• Journal of Information Processing Systems
• /
• v.16 no.1
• /
• pp.61-82
• /
• 2020

The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.23-33
• /
• 2013

Recently in the field of IT, cloud computing technology has been deployed rapidly in the current society because of its flexibility, efficiency and cost savings features. However, cloud computing system has a big problem of vulnerability in security. In order to solve the vulnerability of cloud computing systems security in this study, impact types of virtual machine about the vulnerability were determined and the priorities were determined according to the risk evaluation of virtual machine's vulnerability. For analyzing the vulnerability, risk measurement standards about the vulnerability were defined based on CVSS2.0, which is an open frame work; and the risk measurement was systematized by scoring for relevant vulnerabilities. Vulnerability risk standards are considered to suggest fundamental characteristics of vulnerability and to provide the degree of risks and consequently to be applicable to technical guides to minimize the vulnerability. Additionally, suggested risk standard of vulnerability is meaningful as the study content itself and could be used in technology policy project which is to be conducted in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1079-1090
• /
• 2012

As the number of information asset and their vulnerabilities are increasing, it becomes more difficult for network security administrators to assess security vulnerability of their system and network. There are several researches for vulnerability analysis based on quantitative approach. However, most of them are based on experts' subjective evaluation or they require a lot of manual input for deriving quantitative assessment results. In this paper, we propose HRMS(Hacking and Response Measurement System) for enumerating attack path using automated vulnerability measurement automatically. HRMS can estimate exploitability of systems or applications based on their known vulnerability assessment metric, and enumerate attack path even though system, network and application's information are not fully given for vulnerability assessment. With this proposed method, system administrators can do proactive security vulnerability assessment.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.39-46
• /
• 2011

Smart environment of health information technology, u-Healthcare architecture, ad-hoc networking and wireless communications environment are major factors that increase vulnerability of u-healthcare information systems. Traffic domain is the concept of network route that identifies the u-Healthcare information systems area as the traffic passing and security technologies application. The criterion of division is an area requiring the application of security technology. u-Healthcare information system domains are derived from the intranet section. the public switched network infrastructure, and networking sectors. Domains of health information systems are separated by domain vulnerability reason. In this study, domain-specific security vulnerability assessment system based on the USN in u-Healthcare system is derived. The model used in this study suggests how to establish more effective measurement USN-based health information network security vulnerability which has been vague until now.

• The Journal of Society for e-Business Studies
• /
• v.16 no.2
• /
• pp.129-142
• /
• 2011

Traditionally research in Service Oriented Architecture(SOA) security has focused primarily on exploiting standards and solutions separately. There exists no unified methodology for SOA security to manage risks at the enterprise level. It needs to analyze preliminarily security threats and to manage enterprise risks by identifying vulnerabilities of SOA. In this paper, we propose a metric-based vulnerability assessment method using dynamic properties of services in SOA. The method is to assess vulnerability at the architecture level as well as the service level by measuring run-time dependency between services. The run-time dependency between services is an important characteristic to understand which services are affected by a vulnerable service. All services which directly or indirectly depend on the vulnerable service are exposed to the risk. Thus run-time dependency is a good indicator of vulnerability of SOA.

• Journal of Convergence for Information Technology
• /
• v.9 no.8
• /
• pp.35-44
• /
• 2019

The purpose of this study is to find out quantitative vulnerability assessment about COTS(Commercial Off The Shelf) O/S based I&C System. This paper analyzed vulnerability's lifecycle and it's impact. this paper is to develop a quantitative assessment of overall cyber security risks and vulnerabilities I&C System by studying the vulnerability analysis and prediction method. The probabilistic vulnerability assessment method proposed in this study suggests a modeling method that enables setting priority of patches, threshold setting of vulnerable size, and attack path in a commercial OS-based measurement control system that is difficult to patch an immediate vulnerability.

• Structural Engineering and Mechanics
• /
• v.86 no.4
• /
• pp.547-571
• /
• 2023

To deeply probe the actual earthquake level and fragility of typical reinforced concrete (RC) structures under multiple intensity grades, considering diachronic measurement building stock samples and actual observations of representative catastrophic earth shocks in China from 1990 to 2010, RC structures were divided into traditional RC structures (TRCs) and bottom reinforced concrete frame seismic wall masonry (BFM) structures, and the empirical damage characteristics and mechanisms were analysed. A great deal of statistics and induction were developed on the historical experience investigation data of 59 typical catastrophic earthquakes in 9 provinces of China. The database and fragility matrix prediction model were established with TRCs of 4,122.5284×104 m² and 5,844 buildings and BFMs of 5,872 buildings as empirical seismic damage samples. By employing the methods of structural damage probability and statistics, nonlinear prediction of seismic vulnerability, and numerical and applied functional analysis, the comparison matrix of actual fragility probability prediction of TRC and BFM in multiple intensity regions under the latest version of China's macrointensity standard was established. A novel nonlinear regression prediction model of seismic vulnerability was proposed, and prediction models considering the seismic damage ratio and transcendental probability parameters were constructed. The time-varying vulnerability comparative model of the sample database was developed according to the different periods of multiple earthquakes. The new calculation method of the average fragility prediction index (AFPI) matrix parameter model has been proposed to predict the seismic fragility of an areal RC structure.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.6 no.2
• /
• pp.45-54
• /
• 2003

The radiated-noise of combat ship is very important in the point of detection and vulnerability assessment. Therefore several kind of underwater acoustic measurement method has been developed. This paper reviews the various measurement concepts and proposes a procedure to select the better one under consideration of measurement conditions. And this paper recommends the portable drift type, which has vertical line array, as the most efficient measurement method in Korean sea.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.6 no.2
• /
• pp.55-64
• /
• 2003

Underwater acoustic noise measurement is an essential element for vulnerability assessment of modern naval platforms. But during the last few decades environmental conditions have drastically changed due to the gradually increasing sea ambient noise level and decreasing submarine radiated noise level. A real-time underwater acoustic measurement system with vertical line array is designed for the quiet submarine radiated noise assessment in challenging environment. This system has a constant directivity index in measurement frequency range and accurate tracking capability for the transmission loss compensation and navigation aids inside the submarine. This system has been validated at sea and used several times for the submarine noise measurement.

• Structural Monitoring and Maintenance
• /
• v.2 no.2
• /
• pp.115-132
• /
• 2015

This paper presents a new method for seismic vulnerability assessment of buildings with reference to their operational limit state. The importance of this kind of evaluation arises from the civil protection necessity that some buildings, considered strategic for seismic emergency management, should retain their functionality also after a destructive earthquake. The method is based on the identification of experimental modal parameters from ambient vibrations measurements. The knowledge of the experimental modes allows to perform a linear spectral analysis computing the maximum structural drifts of the building caused by an assigned earthquake. Operational condition is then evaluated by comparing the maximum building drifts with the reference value assigned by the Italian Technical Code for the operational limit state. The uncertainty about the actual building seismic frequencies, typically significantly lower than the ambient ones, is explicitly taken into account through a probabilistic approach that allows to define for the building the Operational Index together with the Operational Probability Curve. The method is validated with experimental seismic data from a permanently monitored public building: by comparing the probabilistic prediction and the building experimental drifts, resulting from three weak earthquakes, the reliability of the method is confirmed. Finally an application of the method to a strategic building in Italy is presented: all the procedure, from ambient vibrations measurement, to seismic input definition, up to the computation of the Operational Probability Curve is illustrated.