• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.49-62
• /
• 2008

AV (Atomic Vulnerability) is a conceptual definition representing a vulnerability in a systematic way, AVs are defined with respect to its type, location, and result. It is important information for meaning based vulnerability analysis method. Therefore the existing vulnerability can be expressed using multiple AVs, CVE (common vulnerability exposures) which is the most well-known vulnerability information describes the vulnerability exploiting mechanism using natural language. Therefore, for the AV-based analysis, it is necessary to search specific keyword from CVE's description and classify it using keyword and determination method. This paper introduces software design and implementation result, which can be used for atomic vulnerability analysis. The contribution of this work is in design and implementation of software which converts informal vulnerability description into formal AV based vulnerability definition.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.969-974
• /
• 2014

CC (Common Criteria) requires collecting vulnerability information and analyzing them by using penetration testing for evaluating IT security products. Under the time limited circumstance, developers cannot help but apply vulnerability analysis at random to the products. Without the systematic vulnerability analysis, it is inevitable to get the diverse vulnerability analysis results depending on competence in vulnerability analysis of developers. It causes that the security quality of the products are different despite of the same level of security assurance. It is even worse for the other IT products that are not obliged to get the CC evaluation to be applied the vulnerability analysis. This study describes not only how to apply vulnerability taxonomy to IT security vulnerability but also how to manage security quality of IT security products practically.

• Journal of The Korean Society of Agricultural Engineers
• /
• v.55 no.1
• /
• pp.31-38
• /
• 2013

The purpose of this study was to evaluate climate change vulnerability over the agricultural infrastructure in terms of flood and drought using principal component analysis. Vulnerability was assessed using vulnerability resilience index (VRI) which combines climate exposure, sensitivity, and adaptive capacity. Ten flood proxy variables and six drought proxy variables for the vulnerability assessment were selected by opinions of researchers and experts. The statistical data on 16 proxy variables for the local governments (Si, Do) were collected. To identify major variables and to explain the trend in whole data set, principal component analysis (PCA) was conducted. The result of PCA showed that the first 3 principal components explained approximately 83 % and 89 % of the total variance for the flood and drought, respectively. VRI assessment for the local governments based on the PCA results indicated that provinces where having the relatively large cultivation areas were categorized as vulnerable to climate change.

• Journal of Climate Change Research
• /
• v.8 no.3
• /
• pp.275-285
• /
• 2017

Chungnam region has established and executed the 2nd Climate Change Adaptation Initiative Execution Plan (2017~2021) based on the Framework Act on Low Carbon, Green Growth. The Execution Plan is established based on the results of climate change vulnerability assessment using the CCGIS, LCCGIS, and VESTAP analysis tools. However, the previously developed climate change vulnerability assessment tools (CCGIS, LCCGIS, VESTAP) cannot reflect the local records and the items and indices of new assessment. Therefore, this study developed a prototype of climate change vulnerability assessment analysis tool that, unlike the previous analysis tools, designs the items and indices considering the local characteristics and allows analysis of grid units. The prototype was used to simulate the vulnerability to forest fires of eight cities and seven towns in Chungcheongnam-do Province in the 2010s, 2020s, and 2050s based on the RCP (Representative Concentration Pathways) 8.5 Scenario provided by the Korea Meteorological Administration. Based on the analysis, Chungcheongnam-do Province's vulnerability to forest fires in the 2010s was highest in Seocheon-gun (0.201), followed by Gyeryong-si (0.173) and Buyeo-gun (0.173) and the future prospects in the 2050s was highest in Seocheon-gun (0.179), followed by Gyeryong-si (0.169) and Buyeo-gun (0.154). The area with highest vulnerability to forest fires in Chungcheongnam-do Province was Biin-myeon, Seocheon-gun and the area may become most vulnerable was Pangyo-myeon, Seocheon-gun. The prototype and the results of analysis may be used to establish the directions and strategies in regards to the vulnerability to wild fires to secure each local government's 2nd execution plan and attainability.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.12
• /
• pp.863-871
• /
• 2018

Existing vulnerability analysis tools are prone to missed detections, incorrect detections, and over-detection, which reduces accuracy. In this paper, cross-checking based on a vulnerability detection method using static and dynamic analysis is proposed, which develops and manages safe applications and can resolve and analyze these problems. Risks due to vulnerabilities are computed, and an intelligent vulnerability detection technique is used to improve accuracy and evaluate risks under the final version of the application. This helps the development and execution of safe applications. Through incorporation of tools that use static analysis and dynamic analysis techniques, our proposed technique overcomes weak points at each stage, and improves the accuracy of vulnerability detection. Existing vulnerability risk-evaluation systems only evaluate self-risks, whereas our proposed vulnerability risk-evaluation system reflects the vulnerability of self-risk and the detection accuracy in a complex fashion to evaluate relative. Our proposed technique compares and analyzes existing analysis tools, such as lists for detections and detection accuracy based on the top 10 items of SANS at CWE. Quantitative evaluation systems for existing vulnerability risks and the proposed application's vulnerability risks are compared and analyzed. We developed a prototype analysis tool using our technique to test the application's vulnerability detection ability, and to show that our proposed technique is superior to existing ones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1217-1224
• /
• 2015

