• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.107-123
• /
• 2013

In a wireless sensor network environment, it is required to ensure anonymity by keeping sensor nodes' identifiers not being revealed and to support real-time authentication, lightweight authentication and synchronization. In particular, there exist possibilities of location information leakage by others, privacy interference and security vulnerability when it comes to wireless telecommunications. Anonymity has been an importance issue in wired and wireless network environment, so that it has been studied in wide range. The sensor nodes are interconnected among them based on wireless network. In terms of the sensor node, the researchers have been emphasizing on its calculating performance limit, storage device limit, and smaller power source. To improve of biometric-based D. He scheme, this study proposes a real-time authentication protocol using Unique Random Sequence Code(URSC) and variable identifier for enhancing network performance and retaining anonymity provision.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.27-34
• /
• 2004

The recent explosive use of the Internet and the development of computer communication technologies reveal serious computer security problem. Inspite of many studies on secure access to the system, generally, the attackers do not use the previous intrusion techniques or network flaw, rather they tend to use the vulnerabilities residing inside the program, which are the running programs on the system or the processes for the service. Therefore, the security managers must focus on updating the programs with lots of time and efforts. Developers also need to patch continuously to update the Program, which is a lot of burden for them. In order to solve the problem, we need to understand the vulnerabilities in the program, which has been studied for some time. And also we need to analyze the functions that contains some vulnerabilities inside. In this paper, we first analyzed the vulnerabilities of the standard C library, and Win32 API functions used in various programs. And then we described the design and implementation of the automated scanning tool for writing secure source code based on the analysis.

• Steel and Composite Structures
• /
• v.28 no.3
• /
• pp.289-308
• /
• 2018

Numerous urban seismic vulnerability studies have recognized pounding as one of the main risks due to the restricted separation distance between neighboring structures. The pounding effects on the adjacent buildings could extend from slight non-structural to serious structural damage that could even head to a total collapse of buildings. Therefore, an assessment of the seismic pounding hazard to the adjacent buildings is superficial in future building code calibrations. Thus, this study targets are to draw useful recommendations and set up guidelines for potential pounding damage evaluation for code calibration through a numerical simulation approach for the evaluation of the pounding risks on adjacent buildings. A numerical simulation is formulated to estimate the seismic pounding effects on the seismic response demands of adjacent buildings for different design parameters that include: number of stories, separation distances; alignment configurations, and then compared with nominal model without pounding. Based on the obtained results, it has been concluded that the severity of the pounding effects depends on the dynamic characteristics of the adjacent buildings and the input excitation characteristics, and whether the building is exposed to one or two-sided impacts. Seismic pounding among adjacent buildings produces greater acceleration and shear force response demands at different story levels compared to the no pounding case response demands.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2019.11a
• /
• pp.134-136
• /
• 2019

The International Maritime Organization (IMO) issued 2017 Guidelines on maritime cyber risk management. In accordance with IMO's maritime cyber risk management guidelines, each flag State is required to comply with the Safety Management System (SMS) of the International Safety Management Code (ISM) that the cyber risks should be integrated and managed before the first annual audit following January 1, 2021. In this paper, to identify cyber security management targets and risk factors in the maritime sector and to conduct vulnerability analysis, we catagorized the cyber security sector in management, technical and physical sector in maritime sector based on the industry guidelines and international standards proposed by IMO. In addition, the Risk Matrix was used to conduct a qualitative risk assessment according to risk factors by cyber security sector.

• Journal of the Earthquake Engineering Society of Korea
• /
• v.16 no.5
• /
• pp.33-40
• /
• 2012

To reduce the vulnerability of torsional irregular buildings caused by seismic loads, the torsional amplification factor was introduced by the seismic code. This factor has been applied differently in a variety of seismic codes. In this study, the final static eccentricity, and the lateral and torsional stiffness ratios of buildings designed with different design eccentricities were compared. The increment of the torsional amplification factor resulted in a decrement of the final static eccentricity of the building. However, after reaching the maximum value of this factor, the final static eccentricity of the building increased again. The final static eccentricity of the building designed by multiplying the sum of the inherent and accidental eccentricity by the torsional amplification factor was zero or had a minus value, depending to the position of the vertical element.

