• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.601-613
• /
• 2012

It is required to design and implement secure web applications to provide safe web services. For this reason, there are several scoring frameworks to measure vulnerabilities in web applications. However, these frameworks do not classify according to seriousness of vulnerability because these frameworks simply accumulate score of individual factors in a vulnerability. We rate and score vulnerabilities according to probability of privilege acquisition so that we can prioritize vulnerabilities found in web applications. Also, our proposed framework provides a method to score all web applications provided by an organization so that which web applications is the worst secure and should be treated first. Our scoring framework is applied to the data which lists vulnerabilities in web applications found by a web scanner based on crawling, and we show the importance of categorizing vulnerabilities according to privilege acquisition.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.3-10
• /
• 2011

Recently, due to a series of DDoS attacks, government agencies have enhanced security measures and business-related legislation. However, service attack and large network violations or accidents are most likely to occur repeatedly in the near future. In order to prevent this problem, researches must be conducted to predict the vulnerability in advance. The existing research methods do not state the specific data used for the base of the prediction, making the method more complex and imprecise. Therefore this study was conducted using the vulnerability data used for the basis of machine learning technology prediction, which were retrieved from a reputable organization. Also, the study suggested ways to predict the future vulnerabilities based on the weaknesses found in prior methods, and certified the efficiency using experiments.

• The Journal of the Korea Contents Association
• /
• v.21 no.9
• /
• pp.704-713
• /
• 2021

The purpose of this study was to evaluate the relative weight of infectious disease vulnerability indicators that affect the occurrence and spread of infectious diseases in local communities. For this, the infectious disease vulnerability indicators were classified as facilities vulnerable to spread, vulnerable groups of infections, social vulnerable conditions, and response capabilities based on literature and case review, and the relative weights among indicators were determined using Analytic Hierarchy Process(AHP) by 22 experts. As a result of the analysis, the weight of each sector was found to be the highest in the facilities vulnerable to spread, and the overall weight was highest in the following order: sickbed securing rate(1st), density of religious facilities(2nd), medical personnel rate(3rd), elderly person ratio(4th), and entertainment establishment density(5th). These results can be used to prepare the supporting data necessary for the establishment of infectious disease response policies of local governments.

• Korean Journal of Soil Science and Fertilizer
• /
• v.45 no.5
• /
• pp.711-716
• /
• 2012

Due to the climate change in South Korea the annual total precipitation will increase by 17 percent by 2100. Rainfall is concentrated during the summer in South Korea and the landslide of farmland by heavy rain is expected to increase. Because regional torrential rains accompanied by a storm continue to cause the damage in farmland urgent establishment of adaptation plant for minimizing the damage is in need. In this study we assessed vulnerability of landslide of farmland by heavy rain for local governments. Temporal resolution is 2000 year and the future 2020 year, 2050 year, 2100 year via A1B scenario. Vulnerability of local government were evaluated by three indices such as climate exposure, sensitivity, adaptive capacity and each index is calculated by selected alternative variable. Collected data was normalized and then multiplied by weight value that was elicited in delphi investigation. Current vulnerability is concentrated in Jeju island and Gyeongsangnam-do, however, it is postulated that Kangwon-do will be vulnerable in the future. Through this study, local governments can use the data to establish adaptation plans for farmland landslide by climate change.

• Journal of Advanced Navigation Technology
• /
• v.14 no.3
• /
• pp.415-425
• /
• 2010

In public network, user authentication is important security technology. Especially, password-based authentication method is used the most widely in distributed environments, and there are many authentication methods. Their SPMA protocol indicates vulnerability about problem that NSPA protocol does not offer mutual authentication, and proposed Strong Password Mutual Authentication protocol with mutual authentication. However, SPMA protocol has vulnerability of replay attack. In the paper, we analyzed vulnerability to replay attack of SPMA protocol. And we also proposed Improved Strong Password Mutual Authentication protocol to secure on replay attack with same efficiency.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.10
• /
• pp.445-460
• /
• 2013

Mobile applications today are being offered as various services depending on the mobile device and mobile environment of users. This increase in mobile applications has shifted the spotlight to their vulnerability. As an effective method of security verification, this paper proposes "phase-wise security verification for the implementation of mobile applications". This method allows additional security verification by covering specific items across a wider range compared to existing methods. Based on the identified weaknesses, it detects the cause of vulnerability and monitors the related settings.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.13-25
• /
• 2005

In these days, there are various uses of Linux such as small embedded systems, routers, and huge servers, because Linux gives several advantages to system developers by allowing to use the open source code of the Linux kernel. On the other hand, the open source nature of the Linux kernel gives a bad influence on system security. If someone wants to exploit Linux-based systems, the attacker can easily do it by finding vulnerabilities of their Linux kernel sources. There are many kinds of existing methods for lading source-level vulnerabilities of softwares, but they are not suitable for finding source-level vulnerabilities of the Linux kernel which has an enormous amount of source code. In this paper, we propose the Onion mechanism as a methodology of finding source-level vulnerabilities of Linux kernel variables. The Onion mechanism is made up of two steps. The Int step is to select variables that may be vulnerable by using pattern matching mechanism and the second step is to inspect vulnerability of each selected variable by constructing and analyzing the system call trees. We also evaluate our proposed methodology by applying it to two well-known source-level vulnerabilities.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2019.05a
• /
• pp.288-288
• /
• 2019

