• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.147-155
• /
• 2010

It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.

• Journal of Korean Society for Atmospheric Environment
• /
• v.28 no.1
• /
• pp.22-38
• /
• 2012

Adaptation of climate change is necessary to avoid unexpected impacts of climate change caused by human activities. Vulnerability refers to the degree to which system cannot cope with impacts of climate change, encompassing physical, social and economic aspects. Therefore the quantification of climate change impacts and its vulnerability is needed to identify vulnerable regions and to setup the proper strategies for adaptation. In this study, climate change vulnerability is defined as a function of climate exposure, sensitivity, and adaptive capacity. Also, we identified regions vulnerable to ozone due to climate change in Korea using developed proxy variables of vulnerability of regional level. 18 proxy variables are selected through delphi survey to assess vulnerability over human health sector for ozone concentration change due to climate change. Also, we estimate the weighting score of proxy variables from delphi survey. The results showed that the local regions with higher vulnerability index in the sector of human health are Seoul and Daegu, whereas regions with lower one are Jeollanam-do, Gyeonggi-do, Gwangju, Busan, Daejeon, and Gangwon-do. The regions of high level vulnerability are mainly caused by their high ozone exposure. We also assessed future vulnerability according to the Intergovernmental Panel on Climate Change (IPCC) Special Report on Emissions Scenarios (SRES) A2, A1FI, A1T, A1B, B2, and B1 scenarios in 2020s, 2050s and 2100s. The results showed that vulnerability increased in all scenarios due to increased ozone concentrations. Especially vulnerability index is increased by approximately 2 times in A1FI scenarios in the 2020s. This study could support regionally adjusted adaptation polices and the quantitative background of policy priority as providing the information on the regional vulnerability of ozone due to climate change in Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.121-129
• /
• 2008

This paper presents vulnerability identification method based on meaning which is making use of the concept of atomic vulnerability. Also, we are making use of decomposition and specialization processes which were used in DEVS/SES to get identifiers. This vulnerability representation method is useful for managing and removing vulnerability in organized way. It is helpful to make a relation between vulnerability assessing and intrusion detection rules in lower level. The relation enables security manager to response more quickly and conveniently. Especially, this paper shows a mapping between Nessus plugins and Snort rules using meaning based vulnerability identification method and lists usages based on three goals that security officer keeps in mind about vulnerability. The contribution of this work is in suggestion of meaning based vulnerability identification method and showing the cases of its usage for the rule integration of vulnerability assessment and intrusion detection.

• The Journal of Fisheries Business Administration
• /
• v.42 no.1
• /
• pp.57-70
• /
• 2011

Fisheries are subject to unexpected weather condition. While some change of it may be positive for some fisheries, the current state suggests that the effects will be undesirable for many fisheries. The aim of this study is to assess the vulnerability to climate change in 11 regional fisheries of Korea using the framework of IPCC. The vulnerability assessment depends upon the interrelation of three key elements; exposure, sensitivity and adaptive capacity, which were derived from Analytical Hierarchy Process method in this study. These elements would contribute to comprehend relative importance at the regional characteristics of fisheries. We compared the vulnerability index of 11 regional fisheries so as to look for strategies and adaptation methods to the impacts of potential climate change. Jeoun-Nam, Kyeong-Nam, and Jeju are identified as the most vulnerable provinces to climate change on their fisheries because they have high level of sensitivity to predicted climate change and relatively low adaptive capacity. The relatively low vulnerability of Ulsan, Gyeonggi reflects high financial independence, well-equipped infrastructure, social capital in these regions. Understanding of vulnerability to climate change suggests future research directions. This paper will provide a guide to local policy makers and fisheries managers about vulnerability and adaptation planning to climate change.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.4933-4956
• /
• 2016

Use-After-Free (UAF) is a common lethal form of software vulnerability. By using tools such as Web Browser Fuzzing, a large amount of samples containing UAF vulnerabilities can be generated. To evaluate the threat level of vulnerability or to patch the vulnerabilities, automatic deduplication and exploitability determination should be carried out for these samples. There are some problems existing in current methods, including inadequate pertinence, lack of depth and precision of analysis, high time cost, and low accuracy. In this paper, in terms of key dangling pointer and crash context, we analyze four properties of similar samples of UAF vulnerability, explore the method of extracting and calculate clustering eigenvalues from these samples, perform clustering by fast search and find of density peaks on a large number of vulnerability samples. Samples were divided into different UAF vulnerability categories according to the clustering results, and the exploitability of these UAF vulnerabilities was determined by observing the shape of class cluster. Experimental results showed that the approach was applicable to the deduplication and exploitability determination of a large amount of UAF vulnerability samples, with high accuracy and low performance cost.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.701-713
• /
• 2021

Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.

