• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.07a
• /
• pp.77-78
• /
• 2015

본 논문에서는 S/W 개발 보안 지침의 사례로서 SQL 삽입에 대하여 설명한다. SQL 삽입은 입력 데이터 검증 및 표현에서 S/W 취약점 유형의 하나이다. 본 논문에서는 SQL 삽입에서 취약점 설명, 취약점 개념도, 보안 대책, 그리고 코드 예제까지 설명하도록 한다.

• KIEAE Journal
• /
• v.2 no.2
• /
• pp.33-38
• /
• 2002

There are a number of practical uses for devices which are capable of piping large amounts of light: illumination of areas where there would be maintenance, safety, or security problems with electronic light sources; piping sunlight into indoor areas for illumination; and the conversion of high luminous efficacy, good color quality, high intensity discharge lamps into more acceptable linear of area sources of light. Prism light guides are hollow structures which pipe light by means of total internal reflectin(TIR). These devices are unique in their ability to combine the efficiency of TIR with the relatively low cost of hollow structure. An important application stems from their ability to transform a point source of light such as an incandescent or discharge lamp into a linear or area source of light or illumination. We report the development of an economical, flexible prismatic film for fabricating the light guide wall. This guide geometries and films are currently under development.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.124-126
• /
• 2014

The NFC technology is contactless communication technology that one of the RFID/USN technology. NFC is available dual function that read and write without specified reader, and it is received attention because of high security and low price. This paper proposes design of a school guide system using NFC tag. First School visitants such as delivery man or the other person are confused about the location of building, so this system will be helpful in this situation.

• Journal of the Society of Disaster Information
• /
• v.4 no.1
• /
• pp.154-174
• /
• 2008

Korean public power isn't currently performing its duties of crime prevention or public security services as effectively as the people expect from it due to excessive work load, insufficient budget, and equipment or work force problems, although it should protect the people from increasing crimes. The mutual cooperation between the police and the private security firms can' t be enhanced unless both parties are involved. Above all, the private security companies should secure superior security personnel and provide them with systematic education and training to improve their qualities. The police should also make an effort. In order to foster the private security firms soundly, the police should improve the system if necessary, and establish, guide and monitor the department wholly responsible for the private security affair. Both parties also should deal with crimes systematically by exchanging information for crime prevention, having informal meetings and introducing a joint patrol system. In order to cope with crimes threatening the livelihood of the people in our society, the public and private securities' mutual cooperation plans should be formulated. For this purpose to be achieved, the private security firms and the police should understand each other and bilateral efforts should be made. If both parties understand each other and make an effort, the relationship between them will be improved greatly and developmental plans for preventing crimes can be made.

• KIPS Transactions on Software and Data Engineering
• /
• v.3 no.11
• /
• pp.465-470
• /
• 2014

The SP quality assessments from national IT industry promotion agency of Korea(NIPA) assesses ability of software development process. And the SP quality assessments is getting popular over the nation. But, in the SP quality assessments, there is no concern about security attribute. In this paper new secure process base on ISO 27001 is proposed for the organization that is already passed SP quality assessments. This process can detect security threatening factors and gives chance to protect those factors. Furthermore, since detected security weaknesses can be used as a measurement, the system can be managed in aspect to security attribute.

• Nuclear Engineering and Technology
• /
• v.49 no.3
• /
• pp.517-524
• /
• 2017

Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.105-110
• /
• 2021

Contact between Vehicle-to-vehicle and vehicle-to-infrastructural is becoming increasingly popular in recent years due to their crucial role in the field of intelligent transportation. Vehicular Ad-hoc networks (VANETs) security and privacy are of the highest value since a transparent wireless communication tool allows an intruder to intercept, tamper, reply and erase messages in plain text. The security of a VANET based intelligent transport system may therefore be compromised. There is a strong likelihood. Securing and maintaining message exchange in VANETs is currently the focal point of several security testing teams, as it is reflected in the number of authentication schemes. However, these systems have not fulfilled all aspects of security and privacy criteria. This study is an attempt to provide a detailed history of VANETs and their components; different kinds of attacks and all protection and privacy criteria for VANETs. This paper contributed to the existing literature by systematically analyzes and compares existing authentication and confidentiality systems based on all security needs, the cost of information and communication as well as the level of resistance to different types of attacks. This paper may be used as a guide and reference for any new VANET protection and privacy technologies in the design and development.

• Journal of the Korean housing association
• /
• v.17 no.1
• /
• pp.145-153
• /
• 2006

Making of agreement with participation subjects is important process laying stress on presentation and a reasonable design guide line to form space order grant and synthetic space in Housing Complex plan. This study analyzed residing application specific character of design guide line that is presented to architects in general planning laying stress on plan only of 'Bongmu-dong town house' and design agreement of by architectural result that appear analyze. Result that analyze is as following: 1) Confer in 18 plan contents and integrate design or was adjusted. Being main conduct and unit plan and residing only in plan many negotiations accomplish. Architect who confer most Designs of 5 architects is 'Jean Michel Wilmott' and 'Shigeru Ban' 2) contents that confer much in plan main conduct and unit generation were details plan. Contents that is conferred with many architects are about door/core/rooftop be and asked a question about proper size of entrance. Negotiation about size was expose to the tribe of knowledge about element that do furniture and detail of necessary each space in life style of our country. We must present furnitures or detail element that appear by emotion of our country and detailed item of furnitures' size etc.. in guide line. It is immediate that creation of guide that architects can approach easily for lacking abroad architects of interests by code difference in each country is pressing. 3) In residing plan 4 architects of 5 architects applied similarly guide line in design. Most architects look by active support that make synthetic housing complex. and this is construed that act positively to make by unified residing. That plan of woods or landscape architecture and security of green area space are thing to approach on 'Environment-friendly mode of life residing only' that is general planning subject of 'Bongmu-dong town house'. 4) common question items of architects guide line of though is refered definitely when make out effective interests plan. So that can overcome legislation difference, countermeasure to make understood construction code of our country is pressing

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.397-400
• /
• 2019

주요기반시설 산업제어시스템의 운영환경 변화에 따라 보안 위협의 양상이 다양해지고 있다. 따라서 이를 반영한 보안 관리체계가 새로이 요구된다. 이에 본 논문은 미국 과 을 참조한 산업제어시스템의 정보보안 관리체계 프로그램을 제안한다. 프로그램의 기능은 다음과 같다. 첫째, 산업제어시스템 자산 관리 기능, 둘째, 보안상태 평가 기능, 셋째, 보안조치 관리 기능이다. 해당 프로그램을 통해 국내 산업제어시스템의 보안 수준 향상을 기대한다.

• Information Systems Review
• /
• v.18 no.1
• /
• pp.1-23
• /
• 2016

This study proposes an alternative to minimize insider-caused security threats that are relatively difficult to control and cause high uncertainty in information security management. Therefore, we investigate the relationship between organizational effort and the security understanding of employees to eventually enhance security compliance intention among employees. We develop a research model and formulate hypotheses on the basis of past findings. Accomplished questionnaires are collected from 526 employees working in organizations where information security policy is being implemented. In addition, we prove the hypotheses using a structural model. After reviewing the structural model, the security knowledge of employees and information security culture are determined to positively influence the security compliance intention of employees. Moreover, top management support, security policy, security visibility, and security education programs are proven to be antecedent factors in establishing a security culture in organizations. The findings of this study could guide organizations in formulating information security strategies to enhance the security compliance intention of employees.