• Safety and Health at Work
• /
• 제13권2호
• /
• pp.170-179
• /
• 2022

Background: The vulnerability of international migrant workers is on the rise, affecting the frequency of occupational accidents at workplaces worldwide. If migrant workers are managed in the same way as native workers, the consequences on safety assurance and risk management will be significant. This study aimed to develop the vulnerability factor model for migrant workers in seafood processing industries because of significant risk-laden labor of Thailand, which could be a solution to control the risk effectively. Methods: A total of 569 migrant workers were surveyed (432 Burmese and 137 Cambodian), beginning with 40 initial vulnerability factors identified in the questionnaire established from experts. The data were analyzed through descriptive analysis; exploratory factor analysis (EFA) and confirmatory factor analysis (CFA) were used to ascertain the model. Results: The result of content validity >0.67 and the Cronbach's alpha of 0.957 specified the high reliability of 40 factors. The EFA indicated a total variance of 65.49%. The final CFA validated the model and had an empirical fitting; chi-square = 85.34, Adjust Goodness-of-Fit Index = 0.96, and root mean square error of approximation = 0.016. The structure concluded with three dimensions and 18 factors. Dimension 1 of the structure, "multicultural safety operation," contained 12 factors; Dimension 2, "wellbeing," contained four factors; and Dimension 3, "communication technology," contained two factors. Conclusion: The vulnerability factor structure developed in this study included three dimensions and 18 factors that were significantly empirical. The knowledge enhanced safety management in the context of vulnerability factor structure for migrant workers at the workplace.

• 한국전자통신학회논문지
• /
• 제9권9호
• /
• pp.1011-1018
• /
• 2014

웹 사이트를 통한 정보제공이 활성화 되면서 웹 애플리케이션의 취약점을 이용한 웹 해킹 시도가 증가하고 있다. 웹 애플리케이션의 보안을 강화하려면 먼저 웹 애플리케이션의 취약점을 찾아 제거할 필요가 있다. 본 논문은 웹 애플리케이션에 대한 기존의 취약점 해결 방법을 분석하고 보다 발전된 취약점 해결방안을 제시하고자 한다. 웹 애플리케이션 취약점 분석을 통해 현존하는 웹 취약점을 제거한 웹 보안 상태의 안정성을 점검하고 기존 방법의 적합성을 평가하였다. 또한 기존 취약점 해결방안의 미비점을 보완한 방법으로 웹 프락시(Proxy) 시스템을 통한 취약점 분석 툴을 구현하고 최적화 방안을 제시하였다.

• Geomechanics and Engineering
• /
• 제18권6호
• /
• pp.661-668
• /
• 2019

Seismic vulnerability assessment is a useful tool for rational safety analysis and planning of large and complex structural systems; it can deal with the effects of uncertainties on the performance of significant structural systems. In this study, an efficient dynamic reliability approach, probability density evolution methodology (PDEM), is proposed for seismic vulnerability analysis of earth dams. The PDEM provides the failure probability of different limit states for various levels of ground motion intensity as well as the mean value, standard deviation and probability density function of the performance metric of the earth dam. Combining the seismic reliability with three different performance levels related to the displacement of the earth dam, the seismic fragility curves are constructed without them being limited to a specific functional form. Furthermore, considering the seismic fragility analysis is a significant procedure in the seismic probabilistic risk assessment of structures, the seismic vulnerability results obtained by the dynamic reliability approach are combined with the results of probabilistic seismic hazard and seismic loss analysis to present and address the PDEM-based seismic probabilistic risk assessment framework by a simulated case study of an earth dam.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권6호
• /
• pp.1689-1705
• /
• 2023

To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: "white-box testing" and "black-box testing". Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network.

• Journal of Multimedia Information System
• /
• 제9권3호
• /
• pp.191-200
• /
• 2022

These days, businesses, in both online and offline, have started accepting cryptocurrencies as payment methods. Even in countries like El Salvador, cryptocurrencies are recognized as fiat currencies. Meanwhile, publicly known, but not patched software vulnerabilities are security threats to not only software users but also to our society in general. As the status of cryptocurrencies has gradually increased, the impact of security vulnerabilities related to cryptocurrencies on our society has increased as well. In this paper, we first analyze vulnerabilities from the two major cryptocurrency vendors of Bitcoin and Ethereum in a quantitative manner with the respect to the CVSS, to see how the vulnerabilities are roughly structured in those systems. Then we introduce a modified AML vulnerability discovery model for the vulnerability datasets from the two vendors, after showing the original AML dose not accurately represent the vulnerability discovery trends on the datasets. The analysis shows that the modified model performs better than the original AML model for the vulnerability datasets from the major cryptocurrencies.

