• 한국안전학회지
• /
• 제36권2호
• /
• pp.94-100
• /
• 2021

In general, the industrial complex is a place where factories of various industries are concentrated. It is only as efficient as it is designed. However, the risks vary as there are various industries. These features are also associated with various types of disasters. The dangers of natural disasters such as a typhoon, flood, and earthquake, as well as fire and explosions, are also latent. Many of these risks can make stable production and business activities difficult, resulting in massive direct and indirect damage. In particular, decades after its establishment, the vulnerabilities increase even more as aging and small businesses are considered. In this sense, it is significant to assess the vulnerability of the industrial complex. Thus analysing fire and explosion hazards as stage 1 of the vulnerability evaluation for the major potential disasters for the industrial complex. First, fire vulnerabilities were analyzed quantitatively. It is displayed in blocks for each company. The assessment block status and the fire vulnerability rating status were conducted by applying the five-step criteria. Level A is the highest potential risk step and E is the lowest step. Level A was 11.8% in 20 blocks, level B was 22.5% in 38 blocks, level C was 25.4% in 43 blocks, level D was 26.0% in 44 blocks, and level E was 14.2% in 24 blocks. Levels A and B with high fire vulnerabilities were analyzed at 34.3%. Secondly, the vulnerability for an explosion was quantitatively analyzed. Explosive vulnerabilities were analyzed at 4.7% for level A with 8 blocks, 3.0% for level B with 5, 1.8% for level C with 3, 4.7% for level D with 8, and 85.8% for level E with 145. Levels A and B, which are highly vulnerable to explosions, were 7.7 %. Thirdly, the overall vulnerability can be assessed by adding disaster vulnerabilities to make future assessments. Moreover, it can also assist in efficient safety and disaster management by visually mapping quantified data. This will also be used for the integrated control center of the N-Industrial Complex, which is currently being installed.

• International Journal of Internet, Broadcasting and Communication
• /
• 제12권3호
• /
• pp.189-195
• /
• 2020

Smart contract, one of the applications of blockchain, is expected to be used in various industries. However, there is risks of damages caused by attacks on vulnerabilities in smart contract codes. Tool support is essential to detect vulnerabilities, and as new vulnerabilities emerge and smart contract implementation languages increase, the tools must have extensibility for them. We propose a design model for extensible architecture of smart contract vulnerability detection tools that detect vulnerabilities in smart contract source codes. The proposed model is composed of design pattern-based structures that provides extensibility to easily support extension of detecting modules for new vulnerabilities and other implementation languages of smart contract. In the model, detecting modules are composed of independent module, so modifying or adding of module do not affect other modules and the system structure.

• 한국멀티미디어학회논문지
• /
• 제18권2호
• /
• pp.199-206
• /
• 2015

Since security vulnerabilities newly discovered in a popular Web browser immediately put a number of users at risk, urgent attention from developers is required to address those vulnerabilities. Analysis of characteristics in the Web browser vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. So far, being a new research area, the quantitative aspects of the Web browser vulnerabilities and risk assessments have not been fully investigated. However, due to the importance of Web browser software systems, further detailed studies are required related to the Web browser risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers with respect to the Common Vulnerability Scoring System. Further, vulnerability discovery trends in the Web browsers are also investigated. The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems. It is also found that a vulnerability discovery model which was originally introduced for operating systems is also applicable to the Web browsers.

• 디지털산업정보학회논문지
• /
• 제17권4호
• /
• pp.77-83
• /
• 2021

As Open Source Software(OSS) recently invigorates, many companies actively use the OSSes in their business software. With such OSS invigoration, our web application is developed in order to provide the safety in using the OSSes, and update the information on the new vulnerabilities and the patches at all times by crawling the web pages of the relevant OSS home pages and the managing organizations of the vulnerabilities. By providing the updated information, our application helps the OSS users and developers to be aware of such security issues, and gives them to work in the safer environment from security risks. In addition, our application can be used as a security platform to greatly contribute to preventing potential security incidents not only for companies but also for individual developers.

