• The Journal of the Korea Contents Association
• /
• v.18 no.8
• /
• pp.459-468
• /
• 2018

Cyberattacks on information systems used by applications related to weapon system and organizations associated with national defense put national security at risk. To reduce these threats, continuous efforts such as applying secure coding from the development stage or managing detected vulnerabilities systematically are being made. It also analyzes and detects vulnerabilities by using various analysis tools, eliminates at the development stage, and removes from developed applications. However, vulnerability analysis tools cause problems such as undetected, false positives, and overdetected, making accurate vulnerability detection difficult. In this paper, we propose a new vulnerability detection method to solve these problems, which can assess the risk of certain applications and create and manage secured application with this data.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.117-121
• /
• 2024

기존의 외장 하드디스크는 보안 기능의 부재로 인하여, 비인가자로부터 디스크가 탈취되는 경우에는 저장된 데이터가 유출되거나 훼손되는 문제점이 존재한다. 이러한 문제점을 보완하기 위하여, 보안 기능을 제공하는 보안 외장 하드디스크가 등장하였지만, 보안 기능 중 패스워드나 지문 인증과 같은 사용자 인증을 우회하는 취약점이 지속적으로 발견됨으로써, 비인가자가 장치 내부에 안전하게 저장된 데이터에 접근하는 보안위협이 발생하였다. 이러한 보안위협은 국가사이버안보센터에서 공개한 보안 요구사항을 만족하지 못하거나, 만족하더라도 설계나 구현 과정에서 내포된 취약점으로 인하여 발생한다. 본 논문은 이와 같이 보안 외장 하드디스크에서 발생하는 취약점을 점검하기 위한 목적으로 보안 외장 하드디스크 익스플로잇 프레임워크를 설계하였다. 취약점을 점검하기 위한 전체 프레임워크를 설계하였고, 프레임워크에서 제공하는 각 기능 및 유즈케이스 다이어그램을 설계하였으며, 설계된 프레임워크를 활용한다면, 현재 상용화되었거나 추후 개발될 보안 외장 하드디스크를 대상으로 안전성을 평가할 것으로 판단된다. 그뿐만 아니라, 안전성 평가 결과를 기반으로, 보안 외장 하드디스크에 내재된 취약점을 보완함으로써 안전성을 더욱 향상시키고, 수동으로 분석하여야만 하는 보안 외장 하드디스크의 취약점 점검을 자동화함으로써, 안전성을 평가하는 시간과 비용 또한 절감할 것으로 사료된다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.358-360
• /
• 2022

Modern society is developing rapidly and technologies that provide convenience in living are developing day by day. On the other hand, the development of cyber attacks that threaten cybersecurity is developing faster, and it still adversely affects the industrial environment, and industrial damage is steadily occurring every year. Industrial security is an activity that safely protects major assets or technologies of companies and organizations from these attacks. Therefore, it is a situation that requires professional manpower for security. Currently, the manpower situation for security is staffed, but knowledge of the understanding and concept of industrial security jobs is insufficient. In other words, there is a lack of professional manpower for industrial security. It is the NCS that came out to solve this problem. NCS is the state standardized ability (knowledge, attitude, skills, etc.) necessary to perform duties in the industrial field. NCS can systematically design the curriculum using NCS as well as help in hiring personnel, and NCS can be applied to the national qualification system. However, in the field of industrial security, NCS has not yet been developed and is still having difficulties in hiring personnel and curriculum. Although the NCS system in the field of industrial security has not been developed, this paper proposes the industrial security NCS to solve the problem of hiring professionals later and to help the field of industrial security NCS to be established later.

• Convergence Security Journal
• /
• v.15 no.6_2
• /
• pp.29-36
• /
• 2015

The hacking threats made against the Korea Hydro & Nuclear Power(KNDP) and the leakage of critical information on nuclear power safety raised the public awareness on the importance of protecting and managing national infrastructure necessary for sustaining the state and society. Cyber security activities and relevant institutions in the ROK, however, are still insufficient, because of which there is a possibility that similar incidents would reoccur and cause serious damages. Hence, a grave and direct threat is posed to the national security of the ROK. In this thesis, I would like to give my analysis and assessment on the recent cyber intrusions against infrastructure at home and abroad, measures established in response and their implementation, and the deficiency of the existing infrastructure protection system ; and lastly propose measures to reinforce infrastructure protection of the ROK.

• Journal of the military operations research society of Korea
• /
• v.32 no.1
• /
• pp.13-35
• /
• 2006

This study aims to propose alternative suggestions for practical and efficient implementation of Dual Use Technology Programs(CUTP) in Korea which can strengthen both national security and industrial competitiveness. DUTP of Korea has suffered from inefficiency and inactivity. This study analyzes the Inefficiency and negative factors of DUTP of Korea by examining the previous cases of the advanced countries. It also examines individual problems of DUTP carefully and attempts to derive alternative solutions to improve the current situation. First, a global government plan should be made considering Korea's weapon system and Korea's industrial characteristics. Second, DUTP should begin to develop core technology in connection with technology level evaluation and technology exchange project should establish a comprehensive information network system which links any civilian and military technology data. Third, technology transfer project should be promoted by utilizing cyber technology exchange market and military defense venture center. Fourth, standardization project should be expanded by establishing a national standard information system.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.3-12
• /
• 2019

The outflow of defense technology can cause serious damage not only in terms of business losses, but also in terms of national security and national interests. Recently, the government has enacted the Defense Technology Security Act, recognizing the importance of technology in the defense industry, and prepared guidelines for the defense technology security accordingly. According to the law, institutions and companies with defense technologies should establish a defense technology protection system, and the government should implement various technology protection policies to improve their level of technology protection. In this study, the implications were derived by comparing existing technology protection guidelines and priority analysis was performed on the protection system details through AHP for self-diagnosis items in the defense technology security guidelines. As a result, it is expected that it will enable efficient diagnosis of the level of protection and policy support for the systematic establishment of the protection system for the target institutions.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.63-73
• /
• 2019