지구온난화로 인해 해수면이 지속적으로 상승하고 있으며, 이에 따라 연안인근 지역은 복합원인에 의한 홍수피해가 빈번히 발생하고 있다. 우리나라는 반도 지형으로 해수면 상승에 따라 침수피해 발생 시 피해규모가 클 것으로 예상되어 이에 적극적으로 대처할 필요가 있다. 복합원인에 의한 침수예상도는 해수위를 고려한 내외수 침수피해 발생 시 침수의 범위 및 양상을 예측한다. 먼저 침수발생 시 피해규모가 클 것으로 예상되는 연안인근의 도심지역을 위주로 대상지역을 선정하였으며, 침수발생 원인별 침수예상도를 작성하였다. 작성된 침수예상도를 바탕으로 상세 홍수취약성을 평가하였으며, 이를 바탕으로 주요 시설물의 위치 선정, 관거 개량의 우선순위 선정 등에 활용할 수 있다. 먼저 도상조사를 통해 침수발생 후보지역을 선정하고, 현장답사를 통해 현장 변경사항, 재해원인 및 재해발생가능성을 검토하여 대상지역으로 여수시 연등천 인근을 선정하였다. 모의 방법으로는 HEC-HMS 및 XP-SWMM 등 강우-유출 모형에 의해 침수해석을 실시하고, 하류단 경계조건의 변화에 따른 기점수위를 산정하여 해수위를 고려하였다. 하류단 경계조건으로는 대상지역의 폭풍해일에 의한 해수위 상승고를 적용하였다. 배수토구가 하천으로 연결된 경우에는 해당 하천의 홍수위 산정이 필요하며 홍수위 산정에는 HEC-RAS 모형을 사용하였다. 작성된 침수예상도를 통해 상세 홍수취약성 분석을 실시하였으며, 상세 홍수취약성 지수는 "기후변화 적응을 위한 연안도시지역별 복합원인의 홍수 취약성 평가기술 개발 및 대응방안 연구"에서 개발된 지표를 기반으로 산정하였다. 본 연구에서는 강우-유출 모형의 하류단 경계조건 변화를 통해 해수위 상승을 고려하여 연안도시 지역의 침수예상도를 작성하였으며, 침수발생 예상도를 통해 상세 홍수취약성을 분석하였다. 이는 침수발생에 따른 대피지도 개발, 주요 시설물의 계획, 침수피해 예방을 위한 구조적 대책 수립을 위한 기초자료로 활용될 수 있다.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2017.05a
• /
• pp.153-153
• /
• 2017

최근 10년간 집중호우로 인한 홍수 피해는 심각한 수준으로 발생하고 있어 호우피해액의 경우 3조3111억원의 손실을 입었다(국민안전처, 2015). 이를 대비하기 위하여 국내에서는 홍수피해에 취약한 지역을 파악하기 위한 연구는 다양한 측면으로 이루어져 왔다. 하지만 기존의 연구사례에서는 취약성 평가를 위한 인자를 구성함에 있어 연구자의 주관이나 선행연구 사례를 토대로 선정하였기 때문에 실제로 호우피해에 대한 원인을 파악하기에는 다소 부족한 면이 있다. 만약 호우피해에 대한 원인을 면밀하게 분석하고 직접적인 원인을 파악할 수 있다면, 향후 지역별 취약성 평가나 복원탄력성 평가 등에 관련한 연구에 있어 기존의 비해 더 확실한 결과를 도출할 수 있을 것으로 판단된다. 이에 본 연구에서는 지역적 특성이 상이한 5개의 지역을 선정하여 호우피해가 발생되었던 사례를 토대로 기후조건과 사회?경제적 인자를 고려하여 직접적인 원인을 파악하고자 하였다. 호우피해가 가장 빈번하게 일어난 5개의 지자체를 선정하여 재해기간에 따른 강우패턴을 분석하였다. 그 결과 유사한 강우패턴으로 호우피해가 발생하여도 그로 인한 피해액은 상이한 결과를 나타낸 사례가 있었다. 이는 지자체별 재해유형과 재산정도, 도시화율, 인구밀도 등의 지역적 특성이 다르기 때문을 알 수 있었다. 따라서 본 연구에서는 지역적 특성이 다른 5개의 지역에 대한 재해유형 등을 파악하여 호우피해에 대한 원인을 도출하였고, 그 결과를 통해 취약성 평가 등과 같은 다양한 분석의 지표로 활용이 가능할 것이다. 또한 향후 방재예산을 투자하는데 있어 확실한 판단 기준으로 활용할 수 있을 것으로 판단된다.

• Korean Journal of Remote Sensing
• /
• v.33 no.6_2
• /
• pp.1047-1060
• /
• 2017

In recent years, global warming has been continuing and abnormal weather phenomena are occurring frequently. Especially in the 21st century, the intensity and frequency of hydrological disasters are increasing due to the regional trend of water. Since the damage caused by disasters in urban areas is likely to be extreme, it is necessary to prepare a landslide susceptibility maps to predict and prepare the future damage. Therefore, in this study, we analyzed the landslide vulnerability using the logistic model and assessed the management plan after the landslide through the field survey. The landslide area was extracted from aerial photographs and interpretation of the field survey data at the time of the landslides by local government. Landslide-related factors were extracted topographical maps generated from aerial photographs and forest map. Logistic regression (LR) model has been used to identify areas where landslides are likely to occur in geographic information systems (GIS). A landslide susceptibility map was constructed by applying a LR model to a spatial database constructed through a total of 13 factors affecting landslides. The validation accuracy of 77.79% was derived by using the receiver operating characteristic (ROC) curve for the logistic model. In addition, a field investigation was performed to validate how landslides were managed after the landslide. The results of this study can provide a scientific basis for urban governments for policy recommendations on urban landslide management.