• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.49-68
• /
• 2022

The operation system of a shipping company is still maintaining the mainframe based terminal access environment or the client/server based environment. Nowadays shipping companies that try to migrate it into a web-based environment are increasing. However, in the transition, if the design is processed by the old configuration and knowledge without considering the characteristics of the web-based environment and shipping business, various security vulnerabilities will be revealed at the actual system operation stage, and system maintenance costs to fix them will increase significantly. Therefore, in the transition to a web-based environment, a security design must be carried out from the design stage to ensure system safety and to reduce security-related maintenance costs in the future. This paper examines the characteristics of various threat modeling techniques, selects suitable modeling technique for the operation system of a shipping company, applies data flow diagram and STRIDE threat modeling technique to shipping business, derives possible security threats from each component of the data flow diagram in the attacker's point of view, validates the derived threats by mapping them with attack library items, represents the attack tree having various attack scenarios that attackers can attempt to achieve their final goals, organizes into the checklist that has security check items, associated threats and security requirements, and finally presents 23 security requirements that can respond to threats. Unlike the existing general security requirements, the security requirements presented in this paper reflect the characteristics of shipping business because they are derived by analyzing the actual business of a shipping company and applying threat modeling technique. Therefore, I think that the presented security requirements will be of great help in the security design of shipping companies that are trying to proceed with the transition to a web-based environment in the future.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.9 no.4
• /
• pp.61-70
• /
• 2006

This paper is to describe LYNX-ESM Simulation System to simulate for EW operating environment analysis and system performance verification of LYNX-ESM system using Discrete Event Simulation(DEVS) Methodology. This system consists of 3 PC with TCP/IP network. Each PC is loaded with Modeling & Simulation program based DEVS. Each connected program conducts EW simulation. As a result, we analyze the operating environment of the maritime EW threat, simulate the EW threat discrimination and geolocation capability, and estimate the LYNX-ESM system effectiveness before real LYNX-ESM system development.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.77-90
• /
• 2022

Domestic and foreign automakers compete to lead the autonomous vehicle industry through continuously developing self-driving technologies. These self-driving technologies are evolving with dependencies on the connection between vehicles and other objects such as the environment of cars and roads. Therefore, cyber security vulnerabilities become more likely to occur in the self-driving environment, so it is necessary to prepare for them carefully. In this paper, we model the threats in autonomous vehicles and make the checklist to securely countermeasure them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.213-230
• /
• 2020

As smart TVs have recently emerged as the center of the IoT ecosystem, their importance is increasing. If a vulnerability occurs within a smart TV, there is a possibility that it will cause financial damage, not just in terms of privacy invasion and personal information leakage due to sniffing and theft. Therefore, in this paper, to enhance the completeness of smart TV vulnerability analysis, STRIDE threat classification are used to systematically identify threats. In addition, through the manufacture of the Attack Tree and the actual vulnerability analysis, the effectiveness of the checklist was verified and security requirements were derived for the safe smart TV use environment.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.143-158
• /
• 2017

Smart Home Appliance which makes people to operate machines in the home by remote control is service or technology to provide convenience. It is close to home, so it has privacy problem and security problem. If Smart Home Applications is attacked, Scale of damage is anticipated. In case of products from overseas country, various vulnerability has been announced every year. Therefore, It is necessary to identify and to analysis threats of Smart Home Appliance using systematically method for using safe Smart home appliance service. In this paper, we present check list for identifying and analyzing threats using Threat Modeling and then we analyzed the Domestic Smart Home Appliance using check list which we present.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1467-1482
• /
• 2017

Recently, Interests on The Fourth Industrial Revolution has been increased. In the manufacturing sector, the introduction of Smart Factory, which automates and intelligent all stages of manufacturing based on Cyber Physical System (CPS) technology, is spreading. The complexity and uncertainty of smart factories are likely to cause unexpected problems, which can lead to manufacturing process interruptions, malfunctions, and leakage of important information to the enterprise. It is emphasized that there is a need to perform systematic management by analyzing the threats to the Smart Factory. Therefore, this paper systematically identifies the threats using the STRIDE threat modeling technique using the data flow diagram of the overall production process procedure of Smart Factory. Then, using the Attack Tree, we analyze the risks and ultimately derive a checklist. The checklist provides quantitative data that can be used for future safety verification and security guideline production of Smart Factory.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1523-1537
• /
• 2018

The AI speaker is a simple operation that provides users with useful functions such as music playback, online search, and so the AI speaker market is growing at a very fast pace. However, AI speakers always wait for the user's voice, which can cause serious problems such as eavesdropping and personal information exposure if exposed to security threats. Therefore, in order to provide overall improved security of all AI speakers, it is necessary to identify potential security threats and analyze them systematically. In this paper, security threat modeling is performed by selecting four products with high market share. Data Flow Diagram, STRIDE and LINDDUN Threat modeling was used to derive a systematic and objective checklist for vulnerability checks. Finally, we proposed a method to improve the security of AI speaker by comparing the vulnerability analysis results and the vulnerability of each product.

• Journal of Korea Multimedia Society
• /
• v.20 no.2
• /
• pp.279-288
• /
• 2017

Nowadays, nations cyber security capabilities play an important role in a nation's defense. Security-critical infrastructures such as national defenses, public services, and financial services are now exposed to Advanced Persistent Threats (APT) and their resistance to such attacks effects the nations stability. Currently Cyber Threat Intelligence (CTI) is widely used by organizations to mitigate and deter APT for its ability to proactively protect their assets by using evidence-based knowledge. The evidence-based knowledge information can be exchanged among organizations and used by the receiving party to strengthen their cyber security management. This paper will discuss on the business process reengineering of the CTI information exchange management for a nationwide scaled control and governance by the government to better protect their national information security assets.

• International Journal of Aeronautical and Space Sciences
• /
• v.12 no.4
• /
• pp.396-402
• /
• 2011

Aircraft combat survivability is an essential factor in the design of combat aircrafts that operate in an enemy air defense area. The combat aircrafts will be confronted with anti-aircraft artillery and/or surface-to-air missiles (SAM) from the ground, and their survivability can be divided into two categories: susceptibility and vulnerability. This article studies the prediction of susceptibility in the case of a one-on-one engagement between the combat aircraft and a surface-based threat. The weighted score method is suggested for the prediction of susceptibility parameters, and Monte Carlo simulations are carried out to draw qualitative interpretation of the susceptibility characteristics of combat aircraft systems, such as the F-16 C/D, and the hypersonic aircraft, which is under development in the United States, versus ground threat from the SAM SA-10.

• Journal of the Korean Regional Science Association
• /
• v.35 no.1
• /
• pp.19-31
• /
• 2019

This study examines the effect of national identity and threat awareness on the multi-cultural acceptability and whether contact theory actually work. For the analysis, this study used '2013 Korea General Social Survey' data and compared two groups divided according to whether or not they live in ethnic places using structural equation modeling. The empirical analysis shows that national identity does not have a direct effect on multi-cultural acceptability, and threat awareness has a full mediating effect between national identity and multi-cultural acceptability. In addition, the negative effect of the threat awareness on multi-cultural acceptability was greater in groups living in ethnic places. The findings suggest that multi-cultural awareness education is necessary to reduce the threat awareness toward foreigners, and that community-level programs are needed to prevent and coordinate conflicts arising from contact between foreigners and Koreans.