• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.91-101
• /
• 2005

Although the studies on the analysis and classification of source-level vulnerabilities in operating systems are not direct and positive solutions to the exploits with which the host systems are attacked, It is important in that those studies can give elementary technologies in the development of security mechanisms. But, whereas Linux systems are widely used in Internet and intra-net environments recently, the information on the basic and fundamental vulnerabilities inherent in Linux systems has not been studied enough. In this paper, we propose characteristic classification and correlational analyses on the source-level vulnerabilities in Linux kernel that are opened to the public and listed in the SecurityFocus site for 6 years from 1999 to 2004. This study may contribute to expect the types of attacks, analyze the characteristics of the attacks abusing vulnerabilities, and verify the modules of the kernel that have critical vulnerabilities.

• Journal of Korea Multimedia Society
• /
• v.14 no.10
• /
• pp.1335-1347
• /
• 2011

The dissemination and use of mobile applications have been rapidly expanding these days. And in such a situation, the security of mobile applications has emerged as a new issue. Although the safety of general software such as desktop and enterprise software is systematically achieved from the development phase to the verification phase through secure coding, there have been not sufficient studies on the safety of mobile applications yet. This paper deals with deriving weakness enumeration specialized in mobile applications and implementing a tool that can automatically analyze the derived weakness. Deriving the weakness enumeration can be achieved based on CWE(Common Weakness Enumeration) and CERT(Computer Emergency Response Team) relating to the event-driven method that is generally used in developing mobile applications. The analysis tool uses the dynamic tests to check whether there are specified vulnerabilities in the source code of mobile applications. Moreover, the derived vulnerability could be used as a guidebook for programmers to develop mobile applications.

• International Commerce and Information Review
• /
• v.16 no.5
• /
• pp.295-315
• /
• 2014

This paper attempts to reveal the relationships between vulnerability, FTA barrier, verification factors and origin performance. According to precedent studies, Our study analysed 104 cases from Korean companies which adopted a rules of origin and then developed a structural equation model. As a result of the model test, this empirical study found that vulnerability have a negatively significant influence on origin verification. Second, there was a positive relationship among origin verification and origin performance. Through the results of this study are the first company in order to enhance competitiveness, improve understanding of the rules of origin, must go to deal jointly with partner companies. Second, to establish a process for the origin of the goods to prove this systematic and should be managed in an orderly fashion. Country of origin verification system of corporate -level internal factors and external factors, separated by a study to assess the level of the enterprise for internal and external is determined that you need.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2019.05a
• /
• pp.392-392
• /
• 2019

현재 세계적으로, 홍수를 비롯한 자연재해로 인한 피해가 증가하고 있다. 우리나라의 경우, 매년 여름철에 발생하고 있는 장마로 인해 지역 곳곳에 침수피해가 심각해지고 있으며, 이에 대한 피해액 또한 증가하고 있는 실정이다. 또한, 여러 재해의 피해반복과 새롭게 반복되는 건축물 설계로 인해 지형이 바뀌고 있으며, 이로 인해, 기존의 실시된 홍수취약성 분석결과가 현실적으로 반영이 되기 힘든 상태이다. 피해를 줄이기 위해서는 변형된 환경에 맞춰 새로운 홍수취약성 분석을 실시하여 지역의 우선순위를 파악하여야 한다. 본 연구에서는 우리나라중 인구와 건물밀집도가 가장 높은 서울시 25개 구를 대상지역으로 선정하였으며, 인자들을 Pessure-State-Response (PSR) 구조로 나누었다. 압력지수(PI) 에는 유역면적, 주택 수 등 9개의 인자로, 상태지수(SI)는 연 홍수 피해액 등 4개의 인자로 선정하였으며, 대책지수(RI)의 경우에는 재정자립도, 홍수복구금액등 7개의 인자로 나누었다. 분석방법으로는 의사결정과정에서 발생할 수 있는 불확실성을 정량적으로 반영한 AHP방법과 AHP방법에 Fuzzy이론을 결합한 Fuzzy AHP 방법을 통해 각각의 결과를 비교분석하였다. 그 결과, 3개의 지수 모두 인자들의 지역별 취약순위가 바뀌었다. 본 연구의 결과를 바탕으로 홍수 방재 관련 정책 수립 등의 사업 등을 실시할 경우 해당지역에 대한 우선순위를 판단하는데 도움이 될 것으로 판단된다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.8
• /
• pp.197-210
• /
• 2016

Lately smartphone uasage is increasing and many Internet of Things (IoT) devices support wireless communications. Accordingly, small base stations which called femtocells are supplied to prevent saturation of existing base stations. However, unlike the original purpose of the femtocell with the advanced hacking technologies, Vulnerability such as gaining the administrator authority was discovered and this can cause serious problems such as the leakage of personal information of femtocell user. Therefore, identify security threats that may occur in the femtocell and it is necessary to ways for systematic vulnerability analysis. In this paper, We analyzed the security threats that can be generated in the femtocell and constructed a checklist for vulnerability analysis using the Threat Modeling method. Then, using the constructed checklist provides a scheme that can improve the safety of the femto cell through the actual analysis and taken the results of the femtocell vulnerabilities analysis.

