• 정보보호학회논문지
• /
• 제22권5호
• /
• pp.1191-1204
• /
• 2012

정보보안시스템을 무력화하는 공격이 나타남에 따라, 정보보안제품의 취약성을 분석하는 보안 테스팅에 대한 관심이 높아지고 있다. 보안제품 개발의 주요 단계인 침투 테스팅은, 공격자가 악용할 수 있는 취약성을 찾기 위해 컴퓨터 시스템을 실제적으로 테스팅하는 것이다. 침투 테스팅과 같은 보안 테스팅은 대상 시스템에 대한 정보 수집, 가능한 진입점 식별, 침입 시도, 결과 보고 등의 과정을 포함한다. 따라서 취약성 분석 및 보안 테스팅에서 일반성, 재사용성, 효율성을 극대화하는 것이 매우 중요하다. 본 논문에서는, 정보보호제품이 자신의 보안 기능을 무력화하거나 우회하는 공격에 대응할 수 있는 자체보호기능 및 우회불가성을 제공하는 가를 평가할 수 있는 위협분석 기반의 소프트웨어 보안 테스팅을 제안한다. 위협분석으로 취약성을 식별한 후, 보안 테스팅의 재사용성과 효율성을 개선하기 위해 소프트웨어 모듈과 보안 기능에 따라 테스팅 전략을 수립한다. 제안기법은 위협 분석 및 테스팅 분류, 적절한 보안테스팅 전략 선정, 보안 테스팅으로 구성된다. 사례연구와 보안테스팅을 통해 제안 기법이 보안 시스템을 체계적으로 평가할 수 있음을 보였다.

• Structural Engineering and Mechanics
• /
• 제77권4호
• /
• pp.441-461
• /
• 2021

Reinforced concrete (RC) columns are crucial in building structures and they are of higher vulnerability to terrorist threat than any other structural elements. Thus it is of great interest and necessity to achieve a comprehensive understanding of the possible responses of RC columns when exposed to high intensive blast loads. The primary objective of this study is to derive analytical formulas to assess vulnerability of RC columns using an advanced numerical modelling approach. This investigation is necessary as the effect of blast loads would be minimal to the RC structure if the explosive charge is located at the safe standoff distance from the main columns in the building and therefore minimizes the chance of disastrous collapse of the RC columns. In the current research, finite element model is developed for RC columns using LS-DYNA program that includes a comprehensive discussion of the material models, element formulation, boundary condition and loading methods. Numerical model is validated to aid in the study of RC column testing against the explosion field test results. Residual capacity of RC column is selected as damage criteria. Intensive investigations using Arbitrary Lagrangian Eulerian (ALE) methodology are then implemented to evaluate the influence of scaled distance, column dimension, concrete and steel reinforcement properties and axial load index on the vulnerability of RC columns. The generated empirical formulae can be used by the designers to predict a damage degree of new column design when consider explosive loads. With an extensive knowledge on the vulnerability assessment of RC structures under blast explosion, advancement to the convention design of structural elements can be achieved to improve the column survivability, while reducing the lethality of explosive attack and in turn providing a safer environment for the public.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권8호
• /
• pp.1989-2009
• /
• 2013

How to discover router vulnerabilities effectively and automatically is a critical problem to ensure network and information security. Previous research on router security is mostly about the technology of exploiting known flaws of routers. Fuzzing is a famous automated vulnerability finding technology; however, traditional Fuzzing tools are designed for testing network applications or other software. These tools are not or partly not suitable for testing routers. This paper designs a framework of discovering router protocol vulnerabilities, and proposes a mathematical model Two-stage Fuzzing Test Cases Generator(TFTCG) that improves previous methods to generate test cases. We have developed a tool called RPFuzzer based on TFTCG. RPFuzzer monitors routers by sending normal packets, keeping watch on CPU utilization and checking system logs, which can detect DoS, router reboot and so on. RPFuzzer' debugger based on modified Dynamips, which can record register values when an exception occurs. Finally, we experiment on the SNMP protocol, find 8 vulnerabilities, of which there are five unreleased vulnerabilities. The experiment has proved the effectiveness of RPFuzzer.

• Wind and Structures
• /
• 제10권3호
• /
• pp.269-285
• /
• 2007

This paper assesses the damage to high-set rectangular-plan houses with low-pitch gable roofs (built in the 1960 and 70s in the northern parts of Australia) to wind speeds experienced in tropical cyclones. The study estimates the likely failure mode and percentage of failure for a representative proportion of houses with increasing wind speed. Structural reliability concepts are used to determine the levels of damage. The wind load and the component connection strengths are treated as random variables with log-normal distributions. These variables are derived from experiments, structural analysis, damage investigations and experience. This study also incorporates progressive failures and considers the inter-dependency between the structural components in the house, when estimating the types and percentages of the overall failures in the population of these houses. The progressively increasing percentage of houses being subjected to high internal pressures resulting from damage to the envelope is considered. Results from this study also compare favourably with levels of damage and related modes of failure for high-set houses observed in post-cyclone damage surveys.

• 정보보호학회논문지
• /
• 제27권4호
• /
• pp.803-810
• /
• 2017

최근 소프트웨어 산업의 발달에 따른 사회적 보안 문제가 지속적으로 발생하고 있으며, 소프트웨어 안정성 검증을 위해 다양한 자동화 기법들이 사용되고 있다. 본 논문에서는 소프트웨어 테스팅 기법 중 하나인 동적 기호 실행을 이용해 윈도우 시스템 콜 함수를 대상으로 Use-After-Free 취약점을 자동으로 탐지하는 방법을 제안한다. 먼저, 목표 지점을 선정하기 위한 정적 분석 기반 패턴 탐색을 수행한다. 탐지된 패턴 지점을 바탕으로 관심 밖의 영역으로의 분기를 차단하는 유도된 경로 탐색 기법을 적용한다. 이를 통해 기존 동적 기호 실행 기술의 한계점을 극복하고, 실제 목표 지점에서의 취약점 발생 여부를 검증한다. 제안한 방법을 실험한 결과 기존에 수동으로 분석해야 했던 Use-After-Free 취약점을 제안한 자동화 기법으로 탐지할 수 있음을 확인하였다.

