• Journal of Korean Society of Disaster and Security
• /
• v.5 no.2
• /
• pp.43-48
• /
• 2012

As the major information communication infrastructure had been getting more important, 'Act on the Protection of Information and Communications Infrastructure'(APICI) was legislated in Korea 2001. Consequently, the major information system, nationwide monitering service systems and government administration operation & management systems have been registered and managed under the APICI. The authorized organizations related to above service and system, perform vulnerability analysis and evaluation for chief communication infrastructures by themselves or registered agencies. In this research, we propose an advanced model for vulnerability analysis and evaluation and apply it to the main information and communication infrastructures through the case study. We hope each related organization could apply this model for analysis and evaluation of vulnerability in these infrastructures.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.13 no.6
• /
• pp.1106-1112
• /
• 2010

One of the considerations in weapon systems procurement is the objective of maximizing the current force. Also, offensive effects, rather than defense are valued in weapons system development and procurement. Especially, the survivability of a naval ship is equally important as the offensive effect of onboard weapons. In case of naval ships, development of attack tactics and research regarding damage minimization must be conducted through live fire exercise against actual targets in order to minimize damage from the enemy. However, it is difficult to conduct such adequate measures due to realistic limitations such as time and budget in order to verify and calculate a weapon system's attack and damage effects along with the lack of practical studies in this subject despite numerous interests. Research are being conducted utilizing M&S to estimate attack effects and study damages due to such reason, but the lack of authoritative data and development ability are limiting calculation of reliable results. Therefore, this study will propose a measure to increase survivability of a weapon system(ship/vessel) utilizing research of vulnerability from enemy attacks analysis method against a naval ship(Craft Air Cushion).

• Journal of IKEEE
• /
• v.23 no.2
• /
• pp.659-666
• /
• 2019

MANET can be applied to various applications as it can autonomously configure the network with only mobile nodes. However, the network can be vulnerable to cyber attacks because it is organized in a distributed environment without central control or management. In this paper, we propose a simulation-based network security vulnerability analysis and verification method. Using this method, we simulated the routing message modification attack, Sybil node attack, and TLV message modification attack that may frequently occur in MANET, and confirmed that similar vulnerabilities can be occurred in the real system. Therefore, the proposed method can be used to improve the accuracy of the protocol design by verifying possible security vulnerabilities through simulation during the protocol design procedure.

• Journal of The Korean Society of Agricultural Engineers
• /
• v.61 no.6
• /
• pp.41-53
• /
• 2019

Recently, the damage caused by climate change has been distinguished in the world. The Korean Peninsula is also suffering from drought, so it is necessary to study the vulnerability assessment to identify and predict the state of the irrigation facility, which is a irrigation facility. As the damage caused by drought is occurring in the Korean peninsula, it is necessary to study the vulnerability assessment to know the condition of the irrigation facility, and to predict it. The target areas were Yeongdong-gun, Cheonan-si, Mungyeong-si, Geochang-gun, Muju-gun, and Yeonggwang-gun. The survey items were selected as positive impacts survey items, including precipitation, groundwater level, and pumping capacity per groundwater well. The negative impacts were selected as the cultivation acreage, Number of days without rain, and the ratio of private underground wells. The survey method was investigated by various methods such as "weather data portal", "groundwater level status information", "agricultural drought management system", "groundwater survey yearbook". The results of vulnerability assessment were expressed by the score by conducting survey and standardization. As a result, Yeonggwang-gun showed normal vulnerability, and other areas showed "vulnerable" or "very vulnerable".

• Journal of the Korea Society for Simulation
• /
• v.30 no.1
• /
• pp.1-9
• /
• 2021

In actual battlefield environment, the naval ships which have specific missions have to respond to the attack of hostile forces. Especially, in modern warfare, the importance of the survivability of naval ships are increasing due to the high lethality of armaments. Naval ship survivability is generally considered to encompass three constituents, susceptibility, vulnerability and recoverability. Recently, among these three constituents, many researches on vulnerability have been conducted. However, for the vulnerability of naval ships, most of researches are aimed towards the detailed design stages where implementing changes is heavily constrained or even impractical. In this paper, vulnerability assessment model for naval ships on a theater engagement is developed by using M&S technique. By using this model, the characteristics of platform and armaments are reflected on the damage of naval ship. The basic logic of damage assessment is also considered in detail. The damage status of the naval ship is quantified by defining a representative state index of onboard equipment for each system.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.12 no.6
• /
• pp.359-368
• /
• 2017