• Journal of Internet Computing and Services
• /
• v.20 no.4
• /
• pp.13-19
• /
• 2019

In order to register an application with Apple's App Store, it must pass a rigorous verification process through the Apple verification center. That's why spyware applications are difficult to get into the App Store. However, malicious code can also be executed through normal application vulnerabilities. To prevent such attacks, research is needed to detect and analyze early to patch potential vulnerabilities in applications. To prove a potential vulnerability, it is necessary to identify the root cause of the vulnerability and analyze the exploitability. A tool for analyzing iOS applications is the debugger named LLDB, which is built into Xcode, the development tool. There are various functions in the LLDB, and these functions are also available as APIs and are also available in Python. Therefore, in this paper, we propose a method to efficiently analyze potential vulnerabilities of iOS application by using LLDB API.

• The Journal of the Korea Contents Association
• /
• v.19 no.4
• /
• pp.682-689
• /
• 2019

This study aims to spatialize the gap between obesity levels through the body mass index, an objective indicator of the level of health among vulnerable people. Thus, areas where the BMI showed cluster patterns with spatial high and low values were extracted and the characteristics of the region were analyzed. The analysis showed that the I statistics for the obesity rate were 0.07 and the z-score was 4.39, confirming spatial autocorrelation. For z-score, it was much larger than the maximum threshold of 2.57. This means that the rate of obesity among the socially vulnerable is regional, and this gap is spatially significant. The results of comparing and analyzing the local environment for these areas of obesity and health care were found to be areas with poor public transportation, less readily available parks, and a concentration of single and multi-generation housing. The analysis results of this study are meaningful in that they provide spatial implications for the health of the socially vulnerable class that previous studies have neglected.

• The Journal of the Korea Contents Association
• /
• v.19 no.4
• /
• pp.345-358
• /
• 2019

The purpose of this study is to develop the Internet vulnerability index of adolescents. To do this, we used the original data of long - term follow - up survey for the internet overdependency cause analysis conducted by NIA in 2018, and analyzed the correlation between alternatives of internet vulnerability index and personal psychology by using linear regression analysis. Factor analysis showed that the relationship with the surroundings was indexed by adding 9 items to positive factors such as family acceptance, peer attachment, and teacher favorability. The relationship between the surroundings and self - stigmatization is confirmed, and the relationship between the surroundings and the Internet fragility is predicted to be negatively related, and the digital capacity is also assumed to be negatively correlated with the Internet vulnerability. In order to develop the specific form of the Internet vulnerability index, personal psychology and linear regression analysis were conducted. As a result, positive factors and R value of personal psychology were increased when considering the relationship with the environment and the digital capacity rather than the Internet overdependency model. Based on these implications, we discussed the implications and limitations of this study.

• Journal of the Korean association of regional geographers
• /
• v.21 no.4
• /
• pp.751-763
• /
• 2015

Both the selection of indicators and weights for them are critical issues in the vulnerability assessment. This study is to assess the air pollution vulnerability focused on ozone for 249 local jurisdictions using weights calculated by the entropy methodology and then examine the applicability of the methodology. We selected indicators for air pollution vulnerability assessment and standardized them. Subsequently, we calculated weights of each indicator using the entropy method and then integrated them into the vulnerability index. The exposure indicators consider meteorological and air pollution factors and the sensitivity of the local jurisdiction include variables on vulnerable areas and environments. The adaptive capacity contains socio-economic characteristics, health care capacities and air pollution managemental factors. The results show that Hwaseong-si, Gwangjin-gu, Gimpo-si, Gwangju-si, Gunpo-si are among the highest vulnerabilities based on the simple aggregation of indicators. And vulnerability-resilience (VRI) aggregation results indicates the similar spatial pattern with the simple aggregation outcomes. This article extends current climate change vulnerability assessment studies by adopting the entropy method to evaluate relative usefulness of data. In addition, the results can be used for developing customized adaptation policies for each jurisdiction reflecting vulnerable aspects.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.27-34
• /
• 2004

The recent explosive use of the Internet and the development of computer communication technologies reveal serious computer security problem. Inspite of many studies on secure access to the system, generally, the attackers do not use the previous intrusion techniques or network flaw, rather they tend to use the vulnerabilities residing inside the program, which are the running programs on the system or the processes for the service. Therefore, the security managers must focus on updating the programs with lots of time and efforts. Developers also need to patch continuously to update the Program, which is a lot of burden for them. In order to solve the problem, we need to understand the vulnerabilities in the program, which has been studied for some time. And also we need to analyze the functions that contains some vulnerabilities inside. In this paper, we first analyzed the vulnerabilities of the standard C library, and Win32 API functions used in various programs. And then we described the design and implementation of the automated scanning tool for writing secure source code based on the analysis.