• Title/Summary/Keyword: Vulnerability Life Cycle

Search Result 30, Processing Time 0.023 seconds

안전한 소프트웨어 개발을 위한 시큐어 SDLC 동향

  • Park, Ran Kyoung;Lim, Jong In
    • Review of KIISC
    • /
    • v.26 no.1
    • /
    • pp.34-41
    • /
    • 2016
  • 최근 사이버 공격은 분야와 대상을 막론하지 않고 곳곳에서 발생하고 있으며 소프트웨어의 보안 취약점을 이용한 지능적인 수법으로 지속적인 공격을 수행하는 APT 공격 또한 확산하고 있다. 이와 같은 공격을 예방하기 위해서는 공격에 직접 이용되는 소프트웨어 보안 취약점을 사전에 제거해야 한다. 소프트웨어 보안 취약점(vulnerability)의 원천 원인은 소프트웨어 허점, 결점, 오류와 같은 보안 약점(weakness)이다. 그러므로 소프트웨어에서 보안 약점은 개발 단계에서 완전히 제거하는 것이 가장 좋다. 이를 위해 소프트웨어 개발 생명주기(SDLC:Software Development Life Cycle) 전반에 걸쳐 보안성을 강화하는 활동을 수행한다. 이는 소프트웨어 배포 이후에 발생할 수 있는 보안 취약점에 대한 보안 업데이트 및 패치에 대한 비용을 효과적으로 감소시키는 방안이기도 한다. 본 논문에서는 소프트웨어 개발 단계 보안을 강화한 소프트웨어 개발 생명주기로서 시큐어 SDLC에 대한 주요 사례를 소개한다.

Joints: the weak link in bridge structures and lifecycles

  • Yanev, Bojidar
    • Smart Structures and Systems
    • /
    • v.15 no.3
    • /
    • pp.543-553
    • /
    • 2015
  • The condition of the vehicular bridge network in New York City, as represented by ratings obtained during biennial inspections is reviewed over a period of three decades. Concurrently, the bridges comprising the network are considered as networks of structural elements whose condition defines the overall bridge condition according to New York State assumptions. A knowledge-based matrix of assessments is used in order to determine each element's vulnerability and impact within the network of an individual structure and the network of City bridges. In both networks expansion deck joints emerge as the weak link. Typical joint failures are illustrated. Bridge management options for maintenance, preservation, rehabilitation and replacement are examined in the context of joint performance.

The Vulnerability Analysis of the Personal Privacy Security in the Disaster Management System (재난관리시스템의 개인정보보호 취약성 분석)

  • Jeung, Jin-Ho;Kim, Hyun-Seok;Kim, Ju-Bae;Choi, Jin-Young
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2007.11a
    • /
    • pp.1242-1245
    • /
    • 2007
  • 국가 재난관리 시스템(National Disaster Management System: NDMS)은 개발 및 운용상의 여러 이유로 인해 개인정보의 수집을 필요로 한다. 그러나 이렇게 수집된 개인정보는 수집단계에서부터 소멸단계까지 인가/비인가 관리자에 의한 악용 또는 침해우려가 높다. 본 논문에서는 이러한 개인정보들의 관리 및 보호를 위해 재난관리시스템을 대상으로 보호대상 개인정보를 분석하고, 도출된 개인정보에 대하여 재난관리 업무상의 보호/통제를 평가하며, 개인정보 Life Cycle 별 위협 요소 및 잠재 위험 분석을 통한 영향평가를 수행하여 개인정보보호를 위한 관리적, 기술적, 물리적 대응방안을 제시하고자 한다.

