SNSs. In our approach, the detection of XSS attack is performed based on three features: URLs, webpage, and SNSs. A dataset is prepared by collecting 1,000 SNSs webpages and extracting the features from these webpages. Ten different machine learning classifiers are used on a prepared dataset to classify webpages into two categories: XSS or non-XSS. To validate the efficiency of the proposed approach, we evaluated and compared it with other existing approaches. The evaluation results show that our approach attains better performance in the SNS environment, recording the highest accuracy of 0.972 and lowest false positive rate of 0.87.

• Journal of KIISE:Software and Applications
• /
• v.30 no.11
• /
• pp.1025-1036
• /
• 2003

In industry, it is a current trend that systems are developed by using Enterprise JavaBeans(EJB) technology for reducing the cost and the time. Thus, the architecture of EJB is getting more essential to enhance reusability, extensibility and portability of system. However little has been studied in the realm of the practical software architectures for EJB. The architecture has just bean studied in abstract level, but not in concrete level providing the method to substantiate it using the practical J2EE techniques. Just using the EJB technology doesn't guarantee the reusability of the artifacts because EJB specification provides the characteristics and architecture for only fine grained components as session and entity bean. In this paper, we propose the enterprise software architecture for the systems based on EJB and the concrete techniques for implementing that. Also, design patterns of modeling efficient enterprise architecture are represented. By analyzing both the strengths and the weaknesses of suggested design patterns, EJB design patterns which are suitable for each layer of enterprise architecture will be identified. Through the component which design patterns are applied, the architecture can support the optimized relationship between the components. Five techniques for designing components from fine grained to coarse grained based on EJB technology, and architecture design techniques including transaction and assembling techniques are proposed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.11
• /
• pp.2544-2549
• /
• 2012

The computer programming education is very important to study the related subjects in computer science, and also in the technology education for the students finding employment. In this paper, we develop the assessment metrics to evaluate and apply the textual and visual programming in the computer education. Also, we analyze the validity for the programming languages and tools for the education and getting job of students, and choose the appropriate programming language/tool for programming education. And, we develop the curriculum for programming education, finally apply and analyze in computer education of university. Especially, we compare and analyze the effectiveness for the text based programming language(JAVA) and visual programming language/environment(LabVIEW) in the area of embedded/mobile/Web programming fields which are necessary in the related industry to the recent trend of IT technology.