• 한국방재학회:학술대회논문집
• /
• 2009.02b
• /
• pp.165.1-165.1
• /
• 2009

• Journal of KIISE
• /
• v.44 no.2
• /
• pp.171-178
• /
• 2017

In this study, we propose an automated unit test generation technique for detecting vulnerabilities of Android kernel modules. The technique automatically generates unit test drivers/stubs and unit test inputs for each function of Android kernel modules by utilizing dynamic symbolic execution. To reduce false alarms caused by function pointers and missing pre-conditions of automated unit test generation technique, we develop false alarm reduction techniques that match function pointers by utilizing static analysis and generate pre-conditions by utilizing def-use analysis. We showed that the proposed technique could detect all existing vulnerabilities in the three modules of Android kernel 3.4. Also, the false alarm reduction techniques removed 44.9% of false alarms on average.

• Journal of the Korean Society of Hazard Mitigation
• /
• v.7 no.4
• /
• pp.1-12
• /
• 2007

A method for assessing fatigue vulnerability of steel bridge members considering corrosion and truck traffic variation with time is proposed to evaluate the reduction of fatigue strength in steel bridge members. A fatigue limit state function including corrosion and traffic variation effect is established. The interaction between the average corrosion depth and the fatigue strength reduction factor is applied to the limit state function as the reduction term of strength. Three types of truck traffic change is modeled for representing real traffic change trend. Monte-Carlo simulation method is used for reliability analysis which provides the data to obtain fatigue vulnerability curves. The estimation method proposed was verified by comparing with the results of reference study and applying to the steel bridges in service.

• Journal of the Korea Institute of Building Construction
• /
• v.19 no.6
• /
• pp.529-538
• /
• 2019

Typhoons can cause significant financial damage worldwide. For this reason, states, local governments and insurance companies attempt to quantify and mitigate the financial risks related to these natural disasters by developing a typhoon risk assessment model. As such, the importance of typhoon risk assessment models is increasing, and it is also important to reflect local vulnerabilities to enable sophisticated assessments. Although a practical study of economic losses associated with natural disasters has identified essential risk indicators, comprehensive studies covering the correlation between vulnerability and economic loss are still needed. The purpose of this study is to identify typhoon damage indicators and to develop evaluation indicators for typhoon damage prediction functions, utilizing the loses from Typhoon Maemi as data. This study analyzes actual loss records of Typhoon Maemi provided by local insurance companies to prepare for a scenario of maximum losses. To create a vulnerability function, the authors used the wind speed and distance from the coast and the total value of property, construction type, floors, and underground floor indicators. The results and metrics of this study provide practical guidelines for government agencies and insurance companies in developing vulnerability functions that reflect the actual financial losses and regional vulnerabilities of buildings.

• Journal of the Korean Geosynthetics Society
• /
• v.17 no.4
• /
• pp.103-108
• /
• 2018

The fragility curves for CFRD dams are derived in this study for probabilistic damage estimation as a function of a ground motion intensity. The dam crest settlement, which is a widely used damage index, is used for minor, moderate, and extensive damage states. The settlement is calculated from nonlinear dynamic numerical simulations. The accuracy of the numerical model is validated through comparison with a centrifuge test. The fragility curve is represented as a log normal distribution function and presented as a function of the peak ground acceleration. The fragility curves developed in this study can be utilized for real time assessment of the damage of dams.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.27-34
• /
• 2004

The recent explosive use of the Internet and the development of computer communication technologies reveal serious computer security problem. Inspite of many studies on secure access to the system, generally, the attackers do not use the previous intrusion techniques or network flaw, rather they tend to use the vulnerabilities residing inside the program, which are the running programs on the system or the processes for the service. Therefore, the security managers must focus on updating the programs with lots of time and efforts. Developers also need to patch continuously to update the Program, which is a lot of burden for them. In order to solve the problem, we need to understand the vulnerabilities in the program, which has been studied for some time. And also we need to analyze the functions that contains some vulnerabilities inside. In this paper, we first analyzed the vulnerabilities of the standard C library, and Win32 API functions used in various programs. And then we described the design and implementation of the automated scanning tool for writing secure source code based on the analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.305-318
• /
• 2023

The complexity of software products led many manufacturers to stitch open-source software for composing a product. Using open-source help reduce the development cost, but the difference in the different development life cycles makes it difficult to keep the product up-to-date. For this reason, even the patches for known vulnerabilities are not adopted quickly enough, leaving the entire product under threat. Existing studies propose to use binary differentiation techniques to determine if a product is left vulnerable against a particular vulnerability. Despite their effectiveness in finding real-world vulnerabilities, they often fail to locate the evidence of a vulnerability if it is a small function that usually is inlined at compile time. This work presents our tool FunRank which is designed to identify the short functions. Our experiments using synthesized and real-world software products show that FunRank can identify the short, inlined functions that suggest that the program is left vulnerable to a particular vulnerability.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.3-8
• /
• 2004

The majority of recent intrusions reveal that the attackers do not use the previous intrusion techniques or network flaw, rather they tend to use the vulnerabilities residing inside the program, which are the running programs on the system or the processes for the service. Therefore, the security managers must focus on updating the programs with lots of time and efforts. Developers also need to patch continuously to update the program, which is a lot of burden for them. In order to solve the problem, we need to understand the vulnerabilities in the program, which has been studied for some time. And also we need to analyze the functions that contains some vulnerabilities inside. In this paper, we first analyzed the vulnerabilities of the standard C library, and Win32 API functions used in various programs. And then we described the design and implementation of the automated scanning tool for writing secure source code based on the analysis.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2017.07a
• /
• pp.121-122
• /
• 2017

컴퓨터의 주변 장치 중 하나인 마우스는 모니터의 2차원 평면에서 움직임을 인식하여 커서를 움직이는 입력 장치이며, 응용 프로그램을 편리하게 사용하고 다양한 편집을 가능하게 한다. 기존의 아이디/비밀번호 기반 인증 방법에서는 키보드 데이터가 노출되는 취약점이 존재하여 이미지 기반의 마우스 입력을 이용한 새로운 인증 방법이 등장하였지만, 이미지 기반 인증의 취약점 분석 및 실증에 대한 연구는 미비한 실정이다. 따라서 본 논문에서는 마이크로소프트 운영체제에서 제공하는 마우스 위치 추출 API인 GetCursorPos() 함수를 이용하여 마우스 데이터의 노출 가능성을 검증함으로써 취약점을 분석한다.

• Journal of the Korean Society of Hazard Mitigation
• /
• v.5 no.4 s.19
• /
• pp.95-105
• /
• 2005

Korea is located away from plate boundaries which are not safe from earthquakes. However, having witnessed the large-scale earthquake in the Tangshan region in 1976 deemed as a safe plate, it should not be assured that Korea is absolutely safe from earthquakes. In addition, many seismologists have claimed that there indeed is a high possibility of earthquakes above mid scale that would occur in Korea. Because it is impossible to prevent earthquake, studies on seismic design and earthquake disaster control system are widely being conducted. However, studies on early response to earthquakes or recovery process are still very limited, and only a few studies for establishing earthquake damage evaluation system are being conducted. Thus, this study aimed to present essential data for establishing earthquake damage evaluation system that takes into account the real situation of structures in Korea. In this study, a nonseimically reinforced concrete apartment structure in Gangnamgu was selected as an standard type of such structures and its earthquake damage was estimated. The result of damage evaluation based on the derivation of vulnerability function and realtive story displacement was compared to that abtained using HAZUS Program Vulnerability Function.