• Title/Summary/Keyword: 침투 테스트

Search Result 29, Processing Time 0.034 seconds

A Study on the Evaluation Method for Penetration Test Method and Procedures (모의 침투 테스트 방법 및 절차의 평가 방법에 관한 연구)

  • Kang, Yong-Suk;Choe, Guk-Hyeon;Shin, Yong-Tae;Kim, Jong-Hee;Kim, Jong-Bae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.05a
    • /
    • pp.230-233
    • /
    • 2014
  • Latest Inforamtion security threats and risks change very rapidly, and there to strengthen the security level of the major companies and organizations are diversified attack to respond to a penetration test conducted. Penetration test(PenTest) is safer for the purpose of looking for vulnerabilities in computer systems by taking advantage of vulnerabilities discovered in the same way as a hacker attack. How to make a security vulnerability could be exploited by attempting to attack show. On the other hand, many security companies are testing in a variety of ways to be penetrated. However, penetration testing to evaluate the strength and reliability has not performed yet. Therefore, in this study, Penetration testing to validate and present a reliable method of evaluation. In this study, penetration testing, assessment information to provide the evaluation results are more reliable. And, as a result, efficient penetration test is expected to be possible.

  • PDF

A Study on the Penetratrion Testing Next-generation IoT environment(ARMv7 Thumb Architecture) (차세대 IoT환경(ARMv7 Thumb Architecture) 침투테스트에 관한 연구)

  • Kim, Si-Wan;Seong, Ki-Taek
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.10a
    • /
    • pp.585-588
    • /
    • 2016
  • Due to the nature IoT Device (or Sensor) of the IoT System it may be susceptible (or attached) to our daily lives, so easy to direct physical access to IoT Device, which caused physical security is very weak. In this study, we implemented "Zero-Day Attack" on the ARMv7 Thumb Architecture as a direct target local system.

  • PDF

The Design of a Cybersecurity Testbed for Diverse Protection System in NPPs (원전 다양성보호계통 사이버보안 테스트베드 설계)

  • Jung, Sungmin
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2020.05a
    • /
    • pp.292-294
    • /
    • 2020
  • 원자력 발전소의 계측제어시스템에 디지털 관련 기술이 적용되면서 사이버보안 위협이 증가하였고, 이에 따라 사이버보안 위협의 대응은 중요한 현안이 되었다. 하지만, 실제 운영중인 원자력 발전소에 침투 시험은 불가능하기 때문에 테스트베드를 구축 및 활용하여 사이버보안 위협을 분석해야 한다. 계측제어시스템의 비안전계통은 디지털 기반의 제어기기와 통신망이 사용되기 때문에 안전계통보다 많은 사이버보안 취약점이 존재한다. 본 연구에서는 비안전계통인 다양성보호계통을 위한 테스트베드의 구성과 취약점 확인을 위한 공격, 그리고 대처 방안에 대해 논의한다.

Thin film permeation barrier for OLED using HDP-CVD (HDP-CVD를 이용한 OLED용 수분침투 방지막에 대한 연구)

  • Gim, T.J.;Shin, P.K.;Choi, Y.;Lee, B.J.;Kim, B.S.;Lee, B.S.;Choi, C.R.
    • Proceedings of the KIEE Conference
    • /
    • 2006.07c
    • /
    • pp.1398-1399
    • /
    • 2006
  • 현재 상용화된 OLED 소자는 최대 단점인 수분 취약성의 원인으로 top emission과 flexible 타입으로 제조되는데 장애가 되고 있다. 따라서 top emission 방식과 flexible한 소자를 실현하기 위해 수분 및 산소 침투를 방지하기 위한 유전체 막의 실험이 진행되고 있는데, 본 실험에서는 기존의 PECVD보다 plasma의 density가 높은 HDP(High Density Plasma)-CVD를 사용해 SiOx 및 SiNx 유전체 film을 증착하였고 MOCON 테스트를 통한 수분침투 방지막으로써의 가능성을 검증하였다.

  • PDF

A Risk Analysis Methodology for Information Systems Security Management (정보시스템 보안관리를 위한 위험분석 방법론)

  • 이문구
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.41 no.6
    • /
    • pp.13-22
    • /
    • 2004
  • This study proposes a risk analysis methodology for information system security management in which the complexity on the procedure that the existing risk analysis methodology is reduced to the least. The proposed risk analysis methodology is composed of 3 phases as follows: beforehand processing phase, counter measure setting phase, post processing phase. The basic risk analysis phase is a basic security management phase in which fixed items are checked when the information security system is not yet established or a means for the minimum security control is necessary for a short period of time. In the detailed risk analysis phase, elements of asset a vulnerability, and threat are analysed, and using a risk degree production table produced from these elements, the risk degree is classified into 13 cases. In regard to the risk, the 13 types of risk degree will execute physical, administrative, and technical measures through ways such as accepting, rejecting, reducing, and transferring. Also, an evaluation on a remaining risk of information system is performed through a penetration test, and security policy set up and post management phase is to be carried out.

