• Journal of the Korean Society of Safety
• /
• v.33 no.5
• /
• pp.51-59
• /
• 2018

It is difficult to determine the outdoor toxic level of hazardous chemicals that are leaked in the building, since there are no efficient ways to calculate how much percentage of the leaked chemicals is released into the outdoor atmosphere. In address to these problems, we propose a reasonable box model that can quantitatively evaluate the mass rate of the indoor chlorine leakage into the outside of the building. The proposed method assumes that the indoor chlorine leakage is fully mixed with the indoor air, and then the mixture of the chlorine and indoor air is exfiltrated into the outside of the building through effective leakage areas of the building. It is found that the exfiltration rate of the mixture of the chlorine and indoor air is strongly dependent on the temperature difference between inside and outside the building than the atmospheric wind speed. As compared with a conventional method that uses a vague mitigation factor, our method is more effective to evaluate the outdoor toxic threat zone of the chlorine that are leaked in the building, because it can consider the degree of airtight of the building in the evaluation of the threat zone.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1133-1151
• /
• 2019

Insider threats in the field of information security are so important that the research is continuing centering on the institutes attached to the Carnegie Mellon University. On the other hand, we do not have any separate research institutes. In particular, insider threat research on the defense IT environment directly connected with the survival of the country is not proceeding in depth. In addition, due to the specificity of the military, defense IT security has limited research as an academic discipline, and even the establishment of concepts has not been achieved properly. In addition, because of differences in the environment, the US standard can not be borrowed as it is. This paper analyzes the defense IT environment and defines an insider (threat) suitable for the Korea military environment. I'd like to suggest the type of insider threat and how to mitigate it.

• Journal of Electrical Engineering and Technology
• /
• v.9 no.3
• /
• pp.1043-1050
• /
• 2014

Obsolescent control systems for power systems are evolving into intelligent systems and connecting with smart devices to give intelligence to the power systems. As networks of the control system are growing, vulnerability is also increasing. The communication network of distribution areas in the power system connects closely to vulnerable environments. Many cyber-attacks have been founded in the power system, and they could be more critical as the power system becomes more intelligent. From these environment, new communication network architecture and mitigation method against cyber-attacks are needed. Availability and Fault Tree analysis used to show that the proposed system enhances performance of current control systems.

• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.865-889
• /
• 2019

The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.127-137
• /
• 2012

Recently, as modern Internet uses mashups, Web 3.0, JavaScript/AJAX widely, the rate at which new vulnerabilities are being discovered is increasing rapidly. It can subsequently introduce big security threats. In order to efficiently mitigate these web application vulnerabilities and security threats, it is needed to rank vulnerabilities based on severity and consider the severe vulnerabilities during a specific phase of software development lifecycle (SDLC) for web applications. In this paper, we have first verified whether the risk rating methodology of OWASP Top 10 vulnerabilities is a reasonable one or not by analyzing the vulnerability data of web applications in the US National Vulnerability Database (NVD). Then, by inspecting the vulnerability information of web applications based on OWASP Top-10 2010 list and CWE (Common Weakness Enumeration) directory, we have mapped the web-related entries of CWE onto the entries of OWASP Top-10 2010 and prioritized them. We have also presented which phase of SDLC is associated with each vulnerability entry. Using this approach, we can prevent or mitigate web application vulnerabilities and security threats efficiently.

• 한국방재학회:학술대회논문집
• /
• 2008.02a
• /
• pp.389-392
• /
• 2008

Warning phase of disaster is a critical period in determining the likely survival of threatened citizens. Elderly requires special attention primarily because they tend to be uncompliant and less likely to cooperate with authorities. But there is much less research on how elderly respond to disaster warnings, while there is a strong consistent empirical literature on older citizen in the recovery periods of disaster. The purpose of this study is to examine coping behavior of elderly when they are at risk of disaster. Data were collected from 130 senior citizens aged over 60 who are residing in Pyungchang and Injae in Kangwon province which had damaged due to heavy rain in 2006. Perry & Lindell(1997)'s index, a series of six categories that represent coping behaviors which progressively approximate the action of evacuating was used : do nothing(1), check environmental cues for evidence of a threat(2), engage in threat-specific property protection(3), engage in protective action for personal safety(4), prepare to evacuate(5), evacuate the areas as instructed in the warning(6). Almost respondents(69.2%) chose the level 6(51.5%) and level 5(17.7%). This proves the elderly are not uncompliant or uncooperative population. Furthermore, this finding emphasizes the importance of public warning in case of disasters. And 13.8% of total respondent checked level 1 for their reaction.

