• 정보보호학회지
• /
• 제26권1호
• /
• pp.34-41
• /
• 2016

최근 사이버 공격은 분야와 대상을 막론하지 않고 곳곳에서 발생하고 있으며 소프트웨어의 보안 취약점을 이용한 지능적인 수법으로 지속적인 공격을 수행하는 APT 공격 또한 확산하고 있다. 이와 같은 공격을 예방하기 위해서는 공격에 직접 이용되는 소프트웨어 보안 취약점을 사전에 제거해야 한다. 소프트웨어 보안 취약점(vulnerability)의 원천 원인은 소프트웨어 허점, 결점, 오류와 같은 보안 약점(weakness)이다. 그러므로 소프트웨어에서 보안 약점은 개발 단계에서 완전히 제거하는 것이 가장 좋다. 이를 위해 소프트웨어 개발 생명주기(SDLC:Software Development Life Cycle) 전반에 걸쳐 보안성을 강화하는 활동을 수행한다. 이는 소프트웨어 배포 이후에 발생할 수 있는 보안 취약점에 대한 보안 업데이트 및 패치에 대한 비용을 효과적으로 감소시키는 방안이기도 한다. 본 논문에서는 소프트웨어 개발 단계 보안을 강화한 소프트웨어 개발 생명주기로서 시큐어 SDLC에 대한 주요 사례를 소개한다.

• Smart Structures and Systems
• /
• 제15권3호
• /
• pp.543-553
• /
• 2015

The condition of the vehicular bridge network in New York City, as represented by ratings obtained during biennial inspections is reviewed over a period of three decades. Concurrently, the bridges comprising the network are considered as networks of structural elements whose condition defines the overall bridge condition according to New York State assumptions. A knowledge-based matrix of assessments is used in order to determine each element's vulnerability and impact within the network of an individual structure and the network of City bridges. In both networks expansion deck joints emerge as the weak link. Typical joint failures are illustrated. Bridge management options for maintenance, preservation, rehabilitation and replacement are examined in the context of joint performance.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2007년도 추계학술발표대회
• /
• pp.1242-1245
• /
• 2007

국가 재난관리 시스템(National Disaster Management System: NDMS)은 개발 및 운용상의 여러 이유로 인해 개인정보의 수집을 필요로 한다. 그러나 이렇게 수집된 개인정보는 수집단계에서부터 소멸단계까지 인가/비인가 관리자에 의한 악용 또는 침해우려가 높다. 본 논문에서는 이러한 개인정보들의 관리 및 보호를 위해 재난관리시스템을 대상으로 보호대상 개인정보를 분석하고, 도출된 개인정보에 대하여 재난관리 업무상의 보호/통제를 평가하며, 개인정보 Life Cycle 별 위협 요소 및 잠재 위험 분석을 통한 영향평가를 수행하여 개인정보보호를 위한 관리적, 기술적, 물리적 대응방안을 제시하고자 한다.

• Fisheries and Aquatic Sciences
• /
• 제26권4호
• /
• pp.294-303
• /
• 2023

Beside that the fish species and their sub-populations are highly important as a keystone species in the coastal and marine ecosystem, there are very few studies on their presence, distribution and temporal variations within and around the lagoon ecosystems in Albania. This paper provides an updated review on the life cycle, fishery, exploitation state and management of the main species that are subject of commercial fishing in the Karavasta lagoon, southeastern Adriatic coast of Albania. Due to the fact that lagoons represent a continuum between continental and marine aquatic ecosystems they play a crucial role in species life cycles. Further on in the circumstances of rapid utilizations and environmental changes, anomalies in salinity and temperatures, accelerated anthropogenic influences their rate of vulnerability is highly increased. Following the requirements of the Water Framework Directive, transitional water, coastal lagoons and estuaries there is a need for urgent monitoring and management approaches. The commercial species include: European eel (Anguilla anguilla), species of Family Mugilidae (Mugil cephalus, Liza ramada, Liza salienes and Chelon labrosus), Seabream (Sparus aurata), Seabass (Dincentrarchus labrax), etc. Fish productivity is oscillating from maximum value of 61.95 kg/ha is recorded in period of 1975-80 and lower value of 31 kg/ha in year 2020. Our study highlights importance of fish and fishery long-term monitoring, and contributes to understand the driving factors in productivity, migration patterns and species ecology in the vital coastal ecosystems.