• Journal of IKEEE
• /
• v.16 no.4
• /
• pp.389-394
• /
• 2012

Most current systems have ignored security vulnerability concerned with boot firmware. It is highly likely that boot firmware may cause serious system errors, such as hardware manipulations by malicious programs or code, the operating system corruption caused by malicious code and software piracy under a condition of no consideration of security mechanism because boot firmware has an authority over external devices as well as hardware controls. This paper proposed a structural security mechanism based on software equipped with encrypted bootstrap patterns different from pre-existing bootstrap methods in terms of securely loading an operating system, searching for malicious codes and preventing software piracy so as to provide reliability of boot firmware. Moreover, through experiments, it proved its superiority in detection capability and overhead ranging between 1.5 % ~ 3 % lower than other software security mechanisms.

• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.209-215
• /
• 2018

In this paper, we propose a method to detect and block Meltdown malicious code which is increasing rapidly using dynamic sandbox tool. Although some patches are available for the vulnerability of Meltdown attack, patches are not applied intentionally due to the performance degradation of the system. Therefore, we propose a method to overcome the limitation of existing signature detection method by using machine learning method for infrastructures without active patches. First, to understand the principle of meltdown, we analyze operating system driving methods such as virtual memory, memory privilege check, pipelining and guessing execution, and CPU cache. And then, we extracted data by using Linux strace tool for detecting Meltdown malware. Finally, we implemented a decision tree based dynamic detection mechanism to identify the meltdown malicious code efficiently.

• Earthquakes and Structures
• /
• v.5 no.4
• /
• pp.379-394
• /
• 2013

Post-earthquake fire (PEF) can lead to a rapid collapse of buildings damaged partially as a result of prior earthquake. Almost all standards and codes for the design of structures against earthquake ignore the risk of PEF, and thus buildings designed using those codes could be too weak when subjected to a fire after an earthquake. An investigation based on sequential analysis inspired by FEMA356 is performed here on the Immediate Occupancy, Life Safety and Collapse Prevention performance levels of structures, designed to the ACI 318-08 code, after they are subjected to an earthquake level with PGA of 0.35g. This investigation is followed by a fire analysis of the damaged structures, examining the time taken for the damaged structures to collapse. As a point of reference, a fire analysis is also performed for undamaged structures and before the occurrence of earthquake. The results indicate that the vulnerability of structures increases dramatically when a previously damaged structure is exposed to PEF. The results also show that the damaging effects of post-earthquake fire are exacerbated when initiated from the second and third floor. Whilst the investigation is made for a certain class of structures (conventional buildings, intermediate reinforced structure, 3 stories), the results confirm the need for the incorporation of post-earthquake fire into the process of analysis and design, and provides some quantitative measures on the level of associated effects.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.735-743
• /
• 2020

Secure coding is a technique that detects malicious attack or unexpected errors to make software systems resilient against such circumstances. In many cases secure coding relies on static analysis tools to find vulnerable patterns and contaminated data in advance. However, secure coding has the disadvantage of being dependent on rule-sets, and accurate diagnosis is difficult as the complexity of static analysis tools increases. In order to support secure coding, we apply machine learning techniques, such as DNN, CNN and RNN to investigate into finding major weakness patterns shown in secure development coding guides and present machine learning models and experimental results. We believe that machine learning techniques can support detecting security weakness along with static analysis techniques.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.4
• /
• pp.745-751
• /
• 2012

As disaster number increases, governmental institutions is trying to construct effective disaster information system. Especially, most institutions are using disaster information system based on GIS such as electronic disaster map. However, most previous systems have vulnerability when connecting to the another systems because systems consider only specific area and system is independent data structure. Above all things, existing have to put a lot of time and effort because system need direct work course for service. Therefore, this paper implements quick and methodical disaster information service via study of data code and map, microblog service from internet portal site.