• The Journal of Society for e-Business Studies
• /
• v.16 no.2
• /
• pp.129-142
• /
• 2011

Traditionally research in Service Oriented Architecture(SOA) security has focused primarily on exploiting standards and solutions separately. There exists no unified methodology for SOA security to manage risks at the enterprise level. It needs to analyze preliminarily security threats and to manage enterprise risks by identifying vulnerabilities of SOA. In this paper, we propose a metric-based vulnerability assessment method using dynamic properties of services in SOA. The method is to assess vulnerability at the architecture level as well as the service level by measuring run-time dependency between services. The run-time dependency between services is an important characteristic to understand which services are affected by a vulnerable service. All services which directly or indirectly depend on the vulnerable service are exposed to the risk. Thus run-time dependency is a good indicator of vulnerability of SOA.

• Proceedings of the Korean Institute of Building Construction Conference
• /
• 2019.05a
• /
• pp.125-126
• /
• 2019

This study aims to recognize damage indicators of typhoon and to develop damage function's indicators, using information derived from the actual loss of typhoon Maemi. As typhoons engender significant financial damage all over the world, governments and insurance companies, local or global, develop hurricane risk assessment models and use it in quantifying, avoiding, mitigating, or transferring the risks. For the reason, it is crucial to understand the importance of the risk assessment model for typhoons, and the importance of reflecting local vulnerabilities for more advanced evaluation. Although much previous research on the economic losses associated with natural disasters has identified the risk indicators that are indispensable, more comprehensive research addressing the relationship between vulnerability and economic loss are still called for. Hence this study utilizes and analyzes the actual loss record of the typhoon Maemi provided by insurance companies to fill such gaps. In this study, natural disaster indicators and basic building information indicators are used in order to generate the vulnerability functions; and the results and indicators suggest a practical approach to create the vulnerability functions for insurance companies and administrative tasks, while reflecting the financial loss and local vulnerability of the actual buildings.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.1
• /
• pp.77-86
• /
• 2019

Comparative analysis to secure safety of Blockchain Many investors have invested in virtual currency such as bit coins as a new investment due to increased popularity of virtual currency around the world. Also, virtual currency such as bit coin has a security technology and it has been relatively proved. popularity of virtual currency is rising as a new investment alternative because of this reason. This paper focused on the block chain's transparency and security of distributed ledger technology, which is relatively safe without third party's intervention. Many governments and companies around the world are developing and working on block chain technological development to introduce due to these reasons However, there are some suggestion that block chain has minor risks to its security. In this paper, it will examine security vulnerabilities from importance of security of Blockchain which relates to transactions of Bitcoin which stored by governments and companies around the world. This paper will propose measure which will improve safety and efficiency of Blockchain technology such as the existing Blockchain method, Blockchain proposal, traceability and awareness about hacking.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.29 no.1
• /
• pp.38-46
• /
• 2021

The Organization's ability to respond to social disasters has begun to be treated as important through social shock situations that have never been experienced, such as COVID-19. Among them, the ability to respond to unexpected risks and resilience is emerging. Since social disasters such as infectious diseases are periodically repeated, compounded, and enlarged, they develop into a global crisis situation, so this crisis response capability is treated as national competitiveness. Therefore, this study aims to improve the organization's response capability in terms of risk response and resilience under rapid social disasters such as COVID-19. The aviation safety field was taken as an example. From the Safety-II perspective, safety management focuses on the ability to resilience in response to system vulnerabilities in various situations. In this study, I intend to apply RAG(Resilience Assessment Grid) of Respond, Monitor, Learn and Anticipate, the four major potential of resilience engineering. Based on Hollnagel's research, potential elements were classified into four, and items were organized through an expert panel using Delphi techniques. The final configured RAG items are 15 Respond, 15 Monitor, 15 Learn and 11 Anticipate. The RAG was evaluated by 42 experts in the field of aviation safety.

• Journal of Information Technology Applications and Management
• /
• v.31 no.2
• /
• pp.51-66
• /
• 2024

Internet of Things (IoT) is a term that has been introduced in recent years, and it defines objects being able to connect and transfer data through the internet. Although some IoT-related products are currently available in the market, there are still some IoT problems that need to be overcome, such as the technology issues and lack of confidence and understanding of IoT. This study aims to analyze the influential factors in building successful IoT system for smart supply chain. This study develops the Analytic Hierarchy Process (AHP) to evaluate the influential factors in IoT. This study finds that tangible factors (Technology, Value and Connectivity) are more important than the intangible factors (Operation and Intelligence). Finally, this study concludes that after enterprises build a good IoT connectivity system, it is essential to combine this with good IoT technology to create a successful IoT environment. The findings may help practitioners implement IoT in smart supply chains to deal with disruptions, risks and vulnerabilities in the post-pandemic era.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.169-176
• /
• 2016

Android platform is designed to be user-friendly, yet sometimes its convenience introduces vulnerabilities that normal users cannot justify. In this paper, after making an overview of popular open source analysis tools for android applications, we point out the dangerous use of Permission Group in current Google Policy, and suggest a technique to mitigate the risks of privilege escalation that attackers are taking advantage of. By conducting the investigation of 21,064 malware samples, we conclude that the proposed technique is considered effective in detecting insecure application update, as well as giving users the heads-up in security awareness.