• 한국수자원학회:학술대회논문집
• /
• 한국수자원학회 2023년도 학술발표회
• /
• pp.183-183
• /
• 2023

Smart water cities (SWC) are urban municipalities that utilizes modern innovations in managing and preserving the urban water cycle in the city; with the purpose of securing sustainability and improving the quality of life of the urban population. Understanding the different urban water characteristics and management strategies of cities situate a baseline in the development of evaluation scheme in determining whether the city is smart and sustainable. This research herein aims to develop measurements and evaluation for SWC Key Performance Indicators (KPIs), and set up a unified global standard and certification scheme. The assessment for SWC is performed in technical, as well as governance and prospective aspects. KPI measurements under Technical Pillar assess the cities' use of technologies in providing sufficient water supply, monitoring water quality, strengthening disaster resilience, minimizing hazard vulnerability, and maintaining and protecting the urban water ecosystem. Governance and Prospective Pillar on the other hand, evaluates the social, economic and administrative systems set in place to manage the water resources, delivering water services to different levels of society. The performance assessment is composed of a variety of procedures performed in a quantitative and qualitative manner, such as computations through established equations, interviews with authorities in charge, field survey inspections, etc. The developed SWC KPI measurements are used to evaluate the urban water management practices for Busan Eco Delta city, a Semulmeori waterfront area in Gangseo district, Busan. The evaluation and scoring process was presented and established, serving as the basis for the application of the smart water city certification all over the world. The established guideline will be used to analyze future cities, providing integrated and comprehensive information on the status of their urban water cycle, gathering new techniques and proposing solutions for smarter measures.

• 정보보호학회논문지
• /
• 제29권4호
• /
• pp.885-895
• /
• 2019

최근 금융권 해킹사례를 통해서 알 수 있듯이 공격자는 금융회사를 직접 해킹하기 보다는 보안관리가 허술한 수탁자를 대상으로 해킹공격을 시도하고 있다. 이로 인해 위탁자는 수탁자에 대한 보안점검 및 통제를 강화하고 있으나 영세 수탁자의 경우 전산설비 부족 및 보안장비 도입 시 과도한 비용 발생으로 인해 정보보호 투자에 미흡하다. 본 논문에서는 신용카드사들로부터 개인정보를 제공 받은 영세수탁업체의 보안강화를 위해 개인정보 라이프 사이클 기준으로 취약점에 대해 알아 보고자한다. 취약점 해결방안으로 클라우드 컴퓨팅 서비스에 소송관리시스템을 구축하여 사용하고 데이터 전송구간은 가상사설망을 설치하여 기밀성 및 무결성을 확보한다. 또한 사용자 보안강화를 위해 사용자PC에 PC방화벽, 출력물 보안등의 설치를 통한 개인신용정보 처리 보호방안을 제시하고자 한다.

• 한국통신학회논문지
• /
• 제38C권4호
• /
• pp.335-343
• /
• 2013

SW 개발단계에서 사이버침해사고의 주요 원인인 SW 보안약점을 진단하여 제거하면 사이버침해사고를 효과적으로 예방할 수 있다. 국내의 경우, SW 개발보안 적용이 의무화되어 SW 보안약점을 제거하는 것이 필수사항이 되었다. 효과적으로 SW 보안약점을 진단하여 제거하기 위해서는 신뢰된 SW 보안약점 진단도구의 도움이 필요하다. 따라서, 본 논문은 국내환경에 적합한 진단도구 기능 요구사항과 진단도구의 신뢰성을 보증할 수 있는 평가방법론을 제안한다. 그리고, 제안된 평가체계의 효과를 분석하기 위한 시범 적용한 결과 및 절차를 제시한다.

• 경영과학
• /
• 제26권1호
• /
• pp.37-51
• /
• 2009

Korean IT industry has been given much weight in national R&D management. A negative side of this fact is that Korean economy is likely to become vulnerable to a condition of the export business in certain items of IT industry which has a serious influence on the national economy. A customized investment strategy through the analysis of technology competitiveness and R&D status in each technology of IT field is required in order to rectify the structural vulnerability and pursue a continuous growth. In this research, a strategic direction to set up an efficient investment strategy is presented. In this process, it draws a portfolio analysis with two axes of technology level and technology life cycle. It also derives a priority order of the national investment considering the degree of technological impact, marketability, and adequacy of public support from AHP (Analytic Hierarchy Process) method by a survey of IT experts. A portfolio analysis in the prior stage helps the respondents in AHP become more familiar with the alternatives' characteristics so that their decision making process more corresponds with national R&D strategies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권8호
• /
• pp.3888-3910
• /
• 2018

As an increasing number of defense methods against control-data attacks are deployed in practice, control-data attacks have become challenging, and non-control-data attacks are on the rise. However, defense methods against non-control-data attacks are still deficient even though these attacks can produce damage as significant as that of control-data attacks. We present a method to defend against non-control-data attacks using influence domain monitoring (IDM). A definition of the data influence domain is first proposed to describe the characteristics of a variable during its life cycle. IDM extracts security-critical non-control data from the target program and then instruments the target for monitoring these variables' influence domains to ensure that corrupted variables will not be used as the attackers intend. