• 대한기계학회논문집A
• /
• 제39권11호
• /
• pp.1169-1174
• /
• 2015

위험도 평가 기술은 주로 플랜트의 많은 운영설비 중 대형사고나 피해를 유발할 수 있는 위험설비를 선별하는 목적으로 개발되었다. 현재 발전소에 설치되어 있는 설비관리시스템에는 초기 버전의 위험도 평가 모듈이 설치되어 있으나 문진 위주로 구성되어 통계적 기법에 기반을 둔 고장 확률 평가보다는 평가자의 주관적인 판단에 따라 평가 결과가 좌우되었다. 또한 발전회사 서버에 기반하였기 때문에 평가자가 공간 및 시간의 제약을 받을 수 밖에 없고 현장 활용에 한계가 있었다. 본 논문에서는 문진 대신 해석적 분석을 이용한 기본 고장확률을 계산하고 현장 검사 결과 및 검사 효용도를 분석할 수 있는 독립형 위험도 평가 소프트웨어를 개발하였다. 독립형으로 현장 운용이 가능하며 최적 정비주기 예측 및 현장검사 결과에 대한 입출력 기능이 있기 때문에 정비에 직접 참여하는 현장 사용자뿐만 아니라 발전 설비의 수명연장 및 교체를 결정해야 하는 엔지니어에게 유용한 정보를 제공할 것이다.

• 한국지역사회생활과학회지
• /
• 제22권4호
• /
• pp.655-668
• /
• 2011

Although consumer ethical behavior related with illegal copies of digital software has been considered to be an important issue, not many studies have attempted to examine the issue. Firstly, this study attemped to explain the moral judgment and intention to make illegal copies of smart phone applications for college students. Secondly, psychological factors such as moral intensity and perceived risk related to making illegal copies were tested to be significantly different in individual characteristics such as experience of ethical education and past experience of making illegal copies of software, sex, age and household income. Thirdly, the effect of related factors such as psychological factors and individual characteristics was estimated to significantly influence moral judgment and intention to make illegal copies. Two step method(using LIMDEP program) was applied to estimate the model as a structural equation model. According to the results of this study, magnitude of consequences, financial risk and performance risk were found to be significantly different in income groups(less than middle class vs more than middle class). Prosecution risk was found to be significantly different in gender groups(female vs male). In addition, social consensus, financial risk, performance risk and prosecution risk were found to be significantly different in ethical education groups(experience vs no experience). Furthermore, moral judgment for making illegal copies of smart phone applications was found to be significantly influenced by income, ethical education, magnitude of consequences, temporal immediacy and social consensus. And intention to make illegal copies of smart phone applications was found to be significantly influenced by moral judgment, age, financial risk, performance risk and prosecution risk.

• 정보처리학회논문지:소프트웨어 및 데이터공학
• /
• 제8권6호
• /
• pp.223-234
• /
• 2019

첨단 무기체계들이 고도로 연동되어 수행되는 네트워크 중심전에서는 사이버 공격이 전쟁의 승패를 좌우하는 커다란 위협으로 대두되었다. 또한 최신예 전투기로 발전할수록 증가하는 소프트웨어 의존도는 사이버 공격에 대한 전투기 소프트웨어의 강화된 보안대책을 요구하고 있다. 본 논문에서는 항공기 감항 보안 인증 표준인 DO-326A를 적용함에 있어 전투기의 특성 및 운용환경을 반영하여 위험기반 보안위협 평가 프로세스를 설계한다. 이를 위하여 DO-326A의 감항 보안 인증 프로세스의 보안위협 평가 단계에서 전투기 보안위협을 도출하고 사이버 공격의 발생 가능성과 전투기에 미치는 영향력의 관점에서 위협을 점수화하며 보안위험 심각도를 결정하는 단계를 추가하여 적용한다.

• Journal of Information Processing Systems
• /
• 제14권3호
• /
• pp.607-620
• /
• 2018

The problem surrounding methods of implementing the software testing process has come under the spotlight in recent times. However, as compliance with the software testing process does not necessarily bring with it immediate economic benefits, IT companies need to pursue more aggressive efforts to improve the process, and the software industry needs to makes every effort to improve the software testing process by evaluating the Test Maturity Model integration (TMMi). Furthermore, as the software test process is only at the initial level, high-quality software cannot be guaranteed. This paper applies TMMi model to Automobile control software testing process, including test policy and strategy, test planning, test monitoring and control, test design and execution, and test environment goal. The results suggest improvement of the automobile control software testing process based on Test maturity model. As a result, this study suggest IT organization's test process improve method.

• 정보처리학회논문지D
• /
• 제17D권6호
• /
• pp.423-430
• /
• 2010

소프트웨어가 대형화 및 복잡화되고 품질보증 및 관리에 대한 요구가 한층 커짐에 따라 소프트웨어 테스트 활동이 중요시되고 있다. 소프트웨어 테스트 활동은 시스템에 존재하는 결함 발견과 처리가 주요 목적이지만, 현재 시스템의 위험요소를 관리하기 위한 요구 또한 존재한다. 하지만 일반적인 테스트 자동화 도구에서는 테스트케이스를 이용하여 동일한 순서로 테스트를 수행하며, 이러한 테스트 방식은 빈번하게 변경되는 소프트웨어를 테스트함에 있어 결함을 조기에 발견할 가능성이 낮아지고 처리되는 시간이 늦어지게 된다. 이에 따라 본 논문에서는 과거 테스트 이력을 이용하여 테스트케이스에 동적인 가중치를 부여함으로써 위험도가 높은 테스트케이스를 우선적으로 테스트 하여 결함을 빠르게 발견할 수 있도록 가중치를 이용한 테스트케이스 동적 관리 기법을 설계하였다.

