Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ÄÄÇ»ÅÍ ¹× Åë½Å½Ã½ºÅÛ
| ÇѱÛÁ¦¸ñ(Korean Title) |
À¥ ¾ÖÇø®ÄÉÀ̼ǿ¡¼ ¼¼¼Ç »óÅ ±â¹ÝÀÇ ÄíÅ° ÀçÀü¼Û °ø°Ý ¹æ¾î ±â¹ý |
| ¿µ¹®Á¦¸ñ(English Title) |
A Defense Mechanism Based on Session Status against Cookie Replay Attack in Web Applications |
| ÀúÀÚ(Author) |
¿øÁ¾¼±
¹ÚÁö¼ö
¼ÕÁø°ï
Jong Sun Won
JiSu Park
Jin Gon Shon
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 04 NO. 01 PP. 0031 ~ 0036 (2015. 01) |
Çѱ۳»¿ë
(Korean Abstract) |
À¥ Á¢±Ù¼ºÀÌ º¸´Ù ¿ëÀÌÇØÁü¿¡ µû¶ó »ç¿ëÀÚ ÀÎÁõÀÌ ÇÊ¿äÇÑ À¥ ¾ÖÇø®ÄÉÀ̼ǿ¡¼ º¸¾ÈÀÌ Áß¿ä½Ã µÇ°í ÀÖ´Ù. À¥ ¾ÖÇø®ÄÉÀ̼ǿ¡¼ ÄíÅ°´Â ¼¼¼ÇÀ¸·Î ÀÎÇÑ ¼¹öÀÇ ºÎÇϸ¦ ÁÙÀÌ°í, »ç¿ëÀÚ Á¤º¸¸¦ È¿À²ÀûÀ¸·Î °ü¸®Çϱâ À§ÇØ »ç¿ëÇÑ´Ù. ±×·¯³ª »ç¿ëÀÚ Á¤º¸°¡ ÀúÀåµÈ ÄíÅ°´Â °ø°ÝÀÚ¿¡ ÀÇÇØ ½º´ÏÇ뵃 ¼ö ÀÖÀ¸¸ç, ÀÌ·¸°Ô ½º´ÏÇÎµÈ ÄíÅ°¸¦ ÀÌ¿ëÇÏ¿© °ø°ÝÀÚ´Â ¸¶Ä¡ ÇÕ¹ýÀûÀÎ »ç¿ëÀÚÀÎ °Íó·³ »ç¿ëÀÚÀÇ ¼¼¼ÇÀ» À¯ÁöÇÒ ¼ö ÀÖ´Ù. ÀÌ·¯ÇÑ Á¾·ùÀÇ °ø°ÝÀ» ÄíÅ° ÀçÀü¼Û °ø°ÝÀ̶ó Çϴµ¥, ÀÌ°ÍÀº À¥ ¾ÖÇø®ÄÉÀ̼ǿ¡¼ Áß´ëÇÑ º¸¾È ¹®Á¦¸¦ ¾ß±âÇÑ´Ù. º» ³í¹®¿¡¼´Â ÀÌ·¯ÇÑ ÄíÅ° ÀçÀü¼Û °ø°ÝÀ» ŽÁöÇÏ°í ¹æ¾îÇÒ ¼ö ÀÖ´Â ±â¹ýÀ» Á¦¾ÈÇÏ¿´°í ±× È¿°ú¼ºÀ» °ËÁõÇÏ¿´´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
As web accessibility has been easier, security issue becomes much more important in web applications demanding user authentication. Cookie is used to reduce the load of the server from the session in web applications and manage the user information efficiently. However, the cookie containing user information can be sniffed by an attacker. With this sniffed cookie, the attacker can retain the web application session of the lawful user as if the attacker is the lawful user. This kind of attack are called cookie replay attack and it causes serious security problems in web applications. In this paper, we have introduced a mechanism to detect cookie replay attacks and defend them, and verified effectiveness of the mechanism.
|
| Å°¿öµå(Keyword) |
À¥ ¾ÖÇø®ÄÉÀ̼Ç
¼¼¼Ç
ÄíÅ°
ÄíÅ° ÀçÀü¼Û °ø°Ý
º¸¾È
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
