• Journal of The Korean Society of Agricultural Engineers
• /
• v.57 no.1
• /
• pp.59-67
• /
• 2015

Because reservoirs that supply irrigation water play an important role in water resource management, it is necessary to evaluate the vulnerability of this particular water supply resource. The purpose of this study is to provide water supply risk maps of agricultural reservoirs in South Korea using irrigation vulnerability model and cluster analysis. To quantify water supply risk, irrigation vulnerability indices are estimated to evaluate the performance of the water supply on the agricultural reservoir system using a probability theory and reliability analysis. First, the irrigation vulnerability probabilities of 1,346 reservoirs managed by Korea Rural Community Corporation (KRC) were analyzed using meteorological data on 54 meteorological stations over the past 30 years (1981-2010). Second, using the K-mean method of non-hierarchical cluster analysis and pre-simulation approach, cluster analysis was applied to classify into three groups for characterizing irrigation vulnerability in reservoirs. The morphology index, watershed area, irrigated area, and ratio between watershed and irrigated area are selected as the clustering analysis parameters. It is suggested that the water supply risk map be utilized as a basis for the establishment of risk management measures, and could provide effective information for a reasonable decision making on drought risk mitigation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.277-280
• /
• 2010

Network based on the OSI 7 Layer communication protocol is implemented, and the Internet TCP / IP Layer Based on the vulnerability is discovered and attacked. In this paper, using the programs on the network Layer Scanning conducted by the Layer-by each subsequent vulnerability analysis. Layer by Scanning each vulnerability analysis program to analyze the differences will be studied. Scanning for the studies in the program reflects the characteristics of the Scanning Features of way, and security countermeasures by each Layer is presented. The results of this study was to analyze its vulnerability to hackers and security for defense policy as the data is utilized to enhance the security of the network will contribute.

• Journal of Korea Planning Association
• /
• v.53 no.7
• /
• pp.87-107
• /
• 2018

With more than 10 million inhabitants, in particular, Seoul, the capital of Korea, has already experienced a number of severe heat wave. To alleviate the potential impacts of heat wave and the vulnerability to heat wave, policy-makers have generally considered the option of heat wave strategies containing adaptation elements. From the perspective of sustainable planning for adaptation to heat wave, the objective of this study is to identify the elements of vulnerability and assess heat wave-vulnerability at the dong level. This study also performs an exploratory investigation of the spatial pattern of vulnerable areas in Seoul to heat wave by applying exploratory spatial data analysis. Then this study attempts to select areas with the relatively highest and lowest level of adaptive capacity to heat wave based on an framework of climate change vulnerability assessment. In our analysis, the adaptive capacity is the relatively highest for Seongsan-2-dong in Mapo and the relatively lowest for Changsin-3-dong in Jongno. This study sheds additional light on the spatial patterns of heat wave-vulnerability and the relationship between adaptive capacity and heat wave.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.71-76
• /
• 2012

As the use of Mashups, web3.0, JavaScript and AJAX(Asynchronous JavaScript XML) widely increases, the new security threats for web vulnerability also increases when the web application services are provided. In order to previously diagnose the vulnerability and prepare the threats, in this paper, the classification of security threats and requirements are presented, and the web vulnerability is analyzed for the domestic web sites using WVS(Web Vulnerability Scanner) automatic evaluation tool. From the results of vulnerability such as XSS(Cross Site Scripting) and SQL Injection, the total alerts are distributed from 0 to 31,177, mean of 411, and standard deviation of 2,563. The results also show that the web sites of 22.5% for total web sites has web vulnerability, and the previous defenses for the security threats are required.

