• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.4
• /
• pp.669-676
• /
• 2017

Recently, due to the importance of information security, security vulnerability analysis and various information protection technologies and security systems are being introduced as a countermeasure against cyber-attacks in new as well as existing buildings, and information security studies on high-rise buildings are also being conducted. However, security system introduction and research are generally performed from the viewpoint of general IT systems and security policies, so there is little consideration of the infrastructure of the building. In particular, the BAS or building infrastructure, is a closed system, unlike typical IT systems, but has unique structural features that accommodate open functions. Insufficient understanding of these system structures and functions when establishing a building security policy makes the information security policies for the BAS vulnerable and increases the likelihood that all of the components of the building will be exposed to malicious cyber-attacks via the BAS. In this paper, we propose an architecture reference model that integrates three different levels of BAS structure (from?) different vendors. The architectures derived from this study and the security characteristics and vulnerabilities at each level will contribute to the establishment of security policies that reflect the characteristics of the BAS and the improvement of the safety management of buildings.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.743-755
• /
• 2013

In recent years, the malicious apps with malicious code in normal apps are increasingly redistributed in Android market, which may incur various problems such as the leakage of authentication information and transaction information and fraudulent transactions when banking apps to process the financial transactions are exposed to such attacks. Thus the financial authorities established the laws and regulations as an countermeasures against those problems and domestic banks provide the integrity verification functions in their banking apps, yet its reliability has not been verified because the studies of the safety of the corresponding functions have seldom been conducted. Thus this study suggests the vulnerabilities of the integrity verification functions of banking apps by using Android reverse engineering analysis techniques. In case the suggested vulnerabilities are exploited, the integrity verification functions of banking apps are likely to be bypassed, which will facilitate malicious code inserting attacks through repackaging and its risk is very high as proved in a test of this study. Furthermore this study suggests the specific solutions to those vulnerabilities, which will contribute to improving the security level of smartphone financial transaction environment against the application forgery attacks.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.11
• /
• pp.5496-5505
• /
• 2012

As the IT industry develops, the smart-phone technology and functions which are actively being studied at the moment greatly influence the entire living environment. With the smart-phone technology and functions, people's interest for the wireless LAN which can be used to get access to the Internet anytime anywhere is gradually increasing. However, since the malicious attacker can easily carry out hacking or approach the contents due to the characteristics of the wireless radio wave, the personal information with a high level of importance for data security is easily exposed due to Spoofing, Denial of Service attack and Man in the Middle attack. Therefore, the demand for security is gradually increasing. In this paper, the safe wireless network service environment is provided by supplementing the vulnerability in regard to Spoofing, Session Hijacking and Man in the Middle attack after executing the client's authentication process, the AP authentication process and the Mobile Agency authentication process with the client's information in the USIM, the AP information and the Mobile Agency information when the client uses the wireless Internet through the Mobile Agency AP access in the smart phone environment.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.27-34
• /
• 2004

The recent explosive use of the Internet and the development of computer communication technologies reveal serious computer security problem. Inspite of many studies on secure access to the system, generally, the attackers do not use the previous intrusion techniques or network flaw, rather they tend to use the vulnerabilities residing inside the program, which are the running programs on the system or the processes for the service. Therefore, the security managers must focus on updating the programs with lots of time and efforts. Developers also need to patch continuously to update the Program, which is a lot of burden for them. In order to solve the problem, we need to understand the vulnerabilities in the program, which has been studied for some time. And also we need to analyze the functions that contains some vulnerabilities inside. In this paper, we first analyzed the vulnerabilities of the standard C library, and Win32 API functions used in various programs. And then we described the design and implementation of the automated scanning tool for writing secure source code based on the analysis.