• Advances in nano research
• /
• v.10 no.4
• /
• pp.397-414
• /
• 2021

The steady growth in population has led to an enhanced water demand and immense pressure on water resources. Pharmaceutical residues (PRs) are unused or non-assimilated medicines found in water supplies that originate from the human and animal consumption of antibiotics, antipyretics, analgesics etc. These have been detected recently in sewage effluents, surface water, ground water and even in drinking water. Due to their toxicity and potential hazard to the environment, humans and aquatic life, PRs are now categorized as the emerging contaminants (ECs). India figures in the top five manufacturers of medicines in the world and every third pill consumed in the world is produced in India. Present day conventional wastewater treatment methods are ineffective and don't eliminate them completely. The use of nanotechnology via advanced oxidation processes (AOP) is one of the most effective methods for the removal of these PRs. Present study is aimed at reviewing the presence of various PRs in water supplies and also to describe the process of AOP to overcome their threat. This study is also very important in view of World Health Organization report confirming more than 30 million cases of COVID-19 worldwide. This will lead to an alleviated use of antibiotics, antipyretics etc. and their subsequent occurrence in water bodies. Need of the hour is to devise a proper treatment strategy and a decision thereof by the policymakers to overcome the possible threat to the environment and health of humans and aquatic life.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• v.1
• /
• pp.9-14
• /
• 2006

This paper develops a complete methodology for the mitigation of ionosphere spatial anomalies by GBAS systems fielded in the Conterminous U.S. (CONUS). It defines an ionosphere anomaly threat model based on validated observations of unusual ionosphere events in CONUS impacting GBAS sites in the form of a linear ‘wave front’ of constant slope and velocity. It then develops a simulation-based methodology for selecting the worst-case ionosphere wave front impact impacting two satellites simultaneously for a given GBAS site and satellite geometry, taking into account the mitigating effects of code-carrier divergence monitoring within the GBAS ground station. The resulting maximum ionosphere error in vertical position (MIEV) is calculated and compared to a unique vertical alert limit, or $VAL_{H2,I}$, that applies to the special situation of worst-case ionosphere gradients. If MIEV exceeds $VAL_{H2,I}$ for one or more otherwise-usable subset geometries (i.e., geometries for which the 'normal' vertical protection level, or $VPL_{H0}$, is less than the 'normal' VAL), the broadcast ${\sigma}_{pr_{-}gnd}$ and/or ${\sigma}_{vig}$ must be increased such that all such potentially-threatening geometries have VPL$_{H0}$ > VAL and thus become unavailable. In addition to surveying all aspects of the methods used to generate the required ${\sigma}_{pr_{-}gnd}$ and ${\sigma}_{vig}$ inflation factors for CONUS GBAS sites, related methods for deriving similar results for GBAS sites outside CONUS are suggested.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.3
• /
• pp.601-606
• /
• 2017

SRAM-based FPGAs mainly used to develop and implement high-performance circuits have SRAM-type configuration memory. Soft errors in memory devices are the main threat from a reliability point of view. Soft errors occurring in the configuration memory of FPGAs cause FPGAs to malfunction. SEM(Soft Error Mitigation) Controllers offered by Xilinx can mitigate the influence of soft errors in configuration memory. SEM Controllers use ECC(Error Correction Code) and CRC(Cyclic Redundancy Code) which are placed around the configuration memory to detect and correct the errors. The correction is done through a partial reconfiguration process. This paper presents the availability analysis of SRAM-based FPGAs against soft errors under the protection of SEM Controllers. Availability functions were derived and compared according to the correction capability of SEM Controllers of several different families of FPGAs. The result may help select an SRAM-based FPGA part and estimate the availability of FPGAs running in an environment where soft errors occur.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.135-141
• /
• 2020

The Ministry of National Defense is strengthening the power and capacity of cyber operations as cyber protection training is conducted. However, considering the level of enemy cyber attack capability, the level of cyber defense capability of the ministry of national defense is significantly low and the protection measures and response system for responding to cyber threats to military networks are not clearly designed, falling short of the level of cyber security capabilities of the public and private sectors. Therefore, this paper is to investigate and verify the establishment of a military internal network vulnerability mitigation system that applies the intention of attackers, tactics, techniques and procedures information (ATT&CK Framework), identified military internal network main threat information, and military information system security requirements with military specificity as factors that can establish a defense network vulnerability mitigation system by referring to the domestic and foreign cyber security framework It has the advantage of having.