• 한국농공학회논문집
• /
• 제54권6호
• /
• pp.39-44
• /
• 2012

Water supply capacity and operational capability in agricultural reservoirs are expressed differently in the limited storage due to seasonal and local variation of precipitation. Since agricultural water supply and demand basically assumes the uncertainty of hydrological phenomena, it is necessary to improve probabilistic approach for potential risk assessment of water supply capacity in reservoir for enhanced operational storage management. Here, it was introduced the irrigation vulnerability characteristic curves to represent the water supply capacity corresponding to probability distribution of the water demand from the paddy field and water supply in agricultural reservoir. Irrigation vulnerability probability was formulated using reliability analysis method based on water supply and demand probability distribution. The lower duration of irrigation vulnerability probability defined as the time period requiring intensive water management, and it will be considered to assessment tools as a risk mitigated water supply planning in decision making with a limited reservoir storage.

• 한국시뮬레이션학회논문지
• /
• 제13권3호
• /
• pp.11-20
• /
• 2004

The major objective of this paper is to perform modeling of cyber attack and defense using vulnerability metrics. To do this, we have attempted command level modeling for realizing an approach of functional level proposed by Nong Ye, and we have defined vulnerability metrics that are able to apply to DEVS(Discrete Event System Specification) and performed modeling of cyber attack and defense using this. Our approach is to show the difference from others in that (i) it is able to analyze behaviors of systems being emerged by interaction between functional elements of network components, (ii) it is able to analyze vulnerability in quantitative manner, and (iii) it is able to establish defense suitably by using the analyzed vulnerability. We examine an example of vulnerability analysis on the cyber attack and defense through case study.

• 한국시뮬레이션학회:학술대회논문집
• /
• 한국시뮬레이션학회 2003년도 춘계학술대회논문집
• /
• pp.191-198
• /
• 2003

The major objective of this paper is to perform modeling of cyber attack and defense using vulnerability metrics. To do this, we have attempted command level modeling for realizing an approach of functional level proposed by Nong Ye, and we have defined vulnerability metrics that are able to apply to DEVS(Discrete Event System Specification) and performed modeling of cyber attack and defense using this. Our approach is to show the difference from others in that (ⅰ) it is able to analyze behaviors of system emerged by interaction with functional elements of components composing network and each other, (ⅱ) it is able to analyze vulnerability in quantitative manner, and (ⅲ) it is able to establish defense suitably by using the analyzed vulnerability. We examine an example of vulnerability analysis on the cyber attack and defense through case study.

• 대한조선학회논문집
• /
• 제49권3호
• /
• pp.254-263
• /
• 2012

The survivability of warship is assessed by susceptibility, vulnerability and recoverability. Essentially, a vulnerability assessment is a measure of the effectiveness of a warship to resist hostile weapon effects. Considering the shot line and its penetration effect on the warship, present study introduces the procedural aspects of vulnerability assessments of warship. Present study also considers the prediction of penetration damage to a target caused by the impact of projectiles. It reflects the interaction between the weapon and the target from a perspective of vulnerable area method and COVART model. The shotline and tracing calculation have been directly integrated into the vulnerability assessment method based on the penetration equation empirically obtained. A simplified geometric description of the desired target and specification of a threat type is incorporated with the penetration effect. This study describes how to expand the vulnerable area assessment method to the penetration effect. Finally, an example shows that the proposed method can provide the vulnerability parameters of the warship or its component under threat being hit through tracing the shotline path thereby enabling the vulnerability calculation. In addition, the proposed procedure enabling the calculation of the component's multi-hit vulnerability introduces a propulsion system in dealing with redundant Non-overlapping components.

• 융합보안논문지
• /
• 제19권2호
• /
• pp.83-89
• /
• 2019

정보보안 컴플라이언스 및 보안규정에 의거 분기 및 정기적 형태의 네트웍 시스템 대상 취약점 점검은 사이버침해공격대응을 위해 상시 실시간 개념으로 발전시킬 필요성이 대두 된다. 이를 위해 상시 운용 관리 체계인 ESM/SIEM을 기반으로 공개된 취약점분석 점검TOOL과의 연동구현 으로 개념 검증 시 새로운 해킹공격대응 방안이 될 것으로 판단된다. 취약점점검모듈은 표준화된 이벤트 속성 관리와 운용의 편이성 취약점데이터의 글로벌 공유측면에서 공개SW Module인 owasp zap/Angry ip등을 SIEM 체계에 해당취약점모듈과의 연동 설계 구현방식으로 연구 검토 결과 web 및 network 대상 해당 취약점 모듈에 의해 점검이벤트가 SIEM 콘솔로 전송 모니터 되는 것으로 입증 되었다. 현재 사이버 관제실에서 운용중인 ESM 및 SIEM 시스템을 기반으로 해당 개념을 최적화 적용 운용할시 상용 취약점 툴 구매 비용문제와 패턴 및 버전관리에 대한 한계성 등을 고려할시 본연구가 효율적 측면으로 검토됨과 동시에 현 정보보안 컨설턴트에 의한 취약점분석결과 와 본 연구 사안으로 결과 등에 대해 상호 비교 분석 운용할시 사이버 침해공격에 대한 발전적인 개념으로 판단되므로 이에 대한 관련 사안에 대해 논고하고자 한다.