• Smart Structures and Systems
• /
• 제4권2호
• /
• pp.209-220
• /
• 2008

A methodology for the seismic vulnerability assessment of historical monuments is presented in this paper. The ongoing work has been conducted in Tunisia within the framework of the FP6 European Union project (WIND-CHIME) on the use of appropriate modern seismic protective systems in the conservation of Mediterranean historical buildings in earthquake-prone areas. The case study is the five-century-old Zaouia of Sidi Kassem Djilizi, located downtown Tunis, the capital of Tunisia. Ambient vibration tests were conducted on the case study using a number of force-balance accelerometers placed at selected locations. The Enhanced Frequency Domain Decomposition (EFDD) technique was applied to extract the dynamic characteristics of the monument. A 3-D finite element model was developed and updated to obtain reasonable correlation between experimental and numerical modal properties. The set of parameters selected for the updating consists of the modulus of elasticity in each wall element of the finite element model. Seismic vulnerability assessment of the case study was carried out via three-dimensional time-history dynamic analyses of the structure. Dynamic stresses were computed and damage was evaluated according to a masonry specific plane failure criterion. Statistics on the occurrence, location and type of failure provide a general view for the probable damage level and mode. Results indicate a high vulnerability that confirms the need for intervention and retrofit.

• ETRI Journal
• /
• 제42권3호
• /
• pp.433-445
• /
• 2020

A denial-of-service (DoS) attack is a serious attack that targets web applications. According to Imperva, DoS attacks in the application layer comprise 60% of all the DoS attacks. Nowadays, attacks have grown into application- and business-layer attacks, and vulnerability-analysis tools are unable to detect business-layer vulnerabilities (logic-related vulnerabilities). This paper presents the business-layer dynamic application security tester (BLDAST) as a dynamic, black-box vulnerability-analysis approach to identify the business-logic vulnerabilities of a web application against DoS attacks. BLDAST evaluates the resiliency of web applications by detecting vulnerable business processes. The evaluation of six widely used web applications shows that BLDAST can detect the vulnerabilities with 100% accuracy. BLDAST detected 30 vulnerabilities in the selected web applications; more than half of the detected vulnerabilities were new and unknown. Furthermore, the precision of BLDAST for detecting the business processes is shown to be 94%, while the generated user navigation graph is improved by 62.8% because of the detection of similar web pages.

• Journal of Information Technology Applications and Management
• /
• 제15권4호
• /
• pp.37-59
• /
• 2008

This study focuses on the antecedents to the privacy concerns and their influence on trust and online transaction intention. Based on previous exploratory works and the literature review of privacy concerns, four antecedents are identified-Internet literacy, social awareness, perceived vulnerability, and perceived ability to information control. Incorporating these antecedents, privacy concerns, trust and online transaction intention, a conceptual model is developed and seven research hypotheses are proposed for empirical testing. The proposed model is examined through structural equation analysis. The results show that Internet literacy, social awareness, and perceived vulnerability have statistically significant effect on the privacy concerns of users and the privacy concerns has a positive influence on the trust. Finally, the trust has a positive effect on the online transaction intention. Implications of these findings are discussed for both researchers and practitioners and future research issues are raised as well.

• 한국컴퓨터정보학회:학술대회논문집
• /
• 한국컴퓨터정보학회 2017년도 제56차 하계학술대회논문집 25권2호
• /
• pp.29-32
• /
• 2017

보안 취약점을 악용하여 소프트웨어를 무력화하는 사이버 공격이 증가함에 따라, 조기에 소프트웨어의 취약점을 발견하고 분석하는 보안 테스팅에 대한 중요성이 높아지고 있다. 보안 테스팅의 자동화된 방법 중 하나인 퍼징 기법은 소프트웨어의 입력에 타당하지 않은 무작위 값을 삽입하여 해당 소프트웨어의 예외 즉, 잠재적인 취약점을 발견할 수 있다. 본 논문은 파일 퍼징 과정에서 효율적인 파일 변이 방법을 제안하고 이를 활용한 퍼징 기법을 통해 소프트웨어의 보안성을 높이고자 한다.

• 한국기계가공학회지
• /
• 제21권6호
• /
• pp.67-73
• /
• 2022

Industrial inverters are used in a variety of fields for electric power supply. They may be exposed to vibration and heat once they are installed. This study focused on a framework of accelerated life testing of an industrial inverter considering fatigue damage as the primary source of deterioration. Instead of analyzing detailed failure mechanisms and the product's vulnerability to them, the potential of fatigue failure is considered using the fatigue damage spectrum calculated from the environmental vibration signals. The acceleration and temperature data were gathered using field measurement and spectral analysis was conducted to calculate the vibration signal's power spectral density (PSD). The fatigue damage spectrum is then calculated from the input PSD data and is used to design an accelerated fatigue life testing. The PSD for the shaker table test is derived that has the equivalent fatigue damage to the original input signal. The tests were performed considering the combined effect of random vibration and elevated temperature, and the product passed all the planned tests. It was successfully demonstrated that the inverter used in this study could survive environmental vibration up to its guarantee period. The fatigue damage spectrum can effectively be used to design accelerated fatigue life testing.