• Proceedings of the Korean Institute of Building Construction Conference
• /
• 2018.11a
• /
• pp.96-97
• /
• 2018

Facilities used by senior citizens, infants, and disabled people have characteristics that make it difficult to escape on their own or require a lot of evacuation time. Therefore, to ensure safety in case of fire, clear measures for securing safety of facilities, fire response methods, and training are required in accordance with the regulations. In case of postnatal care center facilities, newborn babies and mothers reside 24 hours a day, and as they are located in high-rise and multi-use facilities, measures for fire safety are necessary, but the domestic manual lacks. Accordingly, a field survey for security of the manual revealed that the establishment of awareness and facilities on temporary waiting areas and smoke control, which are easy for evacuation and fire safety, was a problem.

• Journal of National Security and Military Science
• /
• s.5
• /
• pp.131-172
• /
• 2007

Government duties in the cases of crisis are aimed at supporting efficient military operations in the fields of non-military affairs and resource mobilization, maintenance of government functions, and search for the public security of living during the war. In crisis, the government must change its functions into the total-war system with all resources available for the efficient performance of military operations, war economy, public safety and security as well as government continuance. The main contents of "Chung-Mu Plan" include the alternative measures to control the circulation of life necessities, emergency electricity, water and gas; recover public facilities from the disaster; and accommodate the wounded and refugees. Governments have practiced Ul-chi and ChungMoo exercises to improve government's management capabilities and master standard operating procedures including systematic distribution plans in the national and local level. However, such plans have not yet sufficient enough for the maintenance of public security of living. In addition to the conceptual ambiguity, major problems are the inappropriate system of the war economy, legal institutions, and administrative SOPs for the efficient maintenance of it. Thus, for the betterment of national crisis management system, the government should have the manual stated from every step and level dealing with crisis to the legal institutions. It is important to empower the National Emergency Planning Commission for the policy consistency and efficient/effective implementation. The comprehensive plans must have an integrated cooperative system of the central/local governments, military and civil society with actual practices and exercises for the maintenance of the public security of living.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1079-1090
• /
• 2012

As the number of information asset and their vulnerabilities are increasing, it becomes more difficult for network security administrators to assess security vulnerability of their system and network. There are several researches for vulnerability analysis based on quantitative approach. However, most of them are based on experts' subjective evaluation or they require a lot of manual input for deriving quantitative assessment results. In this paper, we propose HRMS(Hacking and Response Measurement System) for enumerating attack path using automated vulnerability measurement automatically. HRMS can estimate exploitability of systems or applications based on their known vulnerability assessment metric, and enumerate attack path even though system, network and application's information are not fully given for vulnerability assessment. With this proposed method, system administrators can do proactive security vulnerability assessment.

• Journal of the Society of Disaster Information
• /
• v.19 no.3
• /
• pp.656-664
• /
• 2023

Purpose: The Ministry of Employment and Labor manages disasters based on the standard manual for risk management of large-scale human accidents in workplaces when large-scale disasters such as fires and collapses occur in workplaces. We are going to check the standard manual currently in operation and suggest improvement plans for the insufficient items. Method: Accordingly, the standard manual was checked together with internal and external experts in the disaster management manual and disaster management staff at headquarters and local government offices, and items to be improved were identified with priority. Result: In case of a collapse accident, it is necessary for the Ministry of Public Administration and Security to accurately present the selection criteria in order to eliminate the controversy over the selection of the disaster management department. In addition, it seems necessary to supplement the details of the disaster safety communication network operation and evacuation guidelines. Conclusion: In the future, in order to improve the disaster management system that meets the public's eye level, it is expected to prepare a standard manual for risk management of large-scale human accidents in workplaces that guarantees the lives and safety of workers through the collection of opinions from experts in the relevant field, disaster management personnel, and the general public.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.847-857
• /
• 2020

As IoT equipment is commercialized, Bluetooth or wireless networks will be built into general living devices such as IP cameras, door locks, cars and TVs. Security for IoT equipment is becoming more important because IoT equipment shares a lot of information through the network and collects personal information and operates the system. In addition, web-based attacks and application attacks currently account for a significant portion of cyber threats, and security experts are analyzing the vulnerabilities of cyber attacks through manual analysis to secure them. However, since it is virtually impossible to analyze vulnerabilities with only manual analysis, researchers studying system security are currently working on automated vulnerability detection systems, and Firm-AFL, published recently in USENIX, proposed a system by conducting a study on fuzzing processing speed and efficiency using a coverage-based fuzzer. However, the existing tools were focused on the fuzzing processing speed of the firmware, and as a result, they did not find any vulnerability in various paths. In this paper, we propose IoTFirmFuzz, which finds more paths, resolves constraints, and discovers more crashes by strengthening the mutation process to find vulnerabilities in various paths not found in existing tools.

