• Journal of Korea Multimedia Society
• /
• v.20 no.5
• /
• pp.827-834
• /
• 2017

Android's inter-application access enriches its application ecosystem. However, it exposes security vulnerabilities where end-user data can be exploited by attackers. While existing techniques have focused on minimizing the risks of inter-application access, they either suffer from inaccurate risk detection or are primarily available to expert users. This paper introduces a novel technique that automatically analyzes potential risks between a set of applications, aids end-users to effectively assess the identified risks by crowdsourcing assessments, and generates an access control policy which prevents unsafe inter-application access at runtime. Our evaluation demonstrated that our technique identifies potential risks between real-world applications with perfect accuracy, supports a scalable analysis on a large number of applications, and successfully aids end-users' risk assessments.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.19-25
• /
• 2018

With the development of IT technology, various services such as artificial intelligence and autonomous vehicles are being introduced, and many changes are taking place in our lives. However, if secure security is not provided, it will cause many risks, so the information security becomes more important. In this paper, we analyzed the research trends of main themes of information security over time. In order to conduct the research, 'Information Security' was searched in the Web of Science database. Using the abstracts of theses published from 1991 to 2016, we derived main research topics through topic modeling and time series regression analysis. The topic modeling results showed that the research topics were Information technology, system access, attack, threat, risk management, network type, security management, security awareness, certification level, information protection organization, security policy, access control, personal information, security investment, computing environment, investment cost, system structure, authentication method, user behavior, encryption. The time series regression results indicated that all the topics were hot topics.

• Convergence Security Journal
• /
• v.8 no.2
• /
• pp.15-25
• /
• 2008

In today's broadcasting and communication systems, many applications are converged information in a complicated manner by interworking with various networks such as satellite networks. Specifically, as broadcasting and communication systems have become more advanced in terms of technology and capacity, the increase in information assets has created new types of threats and vulnerabilities that we're not previously apparent. This paper has proposed the following methodologies for analyzing the risks and estimating the economical that could arise in broadcasting and communication convergence systems. First, the assets are prioritized by grading them according to confidentiality(copyrights), integrity, and availability. Based on such an analysis, this paper presents a model that can be used for verifying the risk variables caused by changing threats and vulnerabilities. Second, this paper presents a method for quantitatively estimating the economical caused by countermeasure costs for each time period.

• Journal of Korean Society of societal Security
• /
• v.1 no.1
• /
• pp.63-67
• /
• 2008

This study focuses on assessing the security ri sk or the terrorism in chemical process industries. This research modifies conventional method for assessing the terrorism risk. The risk assessment method is developed and it is implemented as software to analyze the possibility of terrorism and sabotage. This program includes five steps; asset characterization, threat assessment, vulnerability analysis, risk assessment and new countermeasures. It is a systematic, risk based approach in which risk is a function of the severity of consequences of an undesired event, the likelihood of adversary attack, and the likelihood of adversary success in causing the undesired event. The reliability of the program is verified using a dock zone case. The case dock zone includes a storage farm, a manufacturing plant, an electrical supply utility, a hydrotreater unit, many containers, and administration buildings. This study represents chemical terrorism response technology, the prevention plan, and new countermeasure to mitigate by using risk assessment methods in the chemical industry and public sector. This study suggests an effective approach to the chemical terrorism response management.

• Journal of the Korea Society of Computer and Information
• /
• v.7 no.3
• /
• pp.60-67
• /
• 2002

Existing as a reverse function in the information age, the security threats against the information system is increasing day by day and a systematic security management to this is being considered more and more important. The most important thing on security management is a risk analysis to understand the cause of the threat and to set up a countermeasure. Therefore, to increase security the proposed model will advise on the set up of the security policy and for a set up of an economic security countermeasure we have increased the reliability on the risk calculation stage. Especially, on the countermeasure stage we have requested a security level on the asset in order to examine the mutual reliance between assets, and differing from the standard model, we have improved the proposed model so that the materializing of the proposed countermeasure has been made to identify the restricted items for each asset and in order to not materialize superficial countermeasures and to make sure to materialize an economic countermeasure.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.464-465
• /
• 2014

Analysis of characteristics in software vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerability discovered. Being a new research area, the quantitative aspects of software vulnerabilities and risk assessments have not been fully investigated. However, further detailed studies are required related to the security risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers (Internet Explorer (IE), Firefox (FX), Chrome (CR) and Safari (SF)) with respect to the Common Vulnerability Scoring System (CVSS). The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems, and exploitation aftermath is getting worse.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.9
• /
• pp.143-150
• /
• 2020

The purpose of this study is to investigate the human error of bodyguards caused in the process of performing access control activities between security missions, focusing on multiple risk cases, and to suggest countermeasures accordingly. To verify this, after arranging the sequence of events in a time series, the VTA technique and Why-Why analysis technique that can easily identify the problem centered on the variable node were used. In addition, environmental factors and personal factors that cause human errors were extracted through M-SHEL Metrix. As a result of analyzing multiple risk cases through such a method, the security environment factors that cause access control accidents include lack of time (impatience), prejudice against visitors, intensive work methods, lack of security management, unattended travel, and familiar atmosphere. (Relaxation), formal work activities, convenience provision, and underestimation were surveyed. In addition, human errors caused by personal security guards were investigated as low alertness, formal work, negligence of inspection, and comfortable coping.

• Journal of the Society of Naval Architects of Korea
• /
• v.37 no.3
• /
• pp.69-77
• /
• 2000

This study was a part of FSA study which was initiated by IMO and was applied to hatchway watertight integrity of bulk carriers. Hazards which were involved in high risk level were identified as follows. Ship Operation out of Design Criteria(Hatch Coaming Damage) and Poor Maintenance & Inspection(Securing Arrangement Damage). The potential risk was calculated by risk analysis and risk control option was made to reduce potential risk. The potential risk was about U$60,000/ship-year and could be reduced to about U$30,000/ship-year by applying RCO 1(Advanced system directly related to Hatchway Security). In addition, effectiveness of RCOs was shown by cost benefit assessment.

• Journal of Navigation and Port Research
• /
• v.29 no.6 s.102
• /
• pp.487-493
• /
• 2005

Since the destruction of World Trade Center the attention of the United States and the wider international community has focussed upon the need to strengthen security and prevent terrorism This paper suggests an analysis prior to risk factor and structure for anti-terrorism in the korean maritime society. For this, in this paper, maritime terror risk factor was extracted by type and case of terror using brainstorming method. Also, risk factor is structured by FSM method and analyzed for ranking of each risk factor by AHP. At the result, the evaluation of risk factor is especially over maximum factor for related external impact.

• Journal of Korean Society of societal Security
• /
• v.1 no.1
• /
• pp.53-62
• /
• 2008

Recently, the potential risks of tank lorry transportation from the petrochemical plant have been increasing, so the research was performed to build up the evaluation criterion of the transportation safety, as well as aggressive risk+assessment of a variety of chemical materials. This research was applied to the Maximum Credible Accident Analysis technique and modeled on the risk management of chemical transportation using the following four steps for risk evaluation, firstly the comparison of representative fype and standard of hand ling chemical materials transported by tank vehicles secondly, specific classification of potential hazards thirdly, grasp and recognition of virtual accident scenario at last, the risk evaluation of virtual accident scenario(qualitative/quantitative - chemical release modeling).