• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.9
• /
• pp.399-404
• /
• 2013

MSEC(Microsoft Security Engineering Center) performed fuzz testing Windows Vista with 350 million test cases for 14 months before launching it. They analyzed crashes resulted from the testing and developed crash analyzer !exploitable based on the data used to determine exploitability. In this paper, we describe how MS crash analyzer determines exploitability of crashes. Besides, we suggest an improvement to overcome the limitations found in the MS crash analyzer during the analysis.

• Journal of the Korea Convergence Society
• /
• v.11 no.10
• /
• pp.9-18
• /
• 2020

The purpose of this study is to suggest a method of predicting seismic vulnerability and safety conditions of each building in a targeted area. The scope of this study includes 'developing a simulation model for precaution activities,' 'testing the validity of the developed model', From the facility point of view, target of this study is a local building system. According to the literature review, the number of earthquake prediction modeling and cases with GIS applied is extremely few and the results are not proficient. This study is conducted as a way to improve the previous researches. Statistic analyses are conducted using 348 domestic and international data. Finally, as a result of the series of statistical analyses, an adequate model is developed using optimization scale method. The ratio of correct expectation is estimated as 87%. In order to apply the developed model to predict the vulnerability of the several chosen local building systems, spatial analysis technique is applied. Gangnam-gu and Jongro-gu are selected as the target areas to represent the characteristics of the old and the new downtown in Seoul. As a result of the analysis, it is discovered that buildings in Gangnam-gu are relatively more dangerous comparing to those of Jongro-gu and Eunpyeong-gu.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.3-9
• /
• 2015

A web application that allows a web service created by a internal developer who has security awareness show certain level of security. However, in the case of development by outsourcing, it is inevitable to implement the development centered on requested function rather than the issue of security. Thus in this paper, we improve the software testing process focusing on security for exclusion the leakage of important information and using an unauthorized service that results from the use of the vulnerable web application. The proposed model is able to consider security in the initial stage of development even when outsourced web application, especially, It can prevent the development schedule delay caused by the occurrence of modification for program created by programer who has low security awareness. This result shows that this model can be applied to the national defense area for increasing demand web application centered resource management system to be able to prevent service of web application with security vulnerability based on high test.

• The Journal of Engineering Geology
• /
• v.31 no.4
• /
• pp.541-547
• /
• 2021

To assess the stability of a slope and the likelihood of its loss or collapse requires information about the ground, such as the composition of the stratum and its mechanical characteristics. This information is generally gathered through standard penetration testing (SPT) and cone penetration testing. SPT is not widely used due to problems with accessing slopes, most of which are steep and without ramps. A drop cone penetrometer, a portable device that can make up for these shortcomings, can be used in a limited way in some circumstances. Therefore, we developed a portable drilling machine and a small dynamic cone penetration test module that can easily access a slope site and perform SPT. The correlation of the developed system's results with those from SPT was analyzed. Analysis of the correlation between the energy shear rate passing to the load during the different test types established that the energy shear rate is reflected in the test result. The correlation between corrected dynamic cone penetration testing and corrected SPT was N_d' = 3.13 N'.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.795-798
• /
• 2006

최근 소프트웨어의 복잡도가 증가되어감에 따라 소프트웨어 취약점 검출에 대한 정형화된 방법과 자동화된 도구가 필요하게 되었다. 본 논문에서는 기존의 소프트웨어 테스트에서 고려되지 않았던 보안을 고려한 테스트라는 측면에서 자동화된 도구를 이용하여 소스가 없고 바이너리 코드만 있는 경우 결함 주입 기법을 통해 취약점 분석 방법을 보여주며, 윈도우즈 환경에서 사용되는 응용프로그램에 대한 상호 비교를 통해 향후 발생할 취약점에 대한 예방과 회피에 활용 될 사례를 보여주고 있다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.477-480
• /
• 2006