• The KIPS Transactions:PartA
• /
• v.18A no.5
• /
• pp.193-204
• /
• 2011

Since web applications are accessed by anonymous users via web, more security risks are imposed on those applications. In particular, because security vulnerabilities caused by insecure source codes cannot be properly handled by the system-level security system such as the intrusion detection system, it is necessary to eliminate such problems in advance. In this paper, to enhance the security of web applications, we develop a static analyzer for detecting the well-known security vulnerability of PHP file inclusion vulnerability. Using a semantic based static analysis, our vulnerability analyzer guarantees the soundness of the vulnerability detection and imposes no runtime overhead, differently from the other approaches such as the penetration test method and the application firewall method. For this end, our analyzer adopts abstract interpretation framework and uses an abstract analysis domain designed for the detection of the target vulnerability in PHP programs. Thus, our analyzer can efficiently analyze complicated data-flow relations in PHP programs caused by extensive usage of string data. The analysis results can be browsed using a JAVA GUI tool and the memory states and variable values at vulnerable program points can also be checked. To show the correctness and practicability of our analyzer, we analyzed the source codes of open PHP applications using the analyzer. Our experimental results show that our analyzer has practical performance in analysis capability and execution time.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.1
• /
• pp.100-106
• /
• 2018

Since the concept of virtual currency called Bitcoin was announced in 2008, the blockchain technology, which is the basis of Bitcoin, is attracting attention as an important platform technology in the era of the 4th industrial revolution that can change our society in the future. Although Existing electronic financial transactions store and manage all transaction history at a reliable central organization such as government and bank, blockchain-based electronic financial transactions are composed of a distributed structure in which all participants participating in the transaction store and manage the transaction history, it is possible to secure transaction transparency while reducing system construction and operation costs. Besides the virtual currency that started with bit coins, the technology of these blockchains has been extended in various fields such as smart contracts and document management. The key technology area of this blockchain is security based on proven cryptographic technology to make it difficult to forge and hack, but there are security risks such as security vulnerabilities in the virtual currency trading service, We will discuss security risks in using virtual currency and discuss countermeasures. Especially security accidents of virtual currency exchanges are occurring frequently recently, the damage of users who trade the virtual currency is also increasing, we propose security threats and security countermeasures against virtual currency exchanges.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.445-457
• /
• 2013

This paper is about the study to build a quantitative methodology to assess cyber threats and vulnerabilities on control systems. The SCADA system in power industry is one of the most representative and biggest control systems. The SCADA system was originally a local system but it has been extended to wide area as both ICT and power system technologies evolve. Smart Grid is a concept to integrate energy and IT systems, and therefore the existing cyber threats might be infectious to the power system in the integration process. Power system is operated on a real time basis and this could make the power system more vulnerable to the cyber threats. It is a unique characteristic of power systems different from ICT systems. For example, availability is the most critical factor while confidentiality is the one from the CIA triad of IT security. In this context, it is needed to reflect the different characteristics to assess cyber security risks in power systems. Generally, the risk(R) is defined as the multiplication of threat(T), vulnerability(V), and asset(A). This formula is also used for the quantification of the risk, and a conceptual methodology is proposed for the objective in this study.

• Safety and Health at Work
• /
• v.10 no.1
• /
• pp.3-20
• /
• 2019

This review aimed to identify risk factors for occupational accidents and illnesses among young workers in the Nordic countries and to attain knowledge on specific vulnerable groups within the young working force that may need special attention. We conducted a systematic review from 1994 to 2014 using five online databases. Of the 12,528 retrieved articles, 54 met the review criteria and were quality assessed, in which data were extracted focusing on identifying occupational safety, health risk factors, and vulnerable groups among the young workers. The review shows that mechanical factors such as heavy lifting, psychosocial factors such as low control over work pace, and organizational factors such as safety climate are all associated with increased injury risk for young Nordic workers. Results show that exposures to chemical substances were associated with skin reactions, e.g., hand eczema. Heavy lifting and awkward postures were risk factors for low back pain, and high job demands were risk factors for mental health outcomes. The review identified young unskilled workers including school drop-out workers as particularly vulnerable groups when it comes to occupational accidents. In addition, apprentices and young skilled workers were found to be vulnerable to work-related illnesses. It is essential to avoid stereotyping young Nordic workers into one group using only age as a factor, as young workers are a heterogeneous group and their vulnerabilities to occupational safety and health risks are contextual. Politicians, researchers, and practitioners should account for this complexity in the education, training and organization of work, and workplace health and safety culture.