• Journal of the Korea Society of Computer and Information
• /
• v.12 no.1 s.45
• /
• pp.161-168
• /
• 2007

Web attack uses structural, logical and coding error or web application rather than vulnerability to Web server itself. According to the Open Web Application Security Project (OWASP) published about ten types of the web application vulnerability to show the causes of hacking, the risk of hacking and the severity of damage are well known. The detection ability and response is important to deal with web hacking. Filtering methods like pattern matching and code modification are used for defense but these methods can not detect new types of attacks. Also though the security unit product like IDS or web application firewall can be used, these require a lot of money and efforts to operate and maintain, and security unit product is likely to generate false positive detection. In this research profiling method that attracts the structure of web application and the attributes of input parameters such as types and length is used, and by installing structural database of web application in advance it is possible that the lack of the validation of user input value check and the verification and attack detection is solved through using profiling identifier of database against illegal request. Integral security management system has been used in most institutes. Therefore even if additional unit security product is not applied, attacks against the web application will be able to be detected by showing the model, which the security monitoring log gathering agent of the integral security management system and the function of the detection of web application attack are combined.

• The KIPS Transactions:PartA
• /
• v.18A no.5
• /
• pp.193-204
• /
• 2011

Since web applications are accessed by anonymous users via web, more security risks are imposed on those applications. In particular, because security vulnerabilities caused by insecure source codes cannot be properly handled by the system-level security system such as the intrusion detection system, it is necessary to eliminate such problems in advance. In this paper, to enhance the security of web applications, we develop a static analyzer for detecting the well-known security vulnerability of PHP file inclusion vulnerability. Using a semantic based static analysis, our vulnerability analyzer guarantees the soundness of the vulnerability detection and imposes no runtime overhead, differently from the other approaches such as the penetration test method and the application firewall method. For this end, our analyzer adopts abstract interpretation framework and uses an abstract analysis domain designed for the detection of the target vulnerability in PHP programs. Thus, our analyzer can efficiently analyze complicated data-flow relations in PHP programs caused by extensive usage of string data. The analysis results can be browsed using a JAVA GUI tool and the memory states and variable values at vulnerable program points can also be checked. To show the correctness and practicability of our analyzer, we analyzed the source codes of open PHP applications using the analyzer. Our experimental results show that our analyzer has practical performance in analysis capability and execution time.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.799-808
• /
• 2003

Existing security solutions such as Firewell and IDS (Intrusion Detection System) have a trouble in getting accurate detection rate about new attack and can not block interior attack. That is, existing securuty solutions have various shortcomings. Shortcomings of these security solutions can be supplemented with mechanism which guarantees an availability of systems. The mechanism which guarantees the survivability of node is various, we approachintrusion telerance using real time response mechanism. The monitoring code monitors related resources of system for survivability of vulnerable systm continuously. When realted resources exceed threshold, monitoring and response code is deployed to run. These mechanism guarantees the availability of system. We propose control mathod about resource monitoring. The monitoring code operates with this method. The response code may be resident in active node for availability or execute a job when a request is occurred. We suggest the node survivability mechanism that integrates the intrusion tolerance mechanism that complements the problems of existing security solutions. The mechanism takes asvantage of the automated service distribution supported by Active Network infrastructure instead of passive solutions. The mechanism takes advantage of the automated service distribution supported by Active Network infrastructure instead of passive system reconfiguration and patch.

