• Title/Summary/Keyword: Risks and Vulnerabilities

Search Result 72, Processing Time 0.027 seconds

Case Study on the Analysis of Disaster Vulnerabilities (Focused on the Fire & Explosion in the N-Industrial Complex) (재난 취약성 분석에 관한 사례연구(N공단의 화재·폭발을 중심으로))

  • Ha, Kag Cheon
    • Journal of the Korean Society of Safety
    • /
    • v.36 no.2
    • /
    • pp.94-100
    • /
    • 2021
  • In general, the industrial complex is a place where factories of various industries are concentrated. It is only as efficient as it is designed. However, the risks vary as there are various industries. These features are also associated with various types of disasters. The dangers of natural disasters such as a typhoon, flood, and earthquake, as well as fire and explosions, are also latent. Many of these risks can make stable production and business activities difficult, resulting in massive direct and indirect damage. In particular, decades after its establishment, the vulnerabilities increase even more as aging and small businesses are considered. In this sense, it is significant to assess the vulnerability of the industrial complex. Thus analysing fire and explosion hazards as stage 1 of the vulnerability evaluation for the major potential disasters for the industrial complex. First, fire vulnerabilities were analyzed quantitatively. It is displayed in blocks for each company. The assessment block status and the fire vulnerability rating status were conducted by applying the five-step criteria. Level A is the highest potential risk step and E is the lowest step. Level A was 11.8% in 20 blocks, level B was 22.5% in 38 blocks, level C was 25.4% in 43 blocks, level D was 26.0% in 44 blocks, and level E was 14.2% in 24 blocks. Levels A and B with high fire vulnerabilities were analyzed at 34.3%. Secondly, the vulnerability for an explosion was quantitatively analyzed. Explosive vulnerabilities were analyzed at 4.7% for level A with 8 blocks, 3.0% for level B with 5, 1.8% for level C with 3, 4.7% for level D with 8, and 85.8% for level E with 145. Levels A and B, which are highly vulnerable to explosions, were 7.7 %. Thirdly, the overall vulnerability can be assessed by adding disaster vulnerabilities to make future assessments. Moreover, it can also assist in efficient safety and disaster management by visually mapping quantified data. This will also be used for the integrated control center of the N-Industrial Complex, which is currently being installed.

Design Model for Extensible Architecture of Smart Contract Vulnerability Detection Tool

  • Choi, Yun-seok;Lee, Wan Yeon
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.12 no.3
    • /
    • pp.189-195
    • /
    • 2020
  • Smart contract, one of the applications of blockchain, is expected to be used in various industries. However, there is risks of damages caused by attacks on vulnerabilities in smart contract codes. Tool support is essential to detect vulnerabilities, and as new vulnerabilities emerge and smart contract implementation languages increase, the tools must have extensibility for them. We propose a design model for extensible architecture of smart contract vulnerability detection tools that detect vulnerabilities in smart contract source codes. The proposed model is composed of design pattern-based structures that provides extensibility to easily support extension of detecting modules for new vulnerabilities and other implementation languages of smart contract. In the model, detecting modules are composed of independent module, so modifying or adding of module do not affect other modules and the system structure.

Assessing Web Browser Security Vulnerabilities with respect to CVSS

  • Joh, HyunChul
    • Journal of Korea Multimedia Society
    • /
    • v.18 no.2
    • /
    • pp.199-206
    • /
    • 2015
  • Since security vulnerabilities newly discovered in a popular Web browser immediately put a number of users at risk, urgent attention from developers is required to address those vulnerabilities. Analysis of characteristics in the Web browser vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. So far, being a new research area, the quantitative aspects of the Web browser vulnerabilities and risk assessments have not been fully investigated. However, due to the importance of Web browser software systems, further detailed studies are required related to the Web browser risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers with respect to the Common Vulnerability Scoring System. Further, vulnerability discovery trends in the Web browsers are also investigated. The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems. It is also found that a vulnerability discovery model which was originally introduced for operating systems is also applicable to the Web browsers.

Spring Boot-based Web Application Development for providing information on Security Vulnerabilities and Patches for Open Source Software (Spring Boot 기반의 오픈소스 소프트웨어 보안 취약점 및 패치 정보 제공 웹 어플리케이션 개발)

  • Sim, Wan;Choi, WoongChul
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.17 no.4
    • /
    • pp.77-83
    • /
    • 2021
  • As Open Source Software(OSS) recently invigorates, many companies actively use the OSSes in their business software. With such OSS invigoration, our web application is developed in order to provide the safety in using the OSSes, and update the information on the new vulnerabilities and the patches at all times by crawling the web pages of the relevant OSS home pages and the managing organizations of the vulnerabilities. By providing the updated information, our application helps the OSS users and developers to be aware of such security issues, and gives them to work in the safer environment from security risks. In addition, our application can be used as a security platform to greatly contribute to preventing potential security incidents not only for companies but also for individual developers.

