• KIISE Transactions on Computing Practices
• /
• v.21 no.11
• /
• pp.721-726
• /
• 2015

This paper shows secure coding rules for PHP programs. Programmers should comply with these rules during development of their programs. The rules are crafted to restrain 28 weaknesses that are composed of 22 corresponding to reported CVEs of PHP, the children of CWE-661 for PHP, and the top 5 weaknesses according to OWASP. The rule set consists of 28 detailed rules under 14 categories. This paper also demonstrates through examples that programs complying with these rules can curb weaknesses. The rules can also serve as a guideline in developing analysis tools for security purposes.

• Journal of Platform Technology
• /
• v.9 no.2
• /
• pp.10-25
• /
• 2021

Although many studies have been conducted on risk analysis and evaluation in the on-premises environment in information security, studies on effective methodologies of risk analysis and evaluation for cloud computing systems are lacking. In 2015, the Cloud Computing Development Act was enacted, which served as an opportunity to promote the introduction of cloud computing. However, due to the increase in security incidents in the cloud computing system, activation is insufficient. In addition, the cloud computing system is not being actively introduced because of the difficulty in understanding the cloud computing system technology of the person in charge who intends to introduce the cloud computing system. In this regard, this study presented an effective risk analysis and evaluation method by examining the characteristics, concepts, and models of cloud computing systems and analyzing how these characteristics affect risk analysis and evaluation.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.7
• /
• pp.177-180
• /
• 2019

A typical vulnerability scoring system is Common Vulnerability Scoring System(CVSS). However, since CVSS does not differentiate among the individual vulnerability impact of the asset and give higher priority for the more important assets, it is impossible to respond effectively and quickly to high-risk vulnerabilities on large systems. We propose a Layered weight based Vulnerability impact assessment Scoring System which can hierarchically group the importance of assets and weight the number of layers and the number of assets to effectively manage the impact of vulnerabilities on a per asset basis.

• Progress in Superconductivity and Cryogenics
• /
• v.12 no.3
• /
• pp.29-33
• /
• 2010

For last 10 years, there are big progress and many efforts in the development of HTS power equipments by some country including South Korea. Especially HTS cable system is the strongest candidate among them from the viewpoint of applying to real grid, because of the feature of it, compact and large capacity. In South Korea, transmission level 154kV, the world top voltage class, HTS cable system was installed and has been tested in KEPCO Gochang Underground Cable Test Field since the early of 2010 in order to meet test requirements made by KEPCO, the only grid company in South Korea. The type test of it will be completed by October 2010 and subsequently long-term load cycle test will be performed during 6 months. Also in the near future, KEPCO has a plan to demonstrate transmission level HTS cable system in real grid, in order to meet practical requirements and confirm the feasibility of it. This paper says the test plan of transmission level 154kV HTS cable system and the way how to test it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1281-1291
• /
• 2015

Compared to the past, people can control end devices via open channel. Although this open channel provides convenience to users, it frequently turns into a security hole. In this paper, we propose a new human-centered security risk analysis method that puts weight on the relationship between end devices. The measure derives from the concept of entropy rate, which is known as the uncertainty per a node in a network. As there are some limitations to use entropy rate as a measure in comparing different size of networks, we divide the entropy rate of a network by the maximum entropy rate of the network. Also, we show how to avoid the violation of irreducible, which is a precondition of the entropy rate of a random walk on a graph.

• Korean Journal of Environmental Agriculture
• /
• v.35 no.2
• /
• pp.111-120
• /
• 2016

BACKGROUND: Arsenic (As)-contaminated groundwater used for long-term irrigation has emerged as a serious problem by adding As to soils. Phytoremediation potential of fiber crops viz., kenaf (Hibiscus cannabinus L.), mesta (Hibiscus sabdariffa L.), and jute (Corchorus capsularis L.) was studied to clean up As-contaminated soil.METHODS AND RESULTS: Varieties of three fiber crops were selected in this study. Seeds of kenaf, mesta, and jute varieties were germinated in As-contaminated soil. Uptake of As by shoot was significantly higher than that by root in the contaminated soil. In As-contaminated soil, kenaf and mesta varieties accumulated more As, than did jute varieties. In the plant parts above ground, mainly the shoots, the highest As absorption was recorded in kenaf cv. HC-3, followed by kenaf cv. HC-95. Kenaf varieties produced more biomass. In terms of higher plant biomass production, and As absorption, kenaf varieties showed considerable potential to remediate As-contaminated soil.CONCLUSION: The overall As absorption and phytoremediation potentiality of plant varieties were in the order of kenaf cv. HC-3 > kenaf cv. HC-95 > mesta cv. Samu-93 > jute cv. CVE-3 > jute cv. BJC-7370. All varieties of kenaf, mesta, and jute could be considered for an appropriate green plant-based remediation technology in As-contaminated soil.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1449-1461
• /
• 2018