• Korean Security Journal
• /
• no.16
• /
• pp.81-99
• /
• 2008

Despite its legal, systematic and quantitative growth, Korean private security has not been showing satisfactory level of qualitative growth comparing to quantitative growth as it socially shocked with recent occurrence of the events and accidents. People on demand of security are making use of private security service to offset insufficient supply of security power as, especially, the incendiarism at Sungryemun last February brought out security issues for nationally important facilities and cultural assets, and other cases showed that the police would not cope with the appropriate security services under the current security system for protecting the life and property of people. For the supplementation of security power, the private security service is prevalent, but lots of service providers would not overcome its small business scale, except some large-sized security providers. There are some problem occurred as some providers employed staff who would not have the stuff for performing security service and they even committed illegal actions. Some opinions pointed out that it should come up with measures as they socially lose their credit. Therefore, this research suggests the recognition of the importance and the improvement measures of human resources management as follows. Security Service needs: 1. control of criteria for the employment/recruitment of human resources; 2. inducement of qualitative improvement of security service by ensuring excellent quality of human resources; 3. elevation of morale of organizational members with the operation of efficient promotion system; 4. introduction of professional certification system for the inflow of excellent quality of human resources.

• Korean Journal of Heritage: History & Science
• /
• v.53 no.2
• /
• pp.24-35
• /
• 2020

This study aims to identify the relationship between termite-damaged cultural heritage sites and the 'Forest Tending Project' based on a comprehensive survey of the status of damage caused by termites and of the Forest Tending Project. It was observed that the Forest Tending Project started in 2004 as a five-year policy project covering over 59% of the nation's forests, which showed the maximum value in 2009 and then gradually decreased. Since then, increased damage to national cultural heritage sites by termites has been confirmed and counter measures have been expanded since 2012. Also, as a result of the National Research Institute of Cultural Heritage surveying the status of termite damage in national cultural heritage sites over these six years, it was identified that about 98% of investigated cultural heritage sites were damaged by termites, about 78% of them were adjacent to forests, and that all 46 national cultural heritage sites which had been included in the 2008 Forest Fire Prevention Cultural Heritage Afforestation Project were damaged by termites. Therefore, it is claimed that the number of termite-damaged cultural heritage sites has increased after an extensive Forest Tending Project was applied on a national scale, and it seems that all cultural heritage areas close to forests are particularly subject to termite-damage due to the number of tree stumps and lumber byproducts which can serve as habitats for the pests.

• Fire Science and Engineering
• /
• v.25 no.2
• /
• pp.39-46
• /
• 2011

In correctional facilities with majority of occupants in custody, the safe evacuation guide without getaway accidents should be very important due to complexity in escape paths. Fire causes are various in correctional facilities, for example, arson fire is a major cause in mental treatment facilities, however, old facilities or carelessness of flammable materials consist of fire causes in jail facilities. Both types of correctional facilities are the same in terms of many casualties from the fire cases. The thesis focus on escape paths and evacuation guide plans on the basis of analysis on fire cases and structural vulnerability, and then an electronic unlocking system is concededly installed for safe evacuation of occupants in custody without getaway accidents. Especially, the effect of the electronic unlocking system is going to be analyzed on the basis of RSET (required safe egress time) in order to realize for the occupants to evacuate safely to the front yard in case of emergency. In conclusion, if electronic security allowed system with USN (Ubiquitous Sensor Networks) technology should be installed in multi-storey correctional buildings, it is proposed that the occupants in custody might be a guided safely without getaway trials.

• Fire Science and Engineering
• /
• v.26 no.4
• /
• pp.24-30
• /
• 2012

The purpose of this study is to analyze the problem in measuring the differential pressure between the fire area and the neighboring smoke control zone as well as the opening force of a fire door and to present the actual values measured by an objective method. NFSC 501A specifies that the force necessary to open an access door when operating a smoke control system shall be less than 110 N. When the smoke control system does not operate in the space where it is installed, the door opening force can be measured by the test method in KS F 2805. However, when the smoke control system operates, additional opening force is required to overcome the force generated by the differential pressure between the fire area and smoke control room. Therefore, it can be seen that the method proposed by the standard has insufficient reliability. The analog measuring device and digital measuring device showed that the opening forces, $F_a$ and $F_d$, of the fully closed door before the smoke control system were 27.8 N and 27.4 N, respectively. When the door remained open by $5^{\circ}$, the opening forces, $F_a$ and $F_d$, were 33 N and 33.6 N, respectively. When the smoke control system operated and the door was fully closed, the door opening forces, $F_a$ and $F_d$, were 77.6 N and 76.0 N, respectively. Therefore, since the door opening forces are different from the criteria presented by KS F 2805, it is required to review the criteria appropriately.