Web application security problems are addressed by the web vulnerability analysis which in turn supports companies to understand those problems and to establish their own solutions. Ministry of Science, ICT and Future Planning (MSIP) has released its guidelines for analysis and assessment of the web vulnerability. Although it is possible to distinguish vulnerability items in a manner suggested in the MSIP's guidelines, MSIP's factors and criteria proposed in the guidelines are neither sufficient nor efficient in analyzing specific vulnerability entries' risks. This study discusses analysis of the domestic and international Vulnerability Scoring system and proposes an appropriate evaluating method for web vulnerability analysis.

• Earthquakes and Structures
• /
• v.25 no.6
• /
• pp.429-442
• /
• 2023

To study the seismic vulnerability of the composite material structure of adobe and timber, we collected and statistically analysed empirical observation samples of 542,214,937 m² and 467,177 buildings that were significantly impacted during the 179 earthquakes that occurred in mainland China from 1976 to 2010. In multi-intensity regions, combined with numerical analysis and a probability model, a non-linear continuous regression model of the vulnerability, considering the empirical seismic damage area (number of buildings) and the ratio of seismic damage, was established. Moreover, a probability matrix model of the empirical seismic damage mean value was provided. Considering the coupling effect of the annual and seismic fortification factors, an empirical seismic vulnerability curve model was constructed in the multiple-intensity regions. A probability matrix model of the mean vulnerability index (MVI) was proposed, and was validated through the above-mentioned reconnaissance sample data. A matrix model of the MVI of the regions (19 provinces in mainland China) based on the parameter (MVI) was established.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.2
• /
• pp.246-250
• /
• 2008

This paper presents the design of network vulnerability analysis system which can integrate various vulnerability assessment tools to improve the preciseness of the vulnerability scan result. Manual checking method performed by a security expert is the most precise and safe way. But this is not appropriate for the large-scale network which has a lot of systems and network devices. Therefore automatic scanning tool is recommended for fast and convenient use. The scanning targets may be different according to the kind of vulnerability scanners, or otherwise even for the same scanning target, the scanning items and the scanning results may be different by each vulnerability scanner, Accordingly, there are the cases in which various scanners, instead of a single scanner, are simultaneously utilized with the purpose of complementing each other. However, in the case of simultaneously utilizing various scanners on the large-scale network, the integrative analysis and relevance analysis on vulnerability information by a security manager becomes time-consumable or impossible. The network vulnerability analysis system suggested in this paper provides interface which allows various vulnerability assessment tools to easily be integrated, common policy which can be applied for various tools at the same time, and automated integrative process.

• International Journal of Internet, Broadcasting and Communication
• /
• v.12 no.4
• /
• pp.180-187
• /
• 2020

Security threats are increasing with interest due to the mass spread of smart devices, and vulnerabilities in developed applications are being exposed while mobile malicious codes are spreading. The government and companies provide various applications for the public, and for reliability and security of applications, security checks are required during application development. In this paper, among the security threats that can occur in the mobile service environment, we set up the vulnerability analysis items to respond to security threats when developing Android-based applications. Based on the set analysis items, vulnerability analysis was performed by examining three applications of public institutions and private companies currently operating as mobile applications. As a result of application security checks used by three public institutions and companies, authority management and open module stability management were well managed. However, it was confirmed that many security vulnerabilities were found in input value verification, outside transmit data management, and data management. It is believed that it will contribute to improving the safety of mobile applications through the case of vulnerability analysis for Android application security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1539-1552
• /
• 2018

The necessity of establishing a more secure cyber security system is emerging to protect NPP against cyber attacks as nuclear facilities become increasingly reliant on digital system. Proper security measures should be established through periodic analysis and evaluation of vulnerabilities. However, as Nuclear facilities has safety characteristics as their top priority and it requires a lot of time and cost to construct regarding the activities for vulnerability analysis, it is difficult to apply the existing vulnerability analysis environment and analysis tools. In this study, We propose a analytical vulnerability assessment method to overcome the limitations of existing vulnerability analysis methods through analysis the existing vulnerability analysis methods and the issues to be considered when applying the vulnerability analysis method.