• Journal of Environmental Impact Assessment
• /
• v.26 no.3
• /
• pp.171-180
• /
• 2017

The vulnerability analysis of climate change driven disaster has been used as institutional framework for the urban policies of disaster prevention since 2012. However, some problems have occurred due to the structure of vulnerability analysis, such as overweighted variables and duplicated application of variables of similar meaning. The goal of this study is to examine the differences of results between the method of current guideline and the method of weight equalization. For this, we examines the current structural framework of the vulnerability analysis, and performs empirical analysis. As a result, the extent and magnitude of vulnerability showed different spatial patterns depending on the weighting methods. Standardized weighting method relatively represented wider vulnerable areas compared to the pre-existing method which follows the current instruction manual. To apply the results of vulnerability analysis to urban planning process for disaster prevention, this study suggests that the reliability of the results should be ensured by improving analytical framework and detailed review of the results.

• Journal of Environmental Health Sciences
• /
• v.40 no.5
• /
• pp.355-366
• /
• 2014

Objectives: This study seeks to evaluate the vulnerability assessment of the human health sector for $PM_{10}$, which is reflected in the regional characteristics and related disease mortality rates for $PM_{10}$ in Busan over the period of 2006-2010. Methods: According to the vulnerability concept suggested by the Intergovernmental Panel on Climate Change (IPCC), vulnerability to $PM_{10}$ is comprised of the categories of exposure, sensitivity, and adaptive capacity. The indexes of the exposure and sensitivity categories indicate positive effects, while the adaptive capacity index indicates a negative effect on vulnerability to $PM_{10}$. Variables of each category were standardized by the rescaling method, and each regional relative vulnerability was computed through the vulnerability index calculation formula. Results: The regions with a high exposure index are Jung-Gu (transportation region) and Saha-Gu (industrial region). Major factors determining the exposure index are the $PM_{10}$ concentration, days of $PM_{10}{\geq}50$, ${\mu}g/m^3$, and $PM_{10}$ emissions. The regions that show a high sensitivity index are urban and rural regions; these commonly have a high mortality rate for related disease and vulnerable populations. The regions that have a high adaptive capacity index are Jung-Gu, Gangseo-Gu, and Busanjin-Gu, all of which have a high level of economic/welfare/health care factors. The high-vulnerability synthesis of the exposure, sensitivity, and adaptive capacity indexes show that Dong-Gu and Seo-Gu have a risk for $PM_{10}$ potential effects and a low adaptive capacity. Conclusions: This study presents the vulnerability index to $PM_{10}$ through a relative comparison using quantitative evaluation to draw regional priorities. Therefore, it provides basic data to reflect environmental health influences in favor of an adaptive policy limiting damage to human health caused by vulnerability to $PM_{10}$.

• The Journal of Society for e-Business Studies
• /
• v.16 no.2
• /
• pp.129-142
• /
• 2011

Traditionally research in Service Oriented Architecture(SOA) security has focused primarily on exploiting standards and solutions separately. There exists no unified methodology for SOA security to manage risks at the enterprise level. It needs to analyze preliminarily security threats and to manage enterprise risks by identifying vulnerabilities of SOA. In this paper, we propose a metric-based vulnerability assessment method using dynamic properties of services in SOA. The method is to assess vulnerability at the architecture level as well as the service level by measuring run-time dependency between services. The run-time dependency between services is an important characteristic to understand which services are affected by a vulnerable service. All services which directly or indirectly depend on the vulnerable service are exposed to the risk. Thus run-time dependency is a good indicator of vulnerability of SOA.

• Journal of Wetlands Research
• /
• v.21 no.spc
• /
• pp.134-140
• /
• 2019

In this study, we propose a new method for evaluating the vulnerability to flooding river levee. The purpose of this study is to examine how to apply the factors necessary to calculate the proposed levee flood index. To do this, the safety flood level was analyzed by applying the planned flood level. The levee flood vulnerabilities index was calculated based on seven factors such as freeboard, levee crown section, levee section ratio, safety factor, raised spot length, Seepage line change degree, and critical velocity. The Levee Flood Vulnerability Index(LFVI) of the levee developed in this study was used to levee vulnerability analysis. The results of the analysis were divided into 1 to 7 grades using Levee Flood Vulnerability Index(LFVI).