The Cosmeceutical Property of Antioxidant Astaxanthin is Enhanced by Encapsulation Using Glyceryl Based New Vesicle (글리세릴 베이스의 신규베지클 이용 캡슐화를 통한 항산화성 아스타잔틴의 성질 강화)

  • Kim, Dong Myung;Hong, Weon Ki;Kong, Soo Sung;Lee, Chung Hyun
    • Journal of the Society of Cosmetic Scientists of Korea
    • /
    • v.40 no.3
    • /
    • pp.247-257
    • /
    • 2014
  • Oil-in-water nanoemulsions of astaxanthin prepared by new vesicle, glyceryl citrate/ lactate/ linoleate/ oleate, were evaluated thoroughly in terms of cosmeceutical properties such as antioxidant effect, cell viability, influence of protein related enzyme, skin penetration, skin hydration and elasticity. Antioxidant effect and cell viability of nanoemulsion of astaxanthin were evaluated by DPPH and MTT assay. Also other properties of nanoemulsions of astaxanthin were measured by proteome analysis using 2D-PAGE, confocal laser scanning microscope and in-vivo test. We were able to find that the nanoemulsion of astaxanthin is good at scavenging of radical and inhibits the degradation of dermal extracellular matrix with the down-regulation of MMPs and other proteins related to MMP expression. CLSM was adopted for observing penetration of nanoemulsion of astaxanthin and showed high effective penetration rate compared to the nanoemulsion of astaxanthin prepared by conventional lecithin. In-vivo measurement of the nanoemulsions in hydration and elasticity were conducted to 11 Korean female adults for 28 days and showed better results.

Vulnerability analysis on the ARMv7 Thumb Architecture (ARMv7 Thumb Architecture 취약성 분석)

  • Kim, Si-Wan;Seong, Ki-Taek
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.5
    • /
    • pp.1003-1008
    • /
    • 2017
  • The Internet of Things has attracted considerable research attention in recent years. In order for the new IoT technology to be widely used, the reliability and protection of information is required. IoT systems are very vulnerable to physical security due to their easy accessibility. Along with the development of SoC technology, many operating systems have been developed and many new operating systems have been introduced. In this paper, we describe the vulnerability analysis results for operating systems running on the ARMv7 Thumb Architecture hardware platform. For the recently introduced "Windows 10 IoT Core" operating system, I implemented the Zero-Day Attack by implanting the penetration code developed through the research into a specific IoT system. The virus detection test for the resulting penetration code was validated by referral to the "virustotal" site.

A Development of Method for Surface and Subsurface Runoff Analysis in Urban Composite Watershed (II) - Analysis and Application - (대도시 복합유역의 지표 및 지표하 유출해석기법 개발 (II) - 분석 및 적용 -)

  • Kwak, Chang-Jae;Lee, Jae-Joon
    • Journal of Korea Water Resources Association
    • /
    • v.45 no.1
    • /
    • pp.53-64
    • /
    • 2012
  • In this study (II), the module developed in the previous study (I) has been tested on application and numerical stability. The runoff module was compared the result of analysis with two different models (FFC2Q and $Vflo^{TM}$) considering characteristic of infiltration. To examine the application and stability of developed module, runoff aspect was simulated under the variety case of rainfall intensity, effective soil depth, elapsed time. The development module was presented typical type of infiltration process looking physically, the different of saturation point on soil type, and characteristic of soil type. Also, the module was reflected in the runoff feature about rainfall intensity and time distribution. Finally, this paper drew a conclusion that result of rainfall-runoff analysis as compared with difference models (FFC2Q and $Vflo^{TM}$) has a high accuracy.

헬륨 가스 검출법을 통한 LED 박리 평가법 개발

  • Han, Ji-Hun;Im, Hong-U;Kim, Jae-Sun;Yun, Yang-Gi;Lee, Mu-Seok
    • Proceedings of the Korean Reliability Society Conference
    • /
    • 2011.06a
    • /
    • pp.163-171
    • /
    • 2011
  • 본 논문에서는 LED 패키지 내부 이종물질간의 열팽창계수 차에 의한 박리 현상 및 이에 따른 LED 광속저하 메커니즘의 규명에 대한 연구를 진행하였다. 친환경 조명의 대두 및 고휘도 White LED의 급속적인 발전과 개발에 따라 LED 패키지 고장 형태가 점점 줄어드는 추세이기는 하나, 여전히 실사용 환경에서는 LED 패키지의 고장이 다양한 형태로 발생되고 있는 것이 실정이다. 이 중 LED 패키지 내부 이종물질간의 박리에 의한 고장은 LED 발광효율을 감소시키는 형태로 발생되고, 이에 대한 영향을 최소화하기 위하여 LED 패키지 제조업체 및 다수의 연구소에서 많은 노력을 기울이고 있다. 대표적인 박리 검사방법으로는 잉크침투 테스트 방법을 보편적으로 사용하고 있으나, 이 방법은 시료의 파손 및 검사 시간이 24시간이상 소요된다는 단점을 가지고 있다. 이에 본 논문에서는 헬륨 가스를 사용하여 LED 패키지 박리 유무를 검출해 내는 평가법을 제시하였고, 이 방법을 통하여 시료 파손 없이 짧은 시간 안에 박리 유무를 평가할 수 있음을 확인 할 수 있었다.

  • PDF

The Design and Implementation of Simulated Threat Generator based on MITRE ATT&CK for Cyber Warfare Training (사이버전 훈련을 위한 ATT&CK 기반 모의 위협 발생기 설계 및 구현)

  • Hong, Suyoun;Kim, Kwangsoo;Kim, Taekyu
    • Journal of the Korea Institute of Military Science and Technology
    • /
    • v.22 no.6
    • /
    • pp.797-805
    • /
    • 2019
  • Threats targeting cyberspace are becoming more intelligent and increasing day by day. To cope with such cyber threats, it is essential to improve the coping ability of system security officers. In this paper, we propose a simulated threat generator that automatically generates cyber threats for cyber defense training. The proposed Simulated Threat Generator is designed with MITRE ATT & CK(Adversarial Tactics, Techniques and Common Knowledge) framework to easily add an evolving cyber threat and select the next threat based on the threat execution result.