• Title/Summary/Keyword: Vulnerability Checklist

Search Result 14, Processing Time 0.019 seconds

Classification of Security Checklist Items based on Machine Learning to Manage Security Checklists Efficiently (보안 점검 목록을 효율적으로 관리하기 위한 머신러닝 기반의 보안 점검 항목 분류)

  • Hyun Kyung Park;Hyo Beom Ahn
    • Smart Media Journal
    • /
    • v.11 no.11
    • /
    • pp.75-83
    • /
    • 2022
  • NIST in the United States has developed SCAP, a protocol that enables automated inspection and management of security vulnerability using existing standards such as CVE and CPE. SCAP operates by creating a checklist using the XCCDF and OVAL languages and running the prepared checklist with the SCAP tool such as the SCAP Workbench made by OpenSCAP to return the check result. SCAP checklist files for various operating systems are shared through the NCP community, and the checklist files include ID, title, description, and inspection method for each item. However, since the inspection items are simply listed in the order in which they are written, so it is necessary to classify and manage the items by type so that the security manager can systematically manage them using the SCAP checklist file. In this study, we propose a method of extracting the description of each inspection item from the SCAP checklist file written in OVAL language, classifying the categories through a machine learning model, and outputting the SCAP check results for each classified item.

Study on the Femtocell Vulnerability Analysis Using Threat Modeling (위협 모델링 기법을 이용한 펨토셀 취약점 분석에 대한 연구)

  • Kim, Jae-ki;Shin, Jeong-Hoon;Kim, Seung-joo
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.5 no.8
    • /
    • pp.197-210
    • /
    • 2016
  • Lately smartphone uasage is increasing and many Internet of Things (IoT) devices support wireless communications. Accordingly, small base stations which called femtocells are supplied to prevent saturation of existing base stations. However, unlike the original purpose of the femtocell with the advanced hacking technologies, Vulnerability such as gaining the administrator authority was discovered and this can cause serious problems such as the leakage of personal information of femtocell user. Therefore, identify security threats that may occur in the femtocell and it is necessary to ways for systematic vulnerability analysis. In this paper, We analyzed the security threats that can be generated in the femtocell and constructed a checklist for vulnerability analysis using the Threat Modeling method. Then, using the constructed checklist provides a scheme that can improve the safety of the femto cell through the actual analysis and taken the results of the femtocell vulnerabilities analysis.

A Proposal for "Security Verification Method for Implementation of Secure Android Mobile Application" (안전한 안드로이드 어플리케이션 개발을 위한 구현 단계별 보안성 검증 방안 제시)

  • Hur, Hwan Seok;Kang, Sung Hoon;Kim, Seung Joo
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.10
    • /
    • pp.445-460
    • /
    • 2013
  • Mobile applications today are being offered as various services depending on the mobile device and mobile environment of users. This increase in mobile applications has shifted the spotlight to their vulnerability. As an effective method of security verification, this paper proposes "phase-wise security verification for the implementation of mobile applications". This method allows additional security verification by covering specific items across a wider range compared to existing methods. Based on the identified weaknesses, it detects the cause of vulnerability and monitors the related settings.

Risk analysis of checklist for efficient web vulnerability inspection (효율적인 웹 취약점 점검을 위한 점검항목의 위험도 분석)

  • Lee, Hyun-A
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2018.05a
    • /
    • pp.126-128
    • /
    • 2018
  • 웹 해킹 사고 건수와 피해규모가 매년 증가하고 있다. 해킹사고의 대부분이 웹을 통해 발생하고 있으며 웹 취약점 점검을 통해 사전에 예방할 수 있지만 인력과 예산 부족으로 주기적인 점검이 어려운 것이 현실이다. 본 연구에서는 효율적인 웹 점검을 위해 공격가능성을 바탕으로 점검 항목의 위험도를 분석하고 향후 지속되어야 할 연구 방향을 제시한다.

A Study on Quantitative Security Assessment after Privacy Vulnerability Analysis of PC (PC의 개인정보보호 취약점 분석과 정량화된 보안진단 연구)

  • Seo, Mi-Sook;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2012.05a
    • /
    • pp.456-460
    • /
    • 2012
  • Privacy Protection Act of 30 March 2012 was performed. In general, personal information management to enhance security in the DB server has a security system but, PC for the protection of the privacy and security vulnerability analysis is needed to research on self-diagnosis. In this paper, from a PC to search information relating to privacy and enhance security by encrypting and for delete file delete recovery impossible. In pc found vulnerability analysis is Check user accounts, Checking shared folders ,Services firewall check, Screen savers, Automatic patch update Is checked. After the analysis and quantification of the vulnerability checks through the expression, enhanced security by creating a checklist for the show, PC security management, server management by semi-hwahayeo activates. In this paper the PC privacy and PC security enhancements a economic damage and of the and Will contribute to reduce complaints.

