• 정보보호학회논문지
• /
• 제28권6호
• /
• pp.1539-1552
• /
• 2018

원자력 발전소의 디지털화로 인한 사이버위협 노출로 보다 확고한 사이버보안 체계 구축 필요성이 대두되고 있으며 주기적인 취약점 분석 및 평가를 통한 적합한 보안대책 정립이 필요하다. 그러나 원전시스템은 안전성을 최우선으로 둔 특성 및 취약점 분석을 위한 제반사항 구축에 많은 비용 및 시간 등이 필요하여 기존의 취약점 분석 환경 및 분석 도구를 적용하는데 어려움이 있다. 이에 본 연구에서는 원전디지털자산 취약점 분석 시 고려해야 할 사항 및 일반적인 취약점 분석 방법들을 비교하여 기존의 취약점 분석 방법의 한계점을 보완하는 원전디지털자산에 적합한 취약점 평가 방법에 대해 제시하고 시범 적용한 결과를 기술하고자 한다.

• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 1995년도 종합학술발표회논문집
• /
• pp.51-58
• /
• 1995

The importance of the risk analysis tool has been recognized and its use also has been emphasized by a number of researchers recently The methodology were examined but neither algorithms nor practical applications have been implemented or practiced in Korea. In this paper, the architecture of the Buddy System, one of the automated risk assessment tools. is analyzed in depth to provide the algorithmic understanding and to promote the development of the risk analysis methodology. The Buddy System mainly uses three main factors of vulnerability, threat and countermeasures as a nucleus of the qualatative analysis with the modified loss expectancy value. These factors are identified and assessed by the separation of duties between the end user and security analyst. The Buddy System uses five axioms as its bases of assessment algorithm and the assessed vulnerability level is strictly within these axioms. Since the In-place countermeasures reduce the vulnerability level up to a certain level. the security analyst may use "what if " model to examine the impact of additional countermeasures by proposing each to reduce the vulnerability level further to within the acceptable range. The emphasis on the qualitative approach on vulnerability leveling is very well balanced with the quantitative analysis that the system performance is prominent.prominent.

• 한국환경과학회지
• /
• 제20권6호
• /
• pp.789-798
• /
• 2011

Climate change assessment, together with climate change adaptation process, would be one of the worldwide important issues, and the study on climate change vulnerability indicator has been an essential problem for climate change adaptation. Vulnerability indicator can be used as a good tool to estimate the impact of climate change and to map out the distribution of its vulnerability over the given area both in Korea and other countries. This study addressed the conceptual summary on the assessment of climate change and its adaptation process. Previous studies on how to yield the vulnerability indicators of climate change are reviewed and several previous results of vulnerability indicators applied to Korean provinces are also discussed here.

• 대한조선학회논문집
• /
• 제49권3호
• /
• pp.254-263
• /
• 2012

The survivability of warship is assessed by susceptibility, vulnerability and recoverability. Essentially, a vulnerability assessment is a measure of the effectiveness of a warship to resist hostile weapon effects. Considering the shot line and its penetration effect on the warship, present study introduces the procedural aspects of vulnerability assessments of warship. Present study also considers the prediction of penetration damage to a target caused by the impact of projectiles. It reflects the interaction between the weapon and the target from a perspective of vulnerable area method and COVART model. The shotline and tracing calculation have been directly integrated into the vulnerability assessment method based on the penetration equation empirically obtained. A simplified geometric description of the desired target and specification of a threat type is incorporated with the penetration effect. This study describes how to expand the vulnerable area assessment method to the penetration effect. Finally, an example shows that the proposed method can provide the vulnerability parameters of the warship or its component under threat being hit through tracing the shotline path thereby enabling the vulnerability calculation. In addition, the proposed procedure enabling the calculation of the component's multi-hit vulnerability introduces a propulsion system in dealing with redundant Non-overlapping components.

• 한국수자원학회:학술대회논문집
• /
• 한국수자원학회 2018년도 학술발표회
• /
• pp.50-50
• /
• 2018

As the frequency of drought due to climate change is increasing and the severity of drought becomes severe, it is urgent to prepare measures against extreme drought. Despite the significant impacts of drought on the coupled human-environment system, we have not fully understood the consequences of extreme droughts affecting all parts of the environment and our communities, and there is no system to assess environmental droughts quantitatively. Even if a drought disaster occurs on the same scale, the severity of the drought depends on the vulnerability of the region. Therefore, this study proposes environmental drought assessment based on water quality vulnerability to extreme drought for the resilient proactive response.

• 정보보호학회논문지
• /
• 제13권5호
• /
• pp.69-79
• /
• 2003

업무연속성 관점에서 IDEF 접근방법에 의해서 주요 업무 프로세스를 파악하고, 관련 정보자산을 Skandia 모형으로 식별 한 후에, OCTAVE 접근방법에 의해서 위협을 단계적으로 분석하기 위해서, Nessus Version 1.4.2를 이용하여 도서관 정보시스템 중에서 가장 중요한 자산인 서버에 대해서 취약성을 평가했다. 기존 OCTAVE 접근방법에 IDEF 접근방법과 Skandia 모형을 동시에 이용하는 개선된 OCTAVE 접근방법을 이용한 취약성 평가 사례를 제시했다.