• Structural Monitoring and Maintenance
• /
• 제5권3호
• /
• pp.363-377
• /
• 2018

The proper functioning of critical points on transport infrastructure is decisive for the entire network. Tunnels and bridges certainly belong to the critical points of the surface transport network, both road and rail. Risk management should be a holistic and dynamic process throughout the entire life cycle. However, the level of risk is usually determined only during the design stage mainly due to the fact that it is a time-consuming and costly process. This paper presents a simplified quantitative risk analysis method that can be used any time during the decades of a tunnel's lifetime and can estimate the changing risks on a continuous basis and thus uncover hidden safety threats. The presented method is a decision support system for tunnel managers designed to preserve or even increase tunnel safety. The CAPITA method is a deterministic scenario-oriented risk analysis approach for assessment of mortality risks in road tunnels in case of the most dangerous situation - a fire. It is implemented through an advanced risk analysis CAPITA SW. Both, the method as well as the resulting software were developed by the authors' team. Unlike existing analyzes requiring specialized microsimulation tools for traffic flow, smoke propagation and evacuation modeling, the CAPITA contains comprehensive database with the results of thousands of simulations performed in advance for various combinations of variables. This approach significantly simplifies the overall complexity and thus enhances the usability of the resulting risk analysis. Additionally, it provides the decision makers with holistic view by providing not only on the expected risk but also on the risk's sensitivity to different variables. This allows the tunnel manager or another decision maker to estimate the primary change of risk whenever traffic conditions in the tunnel change and to see the dependencies to particular input variables.

• 한국멀티미디어학회논문지
• /
• 제18권2호
• /
• pp.199-206
• /
• 2015

Since security vulnerabilities newly discovered in a popular Web browser immediately put a number of users at risk, urgent attention from developers is required to address those vulnerabilities. Analysis of characteristics in the Web browser vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. So far, being a new research area, the quantitative aspects of the Web browser vulnerabilities and risk assessments have not been fully investigated. However, due to the importance of Web browser software systems, further detailed studies are required related to the Web browser risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers with respect to the Common Vulnerability Scoring System. Further, vulnerability discovery trends in the Web browsers are also investigated. The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems. It is also found that a vulnerability discovery model which was originally introduced for operating systems is also applicable to the Web browsers.

• 한국안전학회지
• /
• 제17권4호
• /
• pp.110-118
• /
• 2002

During the last ten years, the need has been increase for reducing maintenance cost for aged equipments are ensuring safety, efficiency and profitability of petrochemical and refinery plants. American Petroleum institute(API) developed a code, API 581 for proposing standard procedures of risk based inspection. Even though the API 581 code covers general RBI procedures, there must be some limitations. In this study, a semi-quantitative assessment algorithm for RBI based on the API 581 code was reconstructed for developing an RBI software. The user-friendly realRBI software is developed with a module for evaluation semi-quantitative risk category using the potential consequence factor and the likelihood factor. Also, inspection planning module for inspection time and inspection method for equipments are included.

• 한국안전학회지
• /
• 제14권4호
• /
• pp.120-125
• /
• 1999

This study evaluated the effect of the accidents caused by fire, explosion, and toxic gas release by using SuperChems, quantitative hazardous material release modeling software, which estimates the potential area of damage. According to the loss severity, the appropriate risk management principles can be applied. Risk management is divided into the two methods which are risk control and risk financing. Risk control includes risk avoidance, risk spreading and diversification, and risk reduction. Risk financing includes risk retention and risk transfer. The results of this study can help the related company determine the appropriate reserve fund and the amount to be insured against the third party losses according to the estimated loss severity.

• 정보보호학회논문지
• /
• 제28권6호
• /
• pp.1449-1461
• /
• 2018

소프트웨어 취약점의 수가 해마다 증가함에 따라 소프트웨어에 대한 공격 역시 많이 발생하고 있다. 이에 따라 보안 관리자는 소프트웨어에 대한 취약점을 파악하고 패치 해야 한다. 그러나 모든 취약점에 대한 패치는 현실적으로 어렵기 때문에 패치의 우선순위를 정하는 것이 중요하다. 본 논문에서는 NIST(National Institute of Standards and Technology)에서 제공하는 취약점 자체 정보와 더불어, 공격 패턴이나 취약점을 유발하는 약점에 대한 영향을 추가적으로 고려하여 취약점의 위험도 평가 척도를 확장한 스코어링 시스템을 제안하였다. 제안하는 스코어링 시스템은 CWSS의 평가 척도를 기반으로 확장했으며, 어느 기업에서나 용이하게 사용할 수 있도록 공개된 취약점 정보만을 활용하였다. 이 논문에서 실험을 통해 제안한 자동화된 시스템을 소프트웨어 취약점에 적용함으로써, 공격 패턴과 약점에 의한 영향을 고려한 확장 평가 척도가 유의미한 값을 보이는 것을 확인하였다.