  • PDF

Effects of Parenting Attitude on K-CBCL Scales (부모의 양육태도가 유아 행동평가 척도에 미치는 영향 연구)

  • Jung, HaeRee;Ha, Hyun-Yee;Lee, Soo Jin;Chae, Han
    • The Journal of Pediatrics of Korean Medicine
    • /
    • v.27 no.2
    • /
    • pp.1-10
    • /
    • 2013
  • Objectives The aim of this study was to explore the effect of parental attitude on the behavioral problems in children who visited the traditional Korean pediatrics clinic. Methods The subjects were consist of 190 outpatients ($56.6{\pm}12.9$ months) and their mother. The Behavior problems of children were measured with Korean version of Child Behavior Checklist for Ages 1.5-5 (K-CBCL1.5-5) while parental perception of child vulnerability, parent overprotection, parenting stress were measured by Child Vulnerability Scale (CVS), Parent Protection Scale (PPS), Korean-Parenting Stress Index-Short Form scale (K-PSI-SF), respectively. Correlation and multiple regression were conducted for the analysis. Results Significant correlations between child total problems score and child vulnerability (r=.272, p<.001), parent overprotection (r=.243, p=.001), and parenting stress (r=.597, p<.001) were reported. Multiple regression analysis revealed that the parenting stress (${\beta}$=.548, p<.001) was a major predictor for the child behavior problems rather than child vulnerability and parent overprotection. Conclusions It was shown that the parenting stress has a significant influence on the emotional and behavioral development of children. These results can be useful for improving clinical diagnosis and treatment in traditional Korean pediatrics.

Improvement of the Checklist for Residential Housing's Crime Prevention Accreditation Assessment (주거시설에 대한 CPTED 평가인증 기준 개선방안 연구)

  • Park, Hyeon-Ho;Kim, Kang-Il;Cho, Joon-Tag
    • Korean Security Journal
    • /
    • no.55
    • /
    • pp.117-141
    • /
    • 2018
  • Police crime statistics report that residential housing such as apartment, low rise, detached houses is the second most vulnerable to crime, which is closely followed by the number of street crimes. Also residential houses are often exposed to quality-of-life crime, e.g burglary. It threatens the basic human rights of house residents in terms of safety and comfort within the urban living environment. This study examines related precedent studies regarding the vulnerability of residential housing including studios, multi-family housing from the viewpoint of crime prevention through environment design(CPTED), extracted the elements and items suitable for the safety of residential facilities and the certification evaluation indicators and check items to be the basis for the checklist are derived. Based on these evaluation indicators and inspection items, we conducted on-site surveys of residential facilities in three areas of Seoul, Yongin and Asan, and the final draft of the checklist was revised based on the results of the field survey. There are 43 items on the 7 fields of evaluation in the final version of checklist, 11 items in the management and operation, 20 items in the surveillance, 7 items in the access control, 1 item in the territoriality, 2 items in the activity support, and 2 items in the security and safety facilities. In addition, various points of interest were added to allow the administrator of the residential facility to earn points for special measures taken for safety. This checklist can be appropriately modified and utilized in consideration of the characteristics of each facility. Korean national police agency has CPOs to check the residential facilities in their jurisdiction using checklists and to certify excellent facilities with high level of safety.

Derivation of Security Requirements of Smart TV Based on STRIDE Threat Modeling (STRIDE 위협 모델링에 기반한 스마트 TV 보안 요구사항 도출)

  • Oh, In-Kyung;Seo, Jae-Wan;Lee, Min-Kyu;Lee, Tae-Hoon;Han, Yu-Na;Park, Ui-Seong;Ji, Han-Byeol;Lee, Jong-Ho;Cho, Kyu-Hyung;Kim, Kyounggon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.2
    • /
    • pp.213-230
    • /
    • 2020
  • As smart TVs have recently emerged as the center of the IoT ecosystem, their importance is increasing. If a vulnerability occurs within a smart TV, there is a possibility that it will cause financial damage, not just in terms of privacy invasion and personal information leakage due to sniffing and theft. Therefore, in this paper, to enhance the completeness of smart TV vulnerability analysis, STRIDE threat classification are used to systematically identify threats. In addition, through the manufacture of the Attack Tree and the actual vulnerability analysis, the effectiveness of the checklist was verified and security requirements were derived for the safe smart TV use environment.

Study on the AI Speaker Security Evaluations and Countermeasure (AI 스피커의 보안성 평가 및 대응방안 연구)

  • Lee, Ji-seop;Kang, Soo-young;Kim, Seung-joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1523-1537
    • /
    • 2018
  • The AI speaker is a simple operation that provides users with useful functions such as music playback, online search, and so the AI speaker market is growing at a very fast pace. However, AI speakers always wait for the user's voice, which can cause serious problems such as eavesdropping and personal information exposure if exposed to security threats. Therefore, in order to provide overall improved security of all AI speakers, it is necessary to identify potential security threats and analyze them systematically. In this paper, security threat modeling is performed by selecting four products with high market share. Data Flow Diagram, STRIDE and LINDDUN Threat modeling was used to derive a systematic and objective checklist for vulnerability checks. Finally, we proposed a method to improve the security of AI speaker by comparing the vulnerability analysis results and the vulnerability of each product.

Analysis of Self-driving Environment Using Threat Modeling (위협 모델링을 이용한 자율 주행 환경 분석)

  • Min-Ju Park;Ji-Eun Lee;Hyo-Jeong Park;Yeon-sup Lim
    • Convergence Security Journal
    • /
    • v.22 no.2
    • /
    • pp.77-90
    • /
    • 2022
  • Domestic and foreign automakers compete to lead the autonomous vehicle industry through continuously developing self-driving technologies. These self-driving technologies are evolving with dependencies on the connection between vehicles and other objects such as the environment of cars and roads. Therefore, cyber security vulnerabilities become more likely to occur in the self-driving environment, so it is necessary to prepare for them carefully. In this paper, we model the threats in autonomous vehicles and make the checklist to securely countermeasure them.