• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.2
• /
• pp.39-48
• /
• 2022

The application of digital technology to instrumentation and control systems in nuclear power plants has overcome many shortcomings of analog technology, but the threat of cybersecurity has increased. Along with other systems, the reactor protection system also uses digital-based equipment, so responding to cybersecurity threats is essential. We generally determine cybersecurity threats according to the role and function of the system. However, since the instrumentation and control system has various systems linked to each other, it is essential to analyze cybersecurity threats together between the connected systems. In this paper, we analyze the cybersecurity threat of the reactor protection system with the associated facilities. To this end, we quantitatively identified the risk of the reactor protection system by considering safety functions, a communication type, the use of analog or digital-based equipment of the associated systems, and the software vulnerability of the configuration module of the reactor protection system.

• Journal of Information Processing Systems
• /
• v.20 no.2
• /
• pp.173-184
• /
• 2024

The connected car services are one of the most widely used services in the Internet of Things environment, and they provide numerous services to existing vehicles by connecting them through networks inside and outside the vehicle. However, although vehicle manufacturers are developing services considering the means to secure the connected car services, concerns about the security of the connected car services are growing due to the increasing number of attack cases. In this study, we reviewed the research related to the connected car services that have been announced so far, and we identified the threats that may exist in the connected car services through security threat modeling to improve the fundamental security level of the connected car services. As a result of performing the test to the applications for connected car services developed by four manufacturers, we found that all four companies' applications excessively requested unnecessary permissions for application operation, and the apps did not obfuscate the source code. Additionally, we found that there were still vulnerabilities in application items such as exposing error messages and debugging information.

• Korean Journal of Head & Neck Oncology
• /
• v.39 no.2
• /
• pp.1-6
• /
• 2023

The aging population, particularly those aged 65 and above, is on the rise, with projections indicating a substantial increase in the elderly demographic. This demographic shift brings challenges in managing age-related diseases, including head and neck cancers (HNCs). Frailty, often characterized by physiological decline and vulnerability to stressors, is a crucial factor affecting treatment outcomes of elderly cancer patients. Accordingly, the significance of assessing frailty in elderly HNC patients before their treatment should be emphasized, but current frailty assessment tools may not fully capture the unique challenges faced by HNC patients. Specific indicators, including respiratory and swallowing functions, are proposed for a more tailored assessment. This comprehensive review explores the impact of frailty on various treatment modalities, including surgery, radiation, and chemotherapy, highlighting the need for personalized interventions. Furthermore, it suggests avenues for future research to enhance frailty assessment tools and investigate interventions aimed at improving treatment outcomes in elderly HNC patients.

• Journal of the Korea Convergence Society
• /
• v.8 no.12
• /
• pp.15-22
• /
• 2017

This paper analyzes vulnerability of each service protocol used in ICT convergence industry, smart factory, smart grid, smart home, smart traffic, smart health care, and suggests technologies that can overcome security vulnerabilities. In addition, we design a service-oriented protocol security framework that allows us to quickly and easily develop security functions in an open environment by defining a security element common to protocols and designing a security module for each protocol layer including the corresponding elements. Service protocol independent security module and specialized security module, it will be possible to develop flexible and fast security system in ICT convergence industry where various protocols are used. The overall security level of the ICT service network can be improved by installing the necessary security modules in the operating system, and the productivity can be improved in the industrial security field by reusing each security module.

• Journal of the Korean housing association
• /
• v.23 no.5
• /
• pp.1-8
• /
• 2012

Recently, there have been frequent occurrence of the damage to lives and properties due to the torrential rain caused by climate change. In consideration of the current situations in which the underlying data related to flooding are lacking, this study conducted to build up the basic data on the flooded areas and suggested methods to secure the evacuation routes that can be accessible to evacuation facilities in the residential buildings. Methods of the study are as follows. First, We calculated the flood risk grades of residential buildings based on elevations, considering the flooding characteristics of the flooded areas in Buk-gu, Daegu. Second, We constructed baseline data on the evacuation routes through site investigation and reviewed of drawing using Arc GIS to identify vulnerability to access to the evacuation facilities, targeting the residential buildings. Third, We carried out the proximity analysis through a near analysis of analysis functions in ARC GIS. Forth, We deduced 115 residential buildings in which access to evacuation facilities is considered to be difficult based on the analysis results. Finally, We proposed extension of a blind alley as a means for achieving connectivity to evacuation facilities. And to evaluate the alternatives presented, we reconstructed route data. As a result, about 53% improvement was identified through the proximity analysis.