In the 4th Industrial Revolution, information is collected and analyzed from people and objects through the rapid development of ICT. It is possible to create value. However, there are many legal and institutional restrictions on the collection of information aimed at people.Therefore, in-depth research on the protection and use of personal information in the rapidly changing cyber security environment is needed. The purpose of this study is to protect and utilize personal information for the operation of AI (Artificial Intelligence) and big data during the 4th Industrial Revolution. It is to seek a paradigm shift. The organization of the research for this is: Chapter 1 examines the meaning of personal information during the 4th Industrial Revolution, Chapter 2 presents the framework for the review and analysis of prior research. In Chapter 3, after analyzing policies for the protection and utilization of personal information in major countries, Chapter 4 looks at the paradigm shift in personal information protection during the 4th Industrial Revolution and how to respond. Chapter 5 made some policy suggestions for the protection and utilization of personal information.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.177-189
• /
• 2021

Defense R&D is a key process for securing weapons systems determined by mid- and long-term needs to cope with changing future battlefield environments. In particular, the test and evaluation provides information necessary to determine whether or not to switch to mass production as the last gateway to research and development of weapons systems and plays an important role in ensuring performance linked to the life cycle of weapons systems. Meanwhile, if you look at the recent changes in the operational environment of the Korean Peninsula and the defense acquisition environment, you can see three main characteristics. First of all, continuous safety accidents occurred during the operation of the weapon system, which increased social interest in the safety of combatants, and the efficient execution of the limited defense budget is required as acquisition costs increase. In addition, strategic approaches are needed to respond to future battlefield environments such as robots, autonomous weapons systems (RAS), and cyber security test and evaluation. Therefore, in this study, we would like to present strategies for improving the testing and evaluation of weapons systems by considering the characteristics of the security environment that has changed recently. To this end, the improvement strategy was derived by analyzing the complementary elements of the current weapon system operational test and evaluation system in a multi-dimensional model and prioritized through the hierarchical analysis method (AHP).

• Korean Journal of Agricultural and Forest Meteorology
• /
• v.15 no.2
• /
• pp.109-117
• /
• 2013

The Global Framework on Climate Services (GFCS) will guide the development of climate services that link science-based climate information and predictions with climate-risk management and adaptation to climate change. GFCS structure is made up of 5 pillars; Observations/Monitoring (OBS), Research/ Modeling/ Prediction (RES), Climate Services Information System (CSIS) and User Interface Platform (UIP) which are all supplemented with Capacity Development (CD). Corresponding to each GFCS pillar, the Commission for Agricultural Meteorology (CAgM) has been proposing "Global Initiatives in AgroMeteorology" (GIAM) in order to facilitate GFCS implementation scheme from the perspective of AgroMeteorology - Global AgroMeteorological Outlook System (GAMOS) for OBS, Global AgroMeteorological Pilot Projects (GAMPP) for RES, Global Federation of AgroMeteorological Society (GFAMS) for UIP/RES, WAMIS next phase for CSIS/UIP, and Global Centers of Research and Excellence in AgroMeteorology (GCREAM) for CD, through which next generation experts will be brought up as virtuous cycle for human resource procurements. The World AgroMeteorological Information Service (WAMIS) is a dedicated web server in which agrometeorological bulletins and advisories from members are placed. CAgM is about to extend its service into a Grid portal to share computer resources, information and human resources with user communities as a part of GFCS. To facilitate ICT resources sharing, a specialized or dedicated Data Center or Production Center (DCPC) of WMO Information System for WAMIS is under implementation by Korea Meteorological Administration. CAgM will provide land surface information to support LDAS (Land Data Assimilation System) of next generation Earth System as an information provider. The International Society for Agricultural Meteorology (INSAM) is an Internet market place for agrometeorologists. In an effort to strengthen INSAM as UIP for research community in AgroMeteorology, it was proposed by CAgM to establish Global Federation of AgroMeteorological Society (GFAMS). CAgM will try to encourage the next generation agrometeorological experts through Global Center of Excellence in Research and Education in AgroMeteorology (GCREAM) including graduate programmes under the framework of GENRI as a governing hub of Global Initiatives in AgroMeteorology (GIAM of CAgM). It would be coordinated under the framework of GENRI as a governing hub for all global initiatives such as GFAMS, GAMPP, GAPON including WAMIS II, primarily targeting on GFCS implementations.

• Korea and Global Affairs
• /
• v.1 no.1
• /
• pp.115-152
• /
• 2017

This paper is to analyse the changes in the future war patterns and ROK's response. To this end the paper is composed of 5 chapters titled instruction; concept, characteristics, types, and evolution of war; changes in the war patterns of the future; Korea's response strategies for the future war. Truth can be immutable, but everything else changes. War has begun with human history, and today there are still wars in places all over the world. As ages change from agricultural society to industrial society to knowledge and information society, aspects(patterns) of war have also changed. Future warfare includes the 5th dimensional war(in the ground, the sea, the air, the universe, the cyber), the network-centric, the precision strike, the rapid maneuver, the non-gunpowder, the non-lethal, the unmanned robot, the informational & cyber, the asymmetric, the non-linear, and the parallel etc. In response to these changes in the pattern of wars, the ROK military should seek (1)to build a future-oriented military force, (2)to continuously develop military innovation and preparedness, and (3)to develop and establish a paradigm for acquiring the power of technology. A Roman strategist, Vegetius said, "If you wish peace, prepare for war." This is a universally accepted maxim in international society today. We must never forget that peace we desire is given when we have the will and ability to keep.