• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.275-285
• /
• 2019

Web-assemblies are a new binary standard designed to improve the performance of Web browser JavaScript. Web-assemblies are becoming a new web standard that can run at near native speed with efficient execution, concise representation, and code written in multiple languages. However, current Web-assembly vulnerability verification is limited to the Web assembly interpreter language, and vulnerability verification of Web-assembly binary itself is insufficient. Therefore, it is necessary to verify the safety of the web assembly itself. In this paper, we analyze how to operate the web assembly and verify the safety of the current web-assembly. In addition, we examine vulnerability of existing web -assembly and analyze limitations according to existing safety verification method. Finally, we introduce web-assembly API based fuzzing method to overcome limitation of web-assembly safety verification method. This verifies the effectiveness of the proposed Fuzzing by detecting crashes that could not be detected by existing safety verification tools.

• Journal of Internet Computing and Services
• /
• v.8 no.4
• /
• pp.81-91
• /
• 2007

Binding update for the routing optimization in MIPv6 can make the involved nodes vulnerable to various attacks. Therefore, secure binding update becomes an important research issue in MIPv6, and several protocols have been proposed for this purpose. In this paper, we compare several existing binding update protocols such as RR, SUCV and OMIPv6 and analyze the vulnerability of nodes to the possible attacks and drawbacks of address management and scalability and overhead of encryption operations. Then, we suggest the design requirements for the secure binding update and propose an advanced protocol based on the design principle. Through the analysis, we show that our protocol can achieve a higher level of security against the various attacks and enable better management of address, provide the location privacy and reduce the computational overhead of mobile nodes with constraint computational power.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2016.05a
• /
• pp.231-231
• /
• 2016

산업혁명 이후 인간사회의 산업화 및 도시화의 가속으로 지구온난화는 기후변화를 야기해 왔으며, 이로 인한 각종 부정적인 영향과 심각성은 날로 커져가고 있는 현실이다. IPCC(Intergoverment Panel on Climate Change)는 기후변화의 주범인 온실가스를 감축할 지라도 기후의 탄성 때문에 앞으로 수세기 이상 계속 진행될 것으로 전망하였으며, 기후변화 영향의 근원적 방지는 불가능하기 때문에 결국 수자원 관리 측면에서도 기후변화에 적응하기 위한 각종 적응전략 개발의 필요성을 강조하였다(IPCC, 2007). 또한, 극한강수의 발현비율이 도시 및 비도시 지역의 구분 없이 과거 30년에 비해 크게 증가하고 있으며 이러한 추세는 수공구조물의 치수안전도 저하에 큰 영향을 준다. 우리나라는 그동안 하천, 유역 홍수저감 시설물과 댐 등 대형 수공구조물에 대한 안전성 평가를 주기적으로 수행해 왔으나 단순히 모니터링을 통하여 현재의 안전기준의 부합 여부만을 판단하는 수준에 그치고 있다. 장래 증가하는 홍수피해에 대처하기 위해서는 다양한 극한강우 및 극한홍수시나리오를 기반으로 시설물 설계기준별 홍수 위험도와 취약성을 평가하고, 극한홍수 방어기준을 재설정하여 현재 설계기준을 제고할 필요가 있으며, 시설물별 안전도 평가와 위험도 저감계획 및 경제성 평가를 종합적으로 고려한 실행프레임워크 개발이 시급한 실정이다. 따라서 본 연구에서는 SEEP/W 모형을 이용하여 일반적인 하천 제방을 바탕으로 침투해석을 실시하여 그 결과를 이용하여 안정성 평가에 대하여 검토하였다. 또한 기후변화에 따른 도시하천의 수문특성 변화분석 결과를 바탕으로 향후 발생할 수 있는 극치 수문사상의 값을 반영한 설계기준 강화 수방시설 계획 등의 연구에 활용하며, 여러 가지 수문학적 불확실성에 의하여 가변 가능한 도시하천 유역의 취약성 평가 및 위험도 분석을 통한 기후변화 대응과 수공구조물 설계 및 수방전략 수립에 활용하고자 한다.

• Korean Journal of Remote Sensing
• /
• v.36 no.2_1
• /
• pp.217-229
• /
• 2020

Recently, weather changes in Korea have intensified due to global warming, and the five major natural disasters that occur mostly include heavy rains, typhoons, storms, heavy snow, and earthquakes. Busan is vulnerable to snow disaster, given that the amount of natural disaster damage in Busan accounts for more than 50% of the total amount in the entire metropolitan cities in Korea, and that the Busan area includes many hilly mountains. In this study, we attempted to identify vulnerable areas for snowfall disasters in Busan areas using the geographic information system (GIS) with the data for both geographical and anthropogenic characteristics. We produced the maps of vulnerable areas for evaluating factors that include altitude, slope, land cover, road networks, and demographics, and overlapped those maps to rank the vulnerability to snowfall disasters as the 5th levels finally. To weight each evaluating factor, we used an entropy method. The riskiest areas are characterized by being located in mountainous areas with roads, including Sansung-ro in Geumjeong-gu, Mandeok tunnel in Buk-gu, Hwangnyeongsan-ro in Suyeong-gu, and others, where road restrictions were actually enforced due to snowfall events in the past. This method is simple and easy to be updated, and thus we think this methodology can be adapted to identify vulnerable areas for other environmental disasters.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.10
• /
• pp.2121-2128
• /
• 2009