Overfishing and recent risk for collapse of fishery in coastal Mediterranean lagoon ecosystem (Karavasta lagoon, southeastern Adriatic sea)

  • Spase Shumka;Yukio Nagahama;Sarjmir Hoxha;Koji Asano
    • Fisheries and Aquatic Sciences
    • /
    • v.26 no.4
    • /
    • pp.294-303
    • /
    • 2023
  • Beside that the fish species and their sub-populations are highly important as a keystone species in the coastal and marine ecosystem, there are very few studies on their presence, distribution and temporal variations within and around the lagoon ecosystems in Albania. This paper provides an updated review on the life cycle, fishery, exploitation state and management of the main species that are subject of commercial fishing in the Karavasta lagoon, southeastern Adriatic coast of Albania. Due to the fact that lagoons represent a continuum between continental and marine aquatic ecosystems they play a crucial role in species life cycles. Further on in the circumstances of rapid utilizations and environmental changes, anomalies in salinity and temperatures, accelerated anthropogenic influences their rate of vulnerability is highly increased. Following the requirements of the Water Framework Directive, transitional water, coastal lagoons and estuaries there is a need for urgent monitoring and management approaches. The commercial species include: European eel (Anguilla anguilla), species of Family Mugilidae (Mugil cephalus, Liza ramada, Liza salienes and Chelon labrosus), Seabream (Sparus aurata), Seabass (Dincentrarchus labrax), etc. Fish productivity is oscillating from maximum value of 61.95 kg/ha is recorded in period of 1975-80 and lower value of 31 kg/ha in year 2020. Our study highlights importance of fish and fishery long-term monitoring, and contributes to understand the driving factors in productivity, migration patterns and species ecology in the vital coastal ecosystems.

Development and application of Smart Water Cities global standards and certification schemes based on Key Performance Indicators

  • Lea Dasallas;Jung Hwan Lee;Su Hyung Jang
    • Proceedings of the Korea Water Resources Association Conference
    • /
    • 2023.05a
    • /
    • pp.183-183
    • /
    • 2023
  • Smart water cities (SWC) are urban municipalities that utilizes modern innovations in managing and preserving the urban water cycle in the city; with the purpose of securing sustainability and improving the quality of life of the urban population. Understanding the different urban water characteristics and management strategies of cities situate a baseline in the development of evaluation scheme in determining whether the city is smart and sustainable. This research herein aims to develop measurements and evaluation for SWC Key Performance Indicators (KPIs), and set up a unified global standard and certification scheme. The assessment for SWC is performed in technical, as well as governance and prospective aspects. KPI measurements under Technical Pillar assess the cities' use of technologies in providing sufficient water supply, monitoring water quality, strengthening disaster resilience, minimizing hazard vulnerability, and maintaining and protecting the urban water ecosystem. Governance and Prospective Pillar on the other hand, evaluates the social, economic and administrative systems set in place to manage the water resources, delivering water services to different levels of society. The performance assessment is composed of a variety of procedures performed in a quantitative and qualitative manner, such as computations through established equations, interviews with authorities in charge, field survey inspections, etc. The developed SWC KPI measurements are used to evaluate the urban water management practices for Busan Eco Delta city, a Semulmeori waterfront area in Gangseo district, Busan. The evaluation and scoring process was presented and established, serving as the basis for the application of the smart water city certification all over the world. The established guideline will be used to analyze future cities, providing integrated and comprehensive information on the status of their urban water cycle, gathering new techniques and proposing solutions for smarter measures.

  • PDF

Protection Plan of Trustee Personal Credit Information for Credit Card Company Using Cloud Computing (클라우드컴퓨팅 이용 신용카드사의 영세수탁자 개인신용정보 보호방안)

  • Kim, Shi-in;Kim, In-suk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.885-895
    • /
    • 2019
  • As seen in recent cases of hacking in financial services, attackers are attempting to hacking trustee with poor security management, rather than directly hacking a financial company. As a result, the consignor is strengthening the security check and control of the trustee, but small trustee has difficulties to invest in information security with the lack of computer facilities and the excessive cost of security equipment. In this paper I investigate the vulnerability of personal information processing life cycle standards in order to enhance the security of small consignee that receive personal information form the credit card company. To solve the vulnerability the company should use litigation management system constructed on cloud computing service and install VPN to secure confidentiality and intergrity in data transfer section. Also, to enhance the security of users, it is suggested to protect personal credit information by installing PC firewall and output security on user PC.