• Anxiety and mood
• /
• v.15 no.2
• /
• pp.68-76
• /
• 2019

Objective : The goal of this study was to investigate the characteristics of early maladaptive schemas (EMSs), and associated neurocognitive functions as seen in visitors for military designation process. Methods : This retrospective study included 111 males aged 18 to 24 years among three groups: 41 visitors for military designation process (VMD), 21 patients with obsessive-compulsive disorder (OCD), and 49 healthy subjects. We collected the results of the Young Schema Questionnaire, Symptom Checklist-90-Revised, three neurocognitive tests as well as their clinicodemographic data. We analyzed the differences in EMSs between these three groups, and the correlations among the identified EMSs and neurocognitive performances within the VMD group. Results : Compared with both the OCD and healthy groups, the evaluation of the VMD group showed significantly higher scores in mistrust/abuse (F=6.4, p=0.002), vulnerability to harm (F=6.6, p<0.0001) and negativity/pessimism schema (F=7.3, p<0.0001), even when controlling for depression scores and levels of education. These three schemas also exhibited significant negative correlations with the score of Stroop test with r ranging from -0.34 to -0.44. Conclusion : These findings suggest that people who are likely to have difficulties adjusting to living in a military life may have psychological vulnerabilities related to certain EMSs. Further studies are warranted to test the clinical potentials of these findings, such as a treatment target and a predictor factor.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.10
• /
• pp.4794-4800
• /
• 2012

Many researches have been performed to resist buffer overflow attacks. However, the attack still poses one of the most important issue in system security field. It is because programmers are using library functions containing security hole and once buffer overflow vulnerability has been found, the security patches are distributed after the attacks are widely spreaded. In this paper, we propose a new cache level return address stack architecture for resisting buffer overflow attack. We implemented our hardware onto SimpleScalar simulator and verified its functionality. Our circuit can overcome the various disadvantages of previous works with small overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.243-250
• /
• 2013

We have entered into an era of smart software system where the many kinds of embedded software, especially SCADA and Automotive software not only require high reliability and safety but also high-security. Removing software weakness during the software development lifecycle is very important because hackers exploit weaknesses which are source of software vulnerabilities when attacking a system. Therefore the coding rule as like core functions of MISRA-C should expand their coding focus on security. In this paper, we used CERT-C secure coding rules for nuclear-related software being developed to demonstrate high-safety software, and proposed how to remove software weakness during development.

• Journal of KIISE
• /
• v.43 no.11
• /
• pp.1179-1187
• /
• 2016

Android- and Linux-based embedded systems require device drivers, which are structured and built in kernel functions. However, device driver software (firmware) provided by various 3rd parties is not usually checked in terms of their security requirements but is simply included in the final products, that is, Android-based smart phones. In addition, static analysis, which is generally used to detect vulnerabilities, may result in extra cost to detect critical security issues such as privilege escalation due to its large proportion of false positive results. In this paper, we propose and evaluate an effective technique to detect vulnerabilities in Android device drivers using both static and dynamic analyses.

• Journal of Gifted/Talented Education
• /
• v.6 no.1
• /
• pp.53-72
• /
• 1996

The present study dealt with the emotional characteristics, emotional development of gifted children and emphasized the emotional intelligence as the meta-ability for the development of creativity and intellectual abilities. The emotional vulnerability of gifted children was also hscussed with endogenous and exogeneous problems, internal dyssynchrony, and social context. To find out the real chief problems the gifted children have, the contents of individual counselling with mothers of the gifted in KAGE were categorized based on the Lazarus' BASIC ID and DSM-IV dagnosis. Total 128 cases were analyzed. Among them, 61 cases were from elementary schoolers, however, percentile data showed the most, 34% of infant class aged 30 months - 48 months. Usually, the number of counselling in each person was 1, but 17 cases were done more than 3 times. And, 8 cases had experiences to visit the other counseling center or neuropsychiatric clinic. The categories of chief problems were 10: information about gifted program, behavior, affect, sensation, school and cognitive functions, imagery and self concept, interpersonal relationship, personality, mental illness, and others. Many problems in each category were listed. Finally, the present study suggested the several guidance plan possibly useful in the gifted education center for the purpose of prevention of emotional difficulties and support for the mental health, including professional personnel, child counselling, emotional education, and parent counseling & education.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.607-615
• /
• 2017

Recently, IoT products with various functions are being developed. Through the combination of objects and information technology, convenient services that have not been imagined before are emerging. For a secure IoT environment, product security must be considered. However, the existing IoT products have various problems such as security vulnerability. In order to secure the security of IoT products, technical countermeasures as well as policy responses are needed. However, the legislation related to current IoT products has a limit to guarantee safety in IoT environment. In this paper, we analyze the limitations of the current legal system of IoT, and suggests ways to improve it.