• Fire Science and Engineering
• /
• v.31 no.5
• /
• pp.117-122
• /
• 2017

The absence of fire fighters' connection to communication can bring about increased loss of life due to errors and delays in rescue and actions and danger to their own safety. Therefore, when communication infrastructure has been destroyed in an enclosed space, it is necessary to set up an emergency wire or wireless telecommunication environment to fire fighting and to secure safer environment to deal with the disaster by checking the location of fire fighters. In this research, for the establishment communication environment in an enclosed inside using Ultra-Wide Band (UWB) wireless communication network, the performance of communication position determination of a single UWB communication module was evaluated regarding 6 kinds of indoor surroundings. When the communication distance in an indoor environment of each 6 channels bandwidth of UWB communication frequency was measured, the results were as follows: the open space (Ave. 15.5 m, Max. 20 m), the corridor (Ave. 17.33 m, Max 20 m), inside retaining home furnishings (Ave. 15.3 m, Max. 20 m), vertical stairs (Ave. 4.33 m, Max. 6 m), horizontal space with a closed fire door (Ave. 6.5 m, Max. 17 m). It was also found out that the communication function and the distance function were best in the frequency range from 6489.6 to 1081.6 MHz by 7 Ch. Accordingly, the establishment of communication environment in an enclosed space is judged to be possible when UWB communication module is set up at 20 m apart and multiple channels are used.

• Fire Science and Engineering
• /
• v.32 no.3
• /
• pp.67-75
• /
• 2018

To reduce the number of casualties in the case of fire, an alarm sound needs to be delivered to the people who remain in the apartment unit. On the other hand, it was reported that the fire alarm sound generated in the elevator hall was not delivered sufficiently to the people staying in the apartment units. In this study, the background noise level and noise level generated in an apartment unit were measured during the day and night time. In addition, the transmission of the fire alarm sound into the each room of apartment units was simulated and compared with the background noise level. The fire alarm sound generated in the elevator halls was reduced by the fire door and doors, and was not transmitted sufficiently into the internal spaces of the apartment units. Starting evacuation action was difficult after hearing the fire alarm sound generated outside the apartment units. To improve the transmission of an alarm sound to the inner spaces of apartment units, an acoustic simulation was carried out for cases where the alarm sound generator was installed on a wall-pad in the living room and the alarm sound generator was installed on the ceiling of each rooms in apartment units. Background noise of + 15 dB and 75 dB (A) were satisfied when alarm sound generator was installed on the ceiling of each room.

• Journal of the Korean Society for Railway
• /
• v.10 no.5
• /
• pp.511-519
• /
• 2007

This study provides comprehensive design improvements covering technical issues concerning life safety matter In case of fire train stoppage in the middle of a tunnel. Recently Government announced that most of subway platforms will have screen doors in 3 years. Therefore, many fire safety engineers considered that they may contribute on life safety on train stoppage in tunnel. Especially The screen door can protect platform from smoke along tunnel ceiling when fire train stopped in tunnel. The study showed that platform ventilation ducts and the a tunnel ventilation chimney in the middle of tunnel in exiting subway tunnel could not guarantee life safety ability in terms of RSET vs. ASET comparison. Furthermore during evacuation process many peoples may be threatened from the smoke spread from the origin of fire. Although only additional vertical route can be installed in tunnels In order to decrease RSET, it will costs high or no spaces remains in outside on the road. The study suggested that increase of ASET can be best solution without additional escape route, therefore alternative design methods suggested on the base of simulation results. Finally the study shows alternative methods can give good result in terms of evacuation performance evaluation. The evacuation performance evaluation helps the decision-maker to determine the preferred alternatives or upgrades to existing tunnel infrastructure and other measure to meet safety objectives. Finally, the study details the effectiveness of measures the can be taken to reduce the risk of incidents in subway tunnels.