As the number of software vulnerabilities grows year by year, attacks on software are also taking place a lot. As a result, the security administrator must identify and patch vulnerabilities in the software. However, it is important to prioritize the patches because patches for all vulnerabilities are realistically hard. In this paper, we propose a scoring system that expands the scale of risk assessment metric by taking into consideration attack patterns or weaknesses cause vulnerabilities with the vulnerability information provided by the NIST(National Institute of Standards and Technology). The proposed scoring system is expanded based on the CWSS and uses only public vulnerability information to utilize easily for any company. In this paper, we applied the automated scoring system to software vulnerabilities, and showed the expanded metrics with consideration for influence of attack pattern and weakness are meaningful.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.687-699
• /
• 2021

When a vulnerability occurs in a program, it is documented and published through CVE. However, some vulnerabilities do not disclose the details of the vulnerability and in many cases the source code is not published. In the absence of such information, in order to find a vulnerability, you must find the vulnerability at the binary level. This paper aims to find out-of-bounds read vulnerability that occur very frequently among vulnerability. In this paper, we design a memory area using memory access information appearing in binary code. Out-of-bounds Read vulnerability is detected through the designed memory structure. The proposed tool showed better in code coverage and detection efficiency than the existing tools.

• Journal of Information Technology Services
• /
• v.23 no.1
• /
• pp.1-10
• /
• 2024

The IT environment is changing due to the acceleration of digital transformation in enterprises and organizations. This expansion of the digital space makes centralized cybersecurity controls more difficult. For this reason, cyberattacks are increasing in frequency and severity and are becoming more sophisticated, such as ransomware and digital supply chain attacks. Even in large organizations with numerous security personnel and systems, security incidents continue to occur due to unmanaged and unknown threats and vulnerabilities to IT assets. It's time to move beyond the current focus on detecting and responding to security threats to managing the full range of cyber risks. This requires the implementation of asset Inventory for comprehensive management by collecting and integrating all IT assets of the enterprise and organization in a wide range. IT Asset Management(ITAM) systems exist to identify and manage various assets from a financial and administrative perspective. However, the asset information managed in this way is not complete, and there are problems with duplication of data. Also, it is insufficient to update of data-set, including Network Infrastructure, Active Directory, Virtualization Management, and Cloud Platforms. In this study, we, the researcher group propose a new framework for automated 'Comprehensive IT Asset Management(CITAM)' required for security operations by designing a process to automatically collect asset data-set. Such as the Hostname, IP, MAC address, Serial, OS, installed software information, last seen time, those are already distributed and stored in operating IT security systems. CITAM framwork could classify them into unique device units through analysis processes in term of aggregation, normalization, deduplication, validation, and integration.

• Journal of the Korea Computer Graphics Society
• /
• v.23 no.5
• /
• pp.39-49
• /
• 2017

In this study, we propose the core factors and application of asymmetric virtual reality(VR) content in which head-mounted display(HMD) user and Non-HMD users can work together in a co-located space that can lead to various experiences and high presence. The core of the proposed asymmetric VR content is that all users are immersed in VR and participate in new experiences by reflecting widely a range of users' participation and environments, regardless of whether or not users wear the HMD. For this purpose, this study defines the role relationships between HMD user and Non-HMD users, the viewpoints provided to users, and the speech communication structure available among users. Based on this, we verified the core factors through the process of producing assistive asymmetric VR content and cooperative asymmetric VR content directly. Finally, we conducted a survey to examine the users' presence and their experience of the proposed asymmetric VR content and to analyze the application method. As a result, it was confirmed that if the purpose of asymmetric VR content and core factors between the two types of users are clearly distinguished and defined, the independent experience presented by the VR content together with perceived presence can provide a satisfactory experience to all users.