• Journal of Internet Computing and Services
• /
• v.20 no.4
• /
• pp.13-19
• /
• 2019

In order to register an application with Apple's App Store, it must pass a rigorous verification process through the Apple verification center. That's why spyware applications are difficult to get into the App Store. However, malicious code can also be executed through normal application vulnerabilities. To prevent such attacks, research is needed to detect and analyze early to patch potential vulnerabilities in applications. To prove a potential vulnerability, it is necessary to identify the root cause of the vulnerability and analyze the exploitability. A tool for analyzing iOS applications is the debugger named LLDB, which is built into Xcode, the development tool. There are various functions in the LLDB, and these functions are also available as APIs and are also available in Python. Therefore, in this paper, we propose a method to efficiently analyze potential vulnerabilities of iOS application by using LLDB API.

• Journal of KIISE
• /
• v.44 no.10
• /
• pp.1019-1025
• /
• 2017

Binary similarity analysis is used in vulnerability analysis, malicious code analysis, and plagiarism detection. Proving that a function is equal to a well-known safe functions of different versions through similarity analysis can help to improve the efficiency of the binary code analysis of malicious behavior as well as the efficiency of vulnerability analysis. However, few studies have been carried out on similarity analysis of the same function of different versions. In this paper, we analyze the similarity of function units through various methods based on extractable function information from binary code, and find a way to analyze efficiently with less time. In particular, we perform a comparative analysis of the different versions of the OpenSSL library to determine the way in which similar functions are detected even when the versions differ.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.3
• /
• pp.117-128
• /
• 1997

When computer systems with mandatory access control mechanism are interconnected each other for enforcing the MHS(Message Handling System) security on the multilevel secure distributed network environment, illegal information flow may occurs due to the unexpected cascade vulnerability problem. In this paper, new MHS security policy and security property functions are proposed for preventing the cascade vulnerability.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.61-67
• /
• 2012

Accordingly the number of smart-phone-based malicious codes is also increasing and their techniques for malicio us purpose are getting more clever and evolved. Among them, the malicious codes related to Android take the major portion and it can be estimated that they are based on open source so that the access to the system is easy. Intent is a technique to support the communication between application's components by transmitting message subjects in Android. Intent provides convenience to developers, but it can be utilized as security vulnerability that allows the developer with a malicious purpose to control the system as intended. The vulnerability of intent security is that personal information can be accessed using discretionally its proper function given to application and smart phone's functions can be maliciously controlled. This paper improves with the Intent security vulnerability caused by the smart phone users' discretional use of custom kernel. Lastly, it verifies the malicious behaviors in the process of installing an application and suggests a technique to watch the Intent security vulnerability in realtime after its installation.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.19 no.1
• /
• pp.1-11
• /
• 2016

Climate change is the issue that attracts the most attention in the field of environment, as well as the most challenging task faced by the human race. There are various ways to resolve this issue. South Korea has established the primary and secondary national climate change adaptation plans at the national level, and is making it compulsory for each local government (lower and municipal-level) to establish climate change adaptation plans. Climate change vulnerability assessment plays an essential role in establishing climate change adaptation action plans. However, vulnerability assessment has a difficulty performing individual assessments since the results are produced through complex calculations of multiple impact factors. Accordingly, this study developed a web-based supporting tool(VESTAP) for climate change vulnerability assesment that can be used by lower and municipal-level local governments. The VESTAP consists of impact DB and vulnerability assessment and display tool. The index DB includes total 455 impacts of future climate data simulated with RCP (Representative Concentration Pathways) 4.5 and 8.5, atmospheric environment data, other humanities and social statistics, and metadata. The display tool has maximized convenience by providing various analytical functions such as spatial distribution, bias and schematization of each vulnerability assessment result. A pilot test of health vulnerability assessment by particulate matters in Sejong Metropolitan Autonomous City was performed using the VESTAP, and Bukang-myeon showed the highest vulnerability. By using the developed tool, each local government is expected to be able to establish climate change adaptation action plans more easily and conveniently based on scientific evidence.