• Journal of Multimedia Information System
• /
• 제4권2호
• /
• pp.57-64
• /
• 2017

Numerous software vulnerabilities have been found in the popular operating systems. And recently, robust linear behaviors in software vulnerability discovery process have been noticeably observed among the many popular systems having multi-versions released. Software users need to estimate how much their software systems are risk enough so that they need to take an action before it is too late. Security vulnerabilities are discovered throughout the life of a software system by both the developers, and normal end-users. So far there have been several vulnerability discovery models are proposed to describe the vulnerability discovery pattern for determining readiness for patch release, optimal resource allocations or evaluating the risk of vulnerability exploitation. Here, we apply a linear vulnerability discovery model into Windows operating systems to see the linear discovery trends currently observed often. The applicability of the observation form the paper show that linear discovery model fits very well with aggregate version rather than each version.

• 융합보안논문지
• /
• 제13권4호
• /
• pp.11-17
• /
• 2013

모든 u-헬스케어 시스템은 보안 취약점을 가지고 있다. 이 취약점은 로컬(local) 또는 네트워크(network) 상에서 잠재적인 위험이 된다. 의료정보 기술의 Smart 환경, Ad-hoc networking, 무선통신 환경은, u-헬스케어 보안 취약성을 증가시키는 주요 요인이다. u-헬스케어 의료정보시스템 도메인은 사용자단말 구간, 공중통신망 인프라구간, 네트워킹구간, 인트라넷구간으로 구분된다. 의료정보시스템 도메인별을 구분하여 취약점을 평가하는 이유는 도메인별로 취약점에 대한 대처방법이 다르기 때문이다. u-헬스케어시스템 5단계의 보안위험도 평가체계는 도메인별 보안취약성 진단체계를 설계하여 보안대책을 강구하기 위해 필요하다. 제안하는 모델을 사용할 경우 현재까지 막연하게 진행 되어온 USN 기반 의료정보네트워크 보안취약성 진단대책을 좀 더 체계적으로 수행할 수 있는 모형을 제공한다.

• Structural Engineering and Mechanics
• /
• 제64권2호
• /
• pp.213-223
• /
• 2017

Bridges are lifeline and integral components of transportation system that are susceptible to seismic actions, their vulnerability assessment is essential for seismic risk assessment and mitigation. The vulnerability assessment of bridges common in Pakistan is very important as it is seismically very active region and the available code for the seismic design of bridges is obsolete. This research presents seismic vulnerability assessment of three real case simply supported multi-span reinforced concrete bridges commonly found in northern Pakistan, having one, two and three bents with circular piers. The vulnerability assessment is carried through the non-linear dynamic time history analyses for the derivation of fragility curves. Finite element based numerical models of the bridges were developed in MIDAS CIVIL (2015) and analyzed through with non-linear dynamic and incremental dynamic analyses, using a suite of bridge-specific natural spectrum compatible ground motion records. Seismic responses of shear key, bearing pad, expansion joint and pier components of each bridges were recorded during analysis and retrieved for performance based analysis. Fragility curves were developed for the bearing pads, shear key, expansion joint and pier of the bridges that first reach ultimate limit state. Dynamic analysis and the derived fragility curves show that ultimate limit state of bearing pads, shear keys and expansion joints of the bridges exceed first, followed by the piers ultimate limit state for all the three bridges. Mean collapse capacities computed for all the components indicated that bearing pads, expansion joints, and shear keys exceed the ultimate limit state at lowest seismic intensities.

• 해양환경안전학회지
• /
• 제21권5호
• /
• pp.608-616
• /
• 2015

본 연구에서는 해일예측모델링을 통하여 연안역의 해일고를 산정하고, 취약성평가 기법을 적용하여 취약등급을 평가하였다. 해일예측모델링은 ADCIRC 모형을 적용하여 2000년~2014년까지의 27개 태풍을 모의하였으며, 상위 영향 6개 태풍에 대하여 검증하였다. 계산결과는 관측결과와 유의미한 검증결과를 보였다. 진해만, 사천만, 광양만, 천수만 및 경기만 등 주요 내만 연안역에서 해일고가 높게 나타났으며, 산출된 해일고 자료를 이용하여 표준화, 정규화 및 등급화 과정을 거쳐 해일 취약성 평가를 수행하였다. 평가결과, 진해만, 사천만, 광양만 등에서 취약지수가 4~5등급을 보였으며, 이는 해일의 특성상 영향을 직접 받는 내만역이 취약함을 의미한다. 반면 전남 서부 내만의 취약지수(1~3등급)는 상대적으로 양호하게 나타났으며, 이는 지난 15년간 이 지역을 통과한 태풍이 크게 영향을 미치지 않았기 때문인 것으로 사료된다. 따라서, 이러한 상대적 불확실성을 보완하기 위해서는 지형적 민감도를 고려한 보다 장기간의 영향누적을 통한 취약성 평가가 필요하다.