The application range of IEEE 802.11 wireless LAN has rapidly expanding from campus, enterprise to the public network of Hot Spot area due to the advantages of easiness of construction, mobility of wireless client station, convenience of usage and so on. However the security of WLAN(Wireless LAN) is vulnerable inherently because of using RF as a medium, and so the dangers of infringement of personal information and inside data of enterprises have increased and wardriving attack searching for security vulnerability in wireless LAN has become more serious especially. In this paper, we find out the overview of various procedures and preparatory stages for wardriving attack against wireless LAN, and propose complementary methods to prevent information infringement accidents from wardriving attack in wireless LAN. For this purpose, we make an equipment which is suitable for wardriving in wireless LAN and show security vulnerability of AP(Access Point) operation in WLAN around Yangjae-Dong in Seoul as a result of using the equipment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.365-375
• /
• 2019

A PLC (Programmable Logic Controller) is a highly-reliable industrial digital computer which supports real-time embedded control applications for safety-critical control systems. Real-time operating systems such as uC/OS have been used for PLCs and must meet real-time constraints. As PLCs have been widely used for industrial control systems and connected to the Internet, they have been becoming a main target of cyberattacks. In this paper, we propose an execution code sanitizer to enhance the security of PLC systems. The proposed sanitizer analyzes PLC programs developed by an IDE before downloading the program to a target PLC, and mitigates security vulnerabilities of the program. Our sanitizer can detect vulnerable function calls and illegal memory accesses in development of PLC programs using a database of vulnerable functions as well as the other database of code patterns related to pointer misuses. Based on these DBs, it detects and removes abnormal use patterns of pointer variables and existence of vulnerable functions shown in the call graph of the target executable code. We have implemented the proposed technique and verified its effectiveness through experiments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.111-125
• /
• 2010

There is a growing interest in "smart grid" technology, especially after the government recently announced "low-carbon green-growth industry" project. A smart grid uses "smart meters", which can be deployed in any power-consuming places like homes and factories. It has been shown that smart meters have several security weaknesses. There is, however, no protection profile available for smart meters, which means that safety with using them is not guaranteed at all. This paper analyzes vulnerabilities of smart meters and the relevant attack methods, thereby deriving the security functions and requirements for smart meters. Finally, we propose a protection profile based on Common Criterion v3.l for smart meters.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.559-561
• /
• 2002

시스템이나 네트워크 보안에 있어 관련된 페치의 업데이트는 보안의 최우선적 사항이다. 그러므로 패치 분배과정에 있어 패치 정보가 누출된다는 것은 시스템이나 네트워크의 취약성이 그대로 노출되는 것과 같은 문제를 발생시킨다. 본 논문에서는 일반적인 인터넷 환경에서의 패치 분배가 아닌 특정 조직이나 기관의 도매인 내부에서 안전하게 패치를 분배할 수 있는 구조에 대하여 제안한다. 본 제안 구조에서는 서버 인증서 기반의 사용자 인증, SKIP 모듈러스를 사용하는 DH 키분배, 패치 체크섬 암호화를 통한 기밀성ㆍ무결성 보장, 원격지에서의 패치 자동 설치 기능을 제공한다.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.19-24
• /
• 2008

Common Criteria is a standard to estimate safety of information protection product such as network-level firewall system and intrusion detection system. Recently, CC version is changed from CC v.2.3 to CC v.3.1. CC v.3.1 estimation methodology requires a secured dictionary accomodation preparation for information protection product. In this research, progressed CC v3 base composition product test and research about vulnerability analysis method. Further, this paper presents specific plan sorting composition style information protection product examination methodology to existing principle and detailed methodology.

• The Journal of the Korea Contents Association
• /
• v.5 no.2
• /
• pp.107-114
• /
• 2005

This paper proposes to analyze a security level about information property systems. This method uses objective and quantitative risk level assessment. The method analyzes administrative, physical and technical aspects of information property system commonly. This method also uses administrative, physical and technical weights. Individually according to requirements security assessment purpose. And it shows risks weighting mean and importance of information property by graph. The most right and up systems in maps is prior to other systems. Also, Quantitative analysis presents more objective and efficient results for security level assessment of information system.