• Korean Security Journal
• /
• no.12
• /
• pp.117-147
• /
• 2006

This study aims to propose efficient way to operate the security guarding system from the perspective of administration, policy, law, institution and operation as to the private security guarding system as the Korean security guarding system needs multifaced analysis and measure to ensure efficient operation. The growth strategy has to be restructured and segmentation market needs to be driven in order to cope with the changing conditions of company from the perspective of administration. And private security guarding service companies must refrain from excessive competition while improving the contracting method such as minimum price bidding, etc. From the perspective of policy, the functions of relevant organizations such as the National Police Agency, security association, etc, and mutual cooperation must expand. Also, the profit generation event needs to be privatized and the more positive perception toward the private security guarding service is necessary. In addition, security exhibition and seminar can be expanded to lay the groundwork for the advancement of private security system. From the legal and institutional perspective, the security guarding service related law must be revised and the certification system must b introduced to cope with the changing requirement. The security guarding instructor system must be strengthened to ensure a faithful and earnest implementation of duty to instruct, supervise and educate security guarding personnel. From the perspective of security guarding system's operation, professional security technique must be introduced and applied, and the volunteer application system must be established. In addition, standard 'security guarding manual' must be crafted, and the equipment for security guarding must be modernized to ensure an efficient operation of private security guarding services.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.6
• /
• pp.541-547
• /
• 2019

Recent developments in hacking technology are continuing to increase the number of new security vulnerabilities. Approximately 80,000 new vulnerabilities have been registered in the Common Vulnerability Enumeration (CVE) database, which is a representative vulnerability database, from 2010 to 2015, and the trend is gradually increasing in recent years. While security vulnerabilities are growing at a rapid pace, responses to security vulnerabilities are slow to respond because they rely on manual analysis. To solve this problem, there is a need for a technology that can automatically detect and patch security vulnerabilities and respond to security vulnerabilities in advance. In this paper, we propose the technology to extract the features of the vulnerability-discovery target binary through complexity analysis, and select a vulnerability-discovery strategy suitable for the feature and automatically explore the vulnerability. The proposed technology was compared to the AFL, ANGR, and Driller tools, with about 6% improvement in code coverage, about 2.4 times increase in crash count, and about 11% improvement in crash incidence.

• International Journal of Advanced Culture Technology
• /
• v.7 no.3
• /
• pp.166-177
• /
• 2019

Radio Frequency Identification (RFID) skill is becoming a technology that might deliver a response to manual glitches. The use of tags, receiver and wireless surfs to join with each other would mean that RFID in combination with the EPC would speech these pain opinions and offer many welfares in different sectors such as production, distribution, trade, logistics, and security. Potential benefits include increased visibility rising supply chain, enlarged proficiency and cost savings through improved data harmonization, better responsiveness to actual prominence change. Trendy the case of the textile or industrial applications, recent systems used by the industry to control the supply chain in addition strength discernibility are being studied, besides improvements in the overall perceptibility of assets are anticipated through labels, readers, drivers, POEs, etc. this model will be developed with new situations and a lively construction industry. It will be focused on Cost, Hardware compatibility, security and maintenance issues.

• Journal of Internet Computing and Services
• /
• v.25 no.3
• /
• pp.1-8
• /
• 2024

As the Internet of Things (IoT) has gained significant prominence in our daily lives, most IoT devices rely on over-the-air technology to automatically update firmware or software remotely via the network connection to relieve the burden of manual updates by users. And preserving security for OTA interface is one of the main requirements to defend against potential threats. This paper presents a simulation of an attack scenario on the commoditized System-on-a-chip, ESP32 chip, utilized for drones during their OTA update process. We demonstrate three types of attacks, WiFi cracking, ARP spoofing, and TCP SYN flooding techniques and postpone the OTA update procedure on an ESP32 Drone. As in this scenario, unpatched IoT devices can be vulnerable to a variety of potential threats. Additionally, we review the chip to obtain traces of attacks from a forensics perspective and acquire memory forensic artifacts to indicate the SYN flooding attack.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.757-759
• /
• 2024

Software vulnerabilities represent security weaknesses in software systems that attackers exploit for malicious purposes, resulting in potential system compromise and data breaches. Despite the increasing prevalence of these vulnerabilities, manual repair efforts by security analysts remain time-consuming. The emergence of deep learning technologies has provided promising opportunities for automating software vulnerability repairs, but existing AIbased approaches still face challenges in effectively handling complex vulnerabilities. This paper explores the potential of large language models (LLMs) in addressing these limitations, examining their performance in code vulnerability repair tasks. It introduces the latest research on utilizing LLMs to enhance the efficiency and accuracy of fixing security bugs.