Robust Contract Conditions Under the Newly Introduced BTO-rs Scheme: Application to an Urban Railway Project

  • KIM, KANGSOO
    • KDI Journal of Economic Policy
    • /
    • v.42 no.4
    • /
    • pp.117-138
    • /
    • 2020
  • Few studies have specifically focused on the uncertainty of demand forecasting despite the fact that uncertainty is the one of greatest risks for governments and private partners in PPP projects. This study presents a methodology for finding robust contract conditions considering uncertainty in travel demand forecasting in a PPP project. Through a case study of an urban railway PPP project in Korea, this study uncovered the risk of excessive government payments to private partners due to the uncertainty in contracted forecast ridership levels. The results allow the suggestion that robust contract conditions could reduce the expected total level of government payments and lower user fees while maintaining profitability of the project. This study offers a framework that assists contract negotiators and gives them more information regarding financial risks and vulnerabilities and helps them to quantify the likelihood of these vulnerabilities coming into play during PPP projects.

An Error Detection and Automatic Correction Algorithm for Memory-related Vulnerabilities in C language Programming (C언어 프로그래밍의 메모리 취약점에 대한 오류 감지 및 자동 수정 알고리즘)

  • Yeon-Gyeong Seo;Sanghoon Jeon
    • Convergence Security Journal
    • /
    • v.24 no.3
    • /
    • pp.105-115
    • /
    • 2024
  • Since 2015, programming has been included in school curricula to enhance computer literacy and problem-solving skills. C language, widely used for its simplicity, efficiency, and long history, poses significant security risks, particularly in memory vulnerabilities like buffer overflow, pointer errors, format strings, and integer overflow. These vulnerabilities can cause severe system issues and widespread damage. This paper proposes an "Error Detection and Automatic Correction of Memory Vulnerabilities (EDAC)" algorithm to detect and correct these errors, aiming to reduce the impact of C language memory vulnerabilities.

Web browser secureness with respect to CVSS

  • Joh, HyunChul
    • Annual Conference of KIPS
    • /
    • 2014.11a
    • /
    • pp.464-465
    • /
    • 2014
  • Analysis of characteristics in software vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerability discovered. Being a new research area, the quantitative aspects of software vulnerabilities and risk assessments have not been fully investigated. However, further detailed studies are required related to the security risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers (Internet Explorer (IE), Firefox (FX), Chrome (CR) and Safari (SF)) with respect to the Common Vulnerability Scoring System (CVSS). The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems, and exploitation aftermath is getting worse.

Crowdsourced Risk Minimization for Inter-Application Access in Android

  • Lee, Youn Kyu;Kim, Tai Suk
    • Journal of Korea Multimedia Society
    • /
    • v.20 no.5
    • /
    • pp.827-834
    • /
    • 2017
  • Android's inter-application access enriches its application ecosystem. However, it exposes security vulnerabilities where end-user data can be exploited by attackers. While existing techniques have focused on minimizing the risks of inter-application access, they either suffer from inaccurate risk detection or are primarily available to expert users. This paper introduces a novel technique that automatically analyzes potential risks between a set of applications, aids end-users to effectively assess the identified risks by crowdsourcing assessments, and generates an access control policy which prevents unsafe inter-application access at runtime. Our evaluation demonstrated that our technique identifies potential risks between real-world applications with perfect accuracy, supports a scalable analysis on a large number of applications, and successfully aids end-users' risk assessments.

Towards Cyber Security Risks Assessment in Electric Utility SCADA Systems

  • Woo, Pil Sung;Kim, Balho H.;Hur, Don
    • Journal of Electrical Engineering and Technology
    • /
    • v.10 no.3
    • /
    • pp.888-894
    • /
    • 2015
  • This paper presents a unified model based assessment framework to quantify threats and vulnerabilities associated with control systems, especially in the SCADA (Supervisory Control and Data Acquisition) system. In the past, this system was primarily utilized as an isolated facility on a local basis, and then it started to be integrated with wide-area networks as the communication technology would make rapid progress. The introduction of smart grid, which is an innovative application of digital processing and communications to the power grid, might lead to more and more cyber threats originated from IT systems. However, an up-to-date power system often requires the real-time operations, which clearly implies that the cyber security would turn out to be a complicated but also crucial issue for the power system. In short, the purpose of this paper is to streamline a comprehensive approach to prioritizing cyber security risks which are expressed by the combination of threats, vulnerabilities, and values in the SCADA components.

Analysis of Security Vulnerabilities and Personal Resource Exposure Risks in Overleaf

  • Suzi Kim;Jiyeon Lee
    • Journal of the Korea Society of Computer and Information
    • /
    • v.29 no.7
    • /
    • pp.109-115
    • /
    • 2024
  • Overleaf is a cloud-based LaTeX editor, allowing users to easily create and collaborate on documents without the need for separate LaTeX installation or configuration. Thanks to this convenience, users from various fields worldwide are writing, editing, and collaborating on academic papers, reports, and more via web browsers. However, the caching that occurs during the process of converting documents written on Overleaf to PDF format poses risks of exposing sensitive information. This could potentially lead to the exposure of users' work to others, necessitating the implementation of security measures and vigilance to caution against such incidents. This paper delves into an in-depth analysis of Overleaf's security vulnerabilities and proposes various measures to enhance the protection of intellectual property.