In order to satisfy a wireless data traffic demand which is being increased after a 4th Generation (4G) communication system has been commercialized, an effort is made to develop an improved 5th generation (5G) communication system or a pre-5G communication system. For this reason, the 5G communication system or the pre-5G communication system is called a Beyond 4G network communication system or a post LTE system.
In order to achieve a high data transmission rate, it is considered to implement the 5G communication system in an ultrahigh frequency band (mmWave) (e.g., 60 GHz). In order to alleviate a path loss of a radio wave or increase a delivery distance of a radio wave, beamforming, a massive Multi-Input Multi-Output (massive MIMO), a Full Dimensional MIMO (FD-MIMO), an array antenna, analog beamforming, and a large scale antenna are discussed in the 5G communication system.
Further, in order to improve a network of a system, technologies such as an evolved small cell, an advanced small cell, a cloud Radio Access Network (cloud RAN), an ultra-dense network, a Device-to-Device communication (D2D communication), a wireless backhaul, a moving network, a cooperative communication, a Coordinated Multi-Points (CoMP), a reception interference cancellation, etc. are being developed in the 5G communication system.
In addition, the Hybrid FSK and QAM Modulation (FQAM) and the Sliding Window Superposition Coding (SWSC) corresponding to the Advanced Coding Modulation (ACM) and the Filter Bank Multi-Carrier (FBMC), the Non-Orthogonal Multiple Access (NOMA), and the Sparse Code Multiple Access (SCMA) corresponding to an advanced access technology, etc. are being developed in the 5G system.
Meanwhile, the Internet is evolved to the Internet of Things (IoT) in which information is transmitted/received between distributed components such as things in a human-centered connection network in which the human generates and consumes information. The Internet of Everything (IoE) technology may be an example where a technology of processing Big data through connection with a cloud server, etc. is coupled to the IoT technology.
In order to implement the IoT, technical elements such as the sensing technology, the wired/wireless communication and network infrastructure, the service interface technology, the security technology, etc. are demanded. Thus, in recent years, technologies for connection between things, such the sensor network, the Machine-to-Machine (M2M) communication, the Machine Type Communication (MTC), etc. are being researched.
In the IoT environment, the intelligent Internet Technology (IT) may be provided which creates new values for people's lives by collecting and analyzing data generated by connected things. The IoT may be applied to fields such as the smart home, the smart building, the smart city, the smart car or the connected car, the smart grid, the healthcare, the smart home appliance, the advanced medical service, etc.
Accordingly, various attempts are being made to apply the 5G communication system to the IoT network. For example, application of the 5G communication technology to technologies such as the sensor network, the M2M communication, the MTC, etc., is implemented by a technique such as the beamforming, the MIMO, the array antenna, etc. Application of the cloud wireless access network as the above-described big data processing technology may be an example of the fusion between the 5G technology and the IoT technology.
Meanwhile, the web-based OS is being widely used at the present time. A notable example thereof is the Tizen OS which is jointly developed by Samsung Electronics and Intel and is targeted to consumer devices such as a smartphone and a SmartTV.
The web-based OS forms an execution environment constructed based on a web browser. This technology allows widgets, which are mainly written in HyperText Markup Language (HTML)/Java script, to be executed in a device, and the widgets are rendered by a runtime engine of the web browser.
The widget is the most general software code running in the web-based OS. As the Web based OS is typically designed for the operation of mobile devices (such as smartphones, tablet, etc.) and SmartTVs, the various widgets are typically supplied to the relevant device from an App-Store, which is most commonly owned by the manufacturer of the specific device. For example, widgets for the Samsung SmartTV are supplied by the Samsung owned App-Store.
As with any new platform, web based operating systems have their own set of security problems and weaknesses, and many of them are inherent to the web OS architecture. The most prominent security weaknesses evolve from the lack of: (a) proper access control; (b) distinct and enforceable user privileges; and (c) a clear separation between the presentation layer and the business logic.
Injection-type vulnerabilities, such as, Cross-site Scripting (XSS) and HTML injections are the most critical vulnerabilities that affect web based applications. These vulnerabilities allow execution of malicious code in the execution context of the vulnerable application (i.e., widget). The above-mentioned type of security weakness amplifies the severity of malicious injection to any widget and an injection that may potentially result in a broad system exploit and a complete security compromise within the consumer device.
Measures against injection attacks are being studied by both the academic and the industry. There are two main approaches for protecting against injection attacks:                Strengthening the input validation: Improper input validation is one of the root causes for injection vulnerabilities. Strengthening the validation can be done either generically by assigning metadata to all user inputs, or specifically by assigning different encodings to trusted and untrusted input sources. Both approaches require significant manual coding by the widget's author, and are prone to the same problems that affect standard input validations.        Limiting the scope in which scripts can execute: This can be performed either by use of a policy embedded in the HTML, and specifying those scripts that are allowed to run on the respective page. Alternatively, a context based policy can be applied to each script execution, respectively, in which only trusted inputs are allowed access to security sensitive resources.        
The existing solutions target specific vulnerabilities and require extensive manual changes in existing applications or components used in the web application or widget. None of them target emerging threats such those arising in web based operating systems. None of the known solutions can handle generic HTML malicious injections.
While some of said prior art techniques can be applied to the context of a web based OS, for example, the assigning metadata to the input channels, none of these techniques are specifically designed for a web based OS environment, and thus cannot take advantage of its characteristics, such as, the tight coupling between the App-Store and the web runtime that can be leveraged to achieve better security.
Regardless of the specific type of the security weakness, the user expects the widget to behave in the same manner as intended by its author. Since there are many different types and subtypes of vulnerabilities that can modify the runtime behavior and a widget's user interface (UI), it is advantageous to address the vulnerability problem in its entirety, rather than to focus on the mitigation of various specific threats.
Furthermore, said existing solutions relate to regular web applications and are not suitable to the web based execution environment, therefore, a need arises to address those threats that are specific to web based operating systems, while taking into account its specific architecture.
Meanwhile, the above-mentioned data is presented only as background data for helping understanding of the present disclosure. No determination or insistence about whether any part of the above contents can be applied as the prior art relating to the present invention is made.