• Journal of Digital Convergence
• /
• v.13 no.2
• /
• pp.177-183
• /
• 2015

Cross Site Scripting enables hackers to steal other user's information (such as cookie, session etc.) or to do abnormal functions automatically using vulnerability of web application. This attack patterns of Cross Site Scripting(XSS) can be divided into two types. One is Reflect XSS which can be executed in one request for HTTP and its reply, and the other is Stored XSS which attacks those many victim users whoever access to the page which accepted the payload transmitted. To correspond to these XSS attacks, some measures have been suggested. They are data validation for user input, output validation during HTML encoding procedures, and removal of possible risk injection point to prevent from trying to insert malicious code into web application. In this paper, the methods and procedures for these two types are explained and a penetration testing is done. With these suggestions, the attack by XSS could be understood and prepared by its countermeasures.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.4 s.42
• /
• pp.155-164
• /
• 2006

VoIP technology is Eight New Services among Ubiquitous-IT839 strategies. This paper tested wiretapping or VoIP service in connected a soft phone and LAN and WAN sections, Internet telephones and a device. IP PBX, a banner operator network to have been connected to VoIP Internet network. As a result of having experimented on wiretapping of VoIP networks, Vulnerability was found. and a wiretapping by attacks of a hacker was succeeded in a terminal and proxy and attachment points of a VoIP network like a hub to follow a CVE list. Currently applied a security plan of an each wiretapping section in viewpoints of 6 security function of Access Control. Confidentiality, Authentication. Availability, Integrity. Non-repudiation in VoIP networks named to 070. Prevented wiretapping of contents by the results, the AES encryption that executed wiretapping experiment about a packet after application of a security plan. Prevented wiretapping, and kept security and audit log. and were able to accomplish VoIP information protection to network monitoring and audit log by an access interception and qualification and message hash functions and use of an incoming refusal.

• Journal of Navigation and Port Research
• /
• v.46 no.3
• /
• pp.227-235
• /
• 2022

The purpose of this study was to analyze the risk and vulnerability of marine accidents based on statistical data on marine accidents at Ulsan Port, which has the largest amount of liquid cargo in Korea. It was found to be quite vulnerable to the risk of marine accidents, environmental damage, and vulnerability to environmental pollution accidents. Based on analysis results, marine accident scenarios and accident response strategies were prepared. Additionally, as a response strategy to prepare for large-scale marine pollution accidents at Ulsan Port, it is necessary to establish control equipment and infrastructure, as well as establish a control center to integrate marine accident safety functions. In particular, in the case of liquid cargo specialized ports such as Ulsan Port, considering the size of the cargo volume and the frequency of marine pollution accidents, it is urgent to build professional safety management institutions, which should make the port safer.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.189-200
• /
• 2024

In recent years, the development of defense technology has become digital with the introduction of advanced assets such as drones equipped with artificial intelligence. These assets are integrated with modern information technologies such as industrial IoT, artificial intelligence, and cloud computing to promote innovation in the defense domain. However, the convergence of the technology is increasing the possibility of transfer of cyber threats, which is emerging as a problem of increasing the vulnerability of defense assets. While the current cybersecurity methodologies focus on the vulnerability of a single asset, interworking of various military assets is necessary to perform the mission. Therefore, this paper recognizes these problems and presents a mission-based asset management and evaluation methodology. It aims to strengthen cyber security in the defense sector by identifying assets that are important for mission execution and analyzing vulnerabilities in terms of cyber security. In this paper, we propose a method of classifying mission dependencies through linkage analysis between functions and assets to perform a mission, and identifying and classifying assets that affect the mission. In addition, a case study of identifying key assets was conducted through an attack scenario.

• Journal of Environmental Policy
• /
• v.13 no.3
• /
• pp.43-73
• /
• 2014

Cities in Korea have rapidly urbanized and they are not well prepared for natural disasters which have been increased by climate change. In particular, they often struggle with urban flooding. Recently, green infrastructure has been emphasized as a critical strategy for flood mitigation in developed countries due to its capability to infiltrate water into the ground, provide the ability to absorb and store rainfall, and contribute to mitigating floods. However, in Korea, green infrastructure planning only focuses on esthetic functions or accessibility, and does not think how other functions such as flood mitigation, can be effectively realized. Based on this, we address this critical gap by suggesting the new green infrastructure planning framework for improving urban water cycle and maximizing flood mitigation capacity. This framework includes flood vulnerability assessment for identifying flood risk area and deciding suitable locations for green infrastructure. We propose the use of the combination of frequency ratio model and GIS for flood vulnerability assessment. The framework also includes the selection process of green infrastructure practices under local conditions such as geography, flood experience and finance. Finally, we applied this planning framework to the case study area, namely YeonJe-gu an Nam-gu in Busan. We expect this framework will be incorporated into green infrastructure spatial planning to provide effective decision making process regarding location and design of green infrastructure.