Evaluation Methodology of Diagnostic Tool for Security Weakness of e-GOV Software (전자정부 소프트웨어의 보안약점 진단도구 평가방법론)

  • Bang, Jiho;Ha, Rhan
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38C no.4
    • /
    • pp.335-343
    • /
    • 2013
  • If the SW weaknesses, which are the main cause of cyber breaches, are analyzed and removed in the SW development stages, the cyber breaches can be prevented effectively. In case of Domestic, removing SW weaknesses by applying Secure SDLC(SW Development Life Cycle) has become mandatory. In order to analyze and remove the SW weaknesses effectively, reliable SW weakness diagnostic tools are required. Therefore, we propose the functional requirements of diagnostic tool which is suitable for the domestic environment and the evaluation methodology which can assure the reliability of the diagnostic tools. Then, to analyze the effectiveness of the proposed evaluation framework, both demonstration results and process are presented.

A Study on the Investment Strategy of the IT R&D using Portfolio Analysis and AHP Method (포트폴리오 분석과 계층화분석기법(AHP)을 활용한 정부 IT분야 연구개발 투자 전략 연구)

  • Kim, Yun-Jong;Jung, Uk;Yim, Seong-Min;Jeong, Sang-Ki
    • Korean Management Science Review
    • /
    • v.26 no.1
    • /
    • pp.37-51
    • /
    • 2009
  • Korean IT industry has been given much weight in national R&D management. A negative side of this fact is that Korean economy is likely to become vulnerable to a condition of the export business in certain items of IT industry which has a serious influence on the national economy. A customized investment strategy through the analysis of technology competitiveness and R&D status in each technology of IT field is required in order to rectify the structural vulnerability and pursue a continuous growth. In this research, a strategic direction to set up an efficient investment strategy is presented. In this process, it draws a portfolio analysis with two axes of technology level and technology life cycle. It also derives a priority order of the national investment considering the degree of technological impact, marketability, and adequacy of public support from AHP (Analytic Hierarchy Process) method by a survey of IT experts. A portfolio analysis in the prior stage helps the respondents in AHP become more familiar with the alternatives' characteristics so that their decision making process more corresponds with national R&D strategies.

Defending Non-control-data Attacks using Influence Domain Monitoring

  • Zhang, Guimin;Li, Qingbao;Chen, Zhifeng;Zhang, Ping
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.8
    • /
    • pp.3888-3910
    • /
    • 2018
  • As an increasing number of defense methods against control-data attacks are deployed in practice, control-data attacks have become challenging, and non-control-data attacks are on the rise. However, defense methods against non-control-data attacks are still deficient even though these attacks can produce damage as significant as that of control-data attacks. We present a method to defend against non-control-data attacks using influence domain monitoring (IDM). A definition of the data influence domain is first proposed to describe the characteristics of a variable during its life cycle. IDM extracts security-critical non-control data from the target program and then instruments the target for monitoring these variables' influence domains to ensure that corrupted variables will not be used as the attackers intend. Therefore, attackers may be able to modify the value of one security-critical variable by exploiting certain memory corruption vulnerabilities, but they will be prevented from using the variable for nefarious purposes. We evaluate a prototype implementation of IDM and use the experimental results to show that this method can defend against most known non-control-data attacks while imposing a moderate amount of performance overhead.

Sustainable retrofit design of RC frames evaluated for different seismic demand

  • Zerbin, Matteo;Aprile, Alessandra
    • Earthquakes and Structures
    • /
    • v.9 no.6
    • /
    • pp.1337-1353
    • /
    • 2015
  • Seismic upgrading of existing structures is a technical and social issue aimed at risk reduction. Sustainable design is one of the most important challenges in any structural project. Nowadays, many retrofit strategies are feasible and several traditional and innovative options are available to engineers. Basically, the design strategy can lead to increase structural ductility, strength, or both of them, but also stiffness regulation and supplemental damping are possible strategies to reduce seismic vulnerability. Each design solution has different technical and economical performances. In this paper, four different design solutions are presented for the retrofit of an existing RC frame with poor concrete quality and inadequate reinforcement detailing. The considered solutions are based on FRP wrapping of the existing structural elements or alternatively on new RC shear walls introduction. This paper shows the comparison among the considered design strategies in order to select the suitable solution, which reaches the compromise between the obtained safety level and costs during the life-cycle of the building. Each solution is worked out by considering three different levels of seismic demand. The structural capacity of the considered retrofit solutions is assessed with nonlinear static analysis and the seismic performance is evaluated with the capacity spectrum method.