As the BadUSB is a vulnerability, in which a hacker tampers the firmware area of a USB flash drive. When the BadUSB device is plugged into the USB port of a host system, a malicious code acts automatically. The host system misunderstands the act of the malicious behavior as an normal behaviour for booting the USB device, so it is hard to detect the malicious code. Also, an antivirus software can't detect the tampered firmware because it inspects not the firmware area but the storage area. Because a lot of computer peripherals (such as USB flash drive, keyboard) are connected to host system with the USB protocols, the vulnerability has a negative ripple effect. However, the countermeasure against the vulnerability is not known now. In this paper, we analyze the tampered area of the firmware when a normal USB device is changed to the BadUSB device and propose the countermeasure to verify the integrity of the area when the USB boots. The proposed method consists of two procedures. The first procedure is to verify the integrity of the area which should be fixed even if the firmware is updated. The verification method use hashes, and the target area includes descriptors. The second procedure is to verify the integrity of the changeable area when the firmware is updated. The verification method use code signing, and the target area includes the function area of the firmware. We also propose the update protocol for the proposed structure and verify it to be true through simulation.

• The Journal of the Korea Contents Association
• /
• v.21 no.1
• /
• pp.284-291
• /
• 2021

As the current security monitoring system is operated as a passive system only for response after an attacker's attack, it is common to respond to intrusion incidents after an attack occurs. In particular, when new assets are added and actual services are performed, there is a limit to vulnerability testing and pre-defense from the point of view of an actual hacker. In this paper, a new security monitoring model has been proposed that uses multiple hacking-related search engines to add proactive vulnerability response functions of protected assets. In other words, using multiple search engines with general purpose or special purpose, special vulnerabilities of the assets to be protected are checked in advance, and the vulnerabilities of the assets that have appeared as a result of the check are removed in advance. In addition, the function of pre-checking the objective attack vulnerabilities of the protected assets recognized from the point of view of the actual hacker, and the function of discovering and removing a wide range of system-related vulnerabilities located in the IP band in advance were additionally presented.

• Nuclear Engineering and Technology
• /
• v.54 no.6
• /
• pp.2135-2146
• /
• 2022

A nuclear energy facility is one of the most critical facilities to be safely protected during and after operation because the physical destruction of its barriers by an external attack could release radioactivity into the environment and can cause harmful effects. The barrier walls of nuclear energy facilities should be sufficiently robust to protect essential facilities from external attack or sabotage. Physical protection system (PPS) vulnerability assessment of a typical small nuclear research reactor was carried out by simulating an external attack with a tri-nitro toluene (TNT) shaped charge and results are presented. The reinforced concrete (RC) barrier wall of the research reactor located at a distance of 50 m from a TNT-shaped charge was the target of external attack. For the purpose of the impact assessment of the RC barrier wall, a finite element method (FEM) is utilized to simulate the destruction condition. The study results showed that a hole-size of diameter 342 mm at the front side and 364 mm at the back side was created on the RC barrier wall as a result of a 143.35 kg TNT-shaped charge. This aperture would be large enough to let at least one person can pass through at a time. For the purpose of the PPS vulnerability assessment, an Estimate of Adversary Sequence Interruption (EASI) model was used, which enabled the determination of most vulnerable path to the target with a probability of interruption equal to 0.43. The study showed that the RC barrier wall is vulnerable to a TNT-shaped charge impact, which could in turn reduce the effectiveness of the PPS.

• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.779-780
• /
• 2006

In comparison with a existing passive Healthcare system, a healthcare system applied OSGi framework is spontaneous and excellently expandable. But, OSGi-based healthcare system has security vulnerability which OSGi has the technical feature and restriction in the service support area. In this paper, in order to overcome these vulnerability, we propose the technique that applies JXTA standardized P2P platform in OSGi-based healthcare system.

• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.19-30
• /
• 2019

Many organizations need to comply with ISMS-P for information systems and personal information management for ISMS-P certification. Organizations should safeguard vulnerablities to information systems. However, as the kinds of information systems are diversified and the number of information systems increases, management of such vulnerabilities manually accompanies with many difficulties. SCAP is a protocol to manage the vulnerabilities of information system automatically with security standards. In this paper, for the introduction of SCAP in domestic domains we verify the applicability of server-oriented system which is one of ISMS-P certification targets. For SCAP applicability, For obtaining this goal, we analyze the structures and functions of SCAP. Then we propose schemes to check vulnerabilities of the server-oriented system. Finally, we implement the proposed schemes with SCAP to show the applicability of SCAP for verifying vulnerabilities of the server-oriented system.