• KDI Journal of Economic Policy
• /
• 제42권4호
• /
• pp.117-138
• /
• 2020

Few studies have specifically focused on the uncertainty of demand forecasting despite the fact that uncertainty is the one of greatest risks for governments and private partners in PPP projects. This study presents a methodology for finding robust contract conditions considering uncertainty in travel demand forecasting in a PPP project. Through a case study of an urban railway PPP project in Korea, this study uncovered the risk of excessive government payments to private partners due to the uncertainty in contracted forecast ridership levels. The results allow the suggestion that robust contract conditions could reduce the expected total level of government payments and lower user fees while maintaining profitability of the project. This study offers a framework that assists contract negotiators and gives them more information regarding financial risks and vulnerabilities and helps them to quantify the likelihood of these vulnerabilities coming into play during PPP projects.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2014년도 추계학술발표대회
• /
• pp.464-465
• /
• 2014

Analysis of characteristics in software vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerability discovered. Being a new research area, the quantitative aspects of software vulnerabilities and risk assessments have not been fully investigated. However, further detailed studies are required related to the security risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers (Internet Explorer (IE), Firefox (FX), Chrome (CR) and Safari (SF)) with respect to the Common Vulnerability Scoring System (CVSS). The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems, and exploitation aftermath is getting worse.

• 한국멀티미디어학회논문지
• /
• 제20권5호
• /
• pp.827-834
• /
• 2017

Android's inter-application access enriches its application ecosystem. However, it exposes security vulnerabilities where end-user data can be exploited by attackers. While existing techniques have focused on minimizing the risks of inter-application access, they either suffer from inaccurate risk detection or are primarily available to expert users. This paper introduces a novel technique that automatically analyzes potential risks between a set of applications, aids end-users to effectively assess the identified risks by crowdsourcing assessments, and generates an access control policy which prevents unsafe inter-application access at runtime. Our evaluation demonstrated that our technique identifies potential risks between real-world applications with perfect accuracy, supports a scalable analysis on a large number of applications, and successfully aids end-users' risk assessments.

• Journal of Electrical Engineering and Technology
• /
• 제10권3호
• /
• pp.888-894
• /
• 2015

This paper presents a unified model based assessment framework to quantify threats and vulnerabilities associated with control systems, especially in the SCADA (Supervisory Control and Data Acquisition) system. In the past, this system was primarily utilized as an isolated facility on a local basis, and then it started to be integrated with wide-area networks as the communication technology would make rapid progress. The introduction of smart grid, which is an innovative application of digital processing and communications to the power grid, might lead to more and more cyber threats originated from IT systems. However, an up-to-date power system often requires the real-time operations, which clearly implies that the cyber security would turn out to be a complicated but also crucial issue for the power system. In short, the purpose of this paper is to streamline a comprehensive approach to prioritizing cyber security risks which are expressed by the combination of threats, vulnerabilities, and values in the SCADA components.

• 한국멀티미디어학회논문지
• /
• 제18권2호
• /
• pp.218-232
• /
• 2015

According to the development of information processing technology and mobile communication technology, the utilization of mobile banking systems is drastically increasing in banking system. In the foreseeable future, it is expected to increase rapidly the demands of mobile banking in bank systems with the prevalence of smart devices and technologies. However, the keeping 'security' is very important in banking systems that handles personal information and financial assets. But it is very difficult to improve the security of banking systems only with the vulnerabilities and faults analysis methods of information security. Hence, in this paper, we accomplish the analysis of security risk factor and security vulnerability that occur in mobile banking system. With analyzed results, we propose the information security control and management processes for assessing and improving security based on the mechanisms which composes mobile banking system.

• International Journal of Internet, Broadcasting and Communication
• /
• 제9권3호
• /
• pp.9-16
• /
• 2017

Recently, more users have been using IoT embedded systems. Since the wireless network function is a basic and core function in most embedded systems, new security threats and weaknesses are expected to occur. In order to resolve these threats, it is necessary to investigate the security issues in the development stages according to the Security Development Lifecycle (SDL). This study analyzes the vulnerabilities of the embedded systems equipped with the wireless network function, and derives possible security threats and how dangerous such threats are. We present security risks including bypassing the authentication stage required for accessing to the embedded system.