IPv6는 IPv4의 주소 부족을 해결하기 위해 1998년 IETF에서 표준화된 프로토콜이다. 현재 IPv4가 수축으로 되어 있는 인터넷을 동시에 IPv6로 전환하는 것은 불가능하므로 IPv4/IPv6 혼재네트워크를 거쳐 IPv6 순수 망으로 전환될 것이다. 본 논문에서는 혼재네트워크에서 IPv4 망과 IPv6 망간의 통신을 가능하게 해주는 IPv6 전환 메커니즘 중 터널링 방식에 대해 기술하고, 보안 취약성을 테스트하기 위해 동일한 보안 취약성에 대해 각각 IPv4 패킷, IPv6 패킷, 터널링된 패킷을 캡쳐할 수 있는 구축방안을 제안한다. 제안된 방식은 IPv4, IPv6, 터널링 패킷에 대한 분석이 가능하므로 IPv6 지원을 계획하는 침입탐지, 침입차단 시스템에 활용이 가능하다.

• Annual Conference of KIPS
• /
• 2000.10a
• /
• pp.829-832
• /
• 2000

스팸 전자우편과 전자우편 폭탄을 차단하기 위한 제품들은 많이 나와 있지만, 이러한 차단 제품들의 성능에 대한 신뢰성 있는 검증 자료는 많지 않으며. 검증 결과도 벤더(vendor)들의 주관이 개입될 수 있기 때문에 객관성과 공정성 면에서 부족하다고 하겠다. 이것은 차단 제품들의 성능과 잠재된 취약성을 분석하는 분석 방식의 부족과 기존의 분석 방식들의 한계성에 기인한다고 하겠다. 본 논문에서는 기존의 분석 방식들이 가지고 있는 한계점을 개선하고, 제품의 취약성 분석 과정을 자동화하여 소요되는 시간과 인력 낭비를 줄이고, 반복적으로 분석이 용이하며, 분석 결과와 관련된 취약성 정보를 제공하여 비전문가라도 취약성 분석이 용이한 SMTP 서버 보호를 위한 취약성 분석 자동화 도구를 제안한다.

• Journal of Korean Society for Quality Management
• /
• v.19 no.2
• /
• pp.96-107
• /
• 1991

At the design stage of a plant, the plausible causes and pathways of release of hazardous materials are not clearly known. Thus there exist large amount of uncertainties on the consequences resulting from the operation of a fusion plant. In order to better handle such uncertain circumstances, we utilize the Probabilistic Risk Assessment(PRA) for the safety analyses on fusion power plant. In this paper, we concentrate on the tritium release accident. We develop a simple model that describes the process and flow of tritium, by which we figure out the locations of tritium inventory and their vulnerability. We construct event tree models that lead to various levels of tritium release from abnormal initiating events. Branch parameters on the event tree are assessed from the fault tree analysis. Based on the event tree models we construct influence diagram models which are more useful for the parameter updating and analysis. We briefly discuss the parameter updating scheme, and finally develop the methodology to obtain the predictive distribution of consequences resulting from the operating a fusion power plant. We also discuss the way to utilize the results of testing on sub-systems to reduce the uncertain ties on over all system.

• Computers and Concrete
• /
• v.2 no.5
• /
• pp.367-380
• /
• 2005

Recent earthquakes have shown that many of existing buildings in Iran sustain heavy damage due to defective seismic details. To assess vulnerability of one common type of buildings, which consists of low rise framed concrete structures, three defective and three standard columns have been tested under reversed cyclic load. The substandard specimens suffered in average 37% loss of strength and 45% loss of energy dissipation capacity relative to standard specimens, and this was mainly due to less lateral and longitudinal reinforcement and insufficient sectional dimensions. A relationship has been developed to introduce variation of plastic length under increasing displacement amplitude. At ultimate state, the length of plastic hinge is almost equal to full depth of section. Using calibrated hysteresis models, the response of different specimens under two earthquakes has been analyzed. The analysis indicated that the ratio between displacement demand and capacity of standard specimens is about unity and that of deficient ones is about 1.7.