• Journal of Software Assessment and Valuation
• /
• v.16 no.1
• /
• pp.65-79
• /
• 2020

As Programmable Logic Controllers (PLCs), popular components in industrial control systems (ICS), are incorporated with the technologies such as micro-controllers, real-time operating systems, and communication capabilities. As the latest PLCs have been connected to the Internet, they are becoming a main target of cyber threats. This paper proposes two sanitizers that improve the security of uC/OS-II based firmware for a PLC. That is, we devise BU sanitizer for detecting out-of-bounds accesses to buffers and UaF sanitizer for fixing use-after-free bugs in the firmware. They can sanitize the binary firmware image generated in a desktop PC before downloading it to the PLC. The BU sanitizer can also detect the violation of control flow integrity using both call graph and symbols of functions in the firmware image. We have implemented the proposed two sanitizers as a prototype system on a PLC running uC/OS-II and demonstrated the effectiveness of them by performing experiments as well as comparing them with the existing sanitizers. These findings can be used to detect and mitigate unintended vulnerabilities during the firmware development phase.

• The Journal of Society for e-Business Studies
• /
• v.27 no.2
• /
• pp.65-77
• /
• 2022

Due to the recent development in electronic financial services, transactions of electronic prepayment are rapidly growing, leading to growing fraud attempts. This paper proposes a methodology that can effectively detect fraud transactions in electronic prepayment by machine learning algorithms, including support vector machines, decision trees, and artificial neural networks. Actual transaction data of electronic prepayment services were collected and preprocessed to extract the most relevant variables from raw data. Two different approaches were explored in the paper. One is a transaction-based approach, and the other is a user ID-based approach. For the transaction-based approach, the first model is primarily based on raw data features, while the second model uses extra features in addition to the first model. The user ID-based approach also used feature engineering to extract and transform the most relevant features. Overall, the user ID-based approach showed a better performance than the transaction-based approach, where the artificial neural networks showed the best performance. The proposed method could be used to reduce the damage caused by financial accidents by detecting and blocking fraud attempts.

• Journal of Korean Society of Disaster and Security
• /
• v.16 no.2
• /
• pp.1-13
• /
• 2023

As interest in urban safety has increased since COVID-19, various institutions have developed and used indicators that evaluate the safety city model. Yongsan-gu was ranked No. 1 in 2021 by Social Safety Index evaluation and was selected as the safest city in Korea. However, the Itaewon disaster in Yongsan-gu in 2022 caused many casualties. The study of indicators for evaluating cities' safety was necessary. This study aims to examine domestic and foreign safe city models and review the differences between each model and the indicators used to evaluate safe cities. As a result of collecting 11 safe city models and analyzing each evaluation index, safe city models can be classified into program-based safe city models, such as the World Health Organization's International safe community and the UN Office for Disaster Risk Reduction's International Safe city. Considering the diversification of threats to safety, it is reasonable to comprehensively consider digital security, health safety, infrastructure safety, personal safety, environmental safety, traffic safety, fire safety, crime safety, life safety, suicide, and infectious diseases when evaluating safe cities as evaluation parameters.