• Journal of the Society of Naval Architects of Korea
• /
• v.50 no.6
• /
• pp.383-389
• /
• 2013

Analysis and review of survivability is one of the most important aspects when naval vessels are designed. Because aiming points of threat towards the naval vessels in the battle field could not be estimated exactly, probabilistic and statistic approach is frequently introduced to evaluate and enhance the vessel survivability. Some commercial survivability analysis programs are used to perform the analysis for enhancement of susceptibility, vulnerability and recoverability but, they are usually classified and impossible to be exported to other countries because of their national security. In this paper, a simplified vulnerability analysis program is developed to evaluate the vulnerability of the warship in aspects of structure, redundancy and its mission capability at the conceptual design stage. To verify the developed program, the analysis results were compared with those of the commercial program MOTISS(Measure of Total Integrated System Survivability).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.687-699
• /
• 2021

When a vulnerability occurs in a program, it is documented and published through CVE. However, some vulnerabilities do not disclose the details of the vulnerability and in many cases the source code is not published. In the absence of such information, in order to find a vulnerability, you must find the vulnerability at the binary level. This paper aims to find out-of-bounds read vulnerability that occur very frequently among vulnerability. In this paper, we design a memory area using memory access information appearing in binary code. Out-of-bounds Read vulnerability is detected through the designed memory structure. The proposed tool showed better in code coverage and detection efficiency than the existing tools.

• The Journal of the Korea Contents Association
• /
• v.18 no.8
• /
• pp.459-468
• /
• 2018

Cyberattacks on information systems used by applications related to weapon system and organizations associated with national defense put national security at risk. To reduce these threats, continuous efforts such as applying secure coding from the development stage or managing detected vulnerabilities systematically are being made. It also analyzes and detects vulnerabilities by using various analysis tools, eliminates at the development stage, and removes from developed applications. However, vulnerability analysis tools cause problems such as undetected, false positives, and overdetected, making accurate vulnerability detection difficult. In this paper, we propose a new vulnerability detection method to solve these problems, which can assess the risk of certain applications and create and manage secured application with this data.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.51-58
• /
• 1995

The importance of the risk analysis tool has been recognized and its use also has been emphasized by a number of researchers recently The methodology were examined but neither algorithms nor practical applications have been implemented or practiced in Korea. In this paper, the architecture of the Buddy System, one of the automated risk assessment tools. is analyzed in depth to provide the algorithmic understanding and to promote the development of the risk analysis methodology. The Buddy System mainly uses three main factors of vulnerability, threat and countermeasures as a nucleus of the qualatative analysis with the modified loss expectancy value. These factors are identified and assessed by the separation of duties between the end user and security analyst. The Buddy System uses five axioms as its bases of assessment algorithm and the assessed vulnerability level is strictly within these axioms. Since the In-place countermeasures reduce the vulnerability level up to a certain level. the security analyst may use "what if " model to examine the impact of additional countermeasures by proposing each to reduce the vulnerability level further to within the acceptable range. The emphasis on the qualitative approach on vulnerability leveling is very well balanced with the quantitative analysis that the system performance is prominent.prominent.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.21 no.1
• /
• pp.12-22
• /
• 2018

In order to improve the vulnerability of current cities due to climate change, the disaster vulnerability analysis manual for various disasters is provided. Depending on the spatial units, the disaster vulnerability levels, and the conditions of the climatic factors, the results of the disaster vulnerability analysis will have a significant impact. In this study, relative assessments are conducted by adding the eup, myeon and dong unit in addition to census output area unit to analyze the impact on the spatial unit, and relative changes are analyzed according to the classification stages by expanding the natural classification, which is standardized at level four stage, to level two, four and six stage. The maximum rainfalls(10min, 60min, 24hr) are added for the two limited rainfall characteristics to determine the relativity of disaster vulnerable districts by index. The relative assessment results of heavy rainfall vulnerability index showed that the area ratio of disaster areas by spatial unit was different and the correlation analysis showed that the space analysis between the eup, myeon and dong unit in addition to census output area unit was not consistent. And it can be seen that the proportion of disaster vulnerable districts is relatively different a lot due to indexes of rainfall characteristics, spatial unit analysis and disaster vulnerability level stage. Based on the above results, it can be seen that the ratios of disaster vulnerable districts differ relatively significantly due to the level of the disaster vulnerability class, and the indexes of rainfall characteristics. This suggests that the impact of the disaster vulnerable districts depending on indexes is relatively large, and more detailed indexes should be selected when setting up the disaster vulnerabilities analysis index.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.701-713
• /
• 2021

Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.