• Structural Engineering and Mechanics
• /
• v.82 no.3
• /
• pp.385-400
• /
• 2022

Sky-bridges between adjacent buildings can enhance lateral stiffness and limit the impact of lateral forces. This study analysed the structural capabilities and dynamic performances of sky-bridge-coupled buildings under various sets of ground motions. Finite Element (FE) analyses were carried out with the link being iteratively repositioned along the full height of the structures. Incremental dynamic analysis (IDA) and probabilistic damage distribution were also applied. The results indicated that the establishment of sky-bridges caused a slight change in the natural frequency and mode shapes. The sky-bridge system was shown to be efficient in controlling displacement and Inter-Storey Drift Ratio (%ISDR) and reducing the probability of damage in the higher floors. The most efficient location of the sky-bridge, for improving its rigidity, was found to be at 88% of the building height. Finally, the effects of two types of materials (steel and concrete) and end conditions (hinged and fixed) were studied. The outcomes showed that coupled buildings with a sky-bridge made of steel with hinged connection could withstand ground motions longer than those made of concrete with fixed connection.

• Journal of Information Technology Services
• /
• v.13 no.2
• /
• pp.1-17
• /
• 2014

Social networking service (SNS) is a service that allows people to share information, manage relationships with others, and express themselves on the Internet. The number of SNS users have increased explosively with the growth of mobile devices such as smartphones. As the influence of SNS has grown extensively, potential threats to privacy have also become pervasive. The purpose of this study is to empirically examine the main factors that affect users' intentions to use security functions provided by their SNS. The main theories for this study include the rational choice theory and the theory of planned behavior. This study has identified the factors that affect intention to use security functions. In addition, security function awareness and information security awareness are found to be important antecedents for intention to use security functions. The results of this study implies that when SNS providers develop security policies, they should consider the ways to improve users information security awareness and security function awareness simultaneously.

• Journal of the Korea Institute of Building Construction
• /
• v.19 no.6
• /
• pp.529-538
• /
• 2019

Typhoons can cause significant financial damage worldwide. For this reason, states, local governments and insurance companies attempt to quantify and mitigate the financial risks related to these natural disasters by developing a typhoon risk assessment model. As such, the importance of typhoon risk assessment models is increasing, and it is also important to reflect local vulnerabilities to enable sophisticated assessments. Although a practical study of economic losses associated with natural disasters has identified essential risk indicators, comprehensive studies covering the correlation between vulnerability and economic loss are still needed. The purpose of this study is to identify typhoon damage indicators and to develop evaluation indicators for typhoon damage prediction functions, utilizing the loses from Typhoon Maemi as data. This study analyzes actual loss records of Typhoon Maemi provided by local insurance companies to prepare for a scenario of maximum losses. To create a vulnerability function, the authors used the wind speed and distance from the coast and the total value of property, construction type, floors, and underground floor indicators. The results and metrics of this study provide practical guidelines for government agencies and insurance companies in developing vulnerability functions that reflect the actual financial losses and regional vulnerabilities of buildings.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.305-318
• /
• 2023

The complexity of software products led many manufacturers to stitch open-source software for composing a product. Using open-source help reduce the development cost, but the difference in the different development life cycles makes it difficult to keep the product up-to-date. For this reason, even the patches for known vulnerabilities are not adopted quickly enough, leaving the entire product under threat. Existing studies propose to use binary differentiation techniques to determine if a product is left vulnerable against a particular vulnerability. Despite their effectiveness in finding real-world vulnerabilities, they often fail to locate the evidence of a vulnerability if it is a small function that usually is inlined at compile time. This work presents our tool FunRank which is designed to identify the short functions. Our experiments using synthesized and real-world software products show that FunRank can identify the short, inlined functions that suggest that the program is left vulnerable to a particular vulnerability.

• Geomechanics and Engineering
• /
• v.37 no.6
• /
• pp.565-576
• /
• 2024

In this study, the earthquake risk assessment of single-story RC precast buildings in Turkey was carried out using loss curves. In this regard, Kocaeli, a seismically active city in the Marmara region, and this building class, which is preferred intensively, were considered. Quality and period parameters were defined based on structural and geometric properties. Depending on these parameters, nine main sub-classes were defined to represent the building stock in the region. First, considering the mean fragility curves and four different central damage ratio models, vulnerability curves for each sub-class were computed as a function of spectral acceleration. Then, probabilistic seismic hazard analyses were performed for stiff and soft soil conditions for different earthquake probabilities of exceedance in 50 years. In the last step, 90 loss curves were derived based on vulnerability and hazard results. Within the scope of the study, the comparative parametric evaluations for three different earthquake intensity levels showed that the structural damage ratio values for nine sub-classes changed significantly. In addition, the quality parameter was found to be more effective on a structure's damage state than the period parameter. It is evident that since loss curves allow direct loss ratio calculation for any hazard level without needing seismic hazard and damage analysis, they are considered essential tools in rapid earthquake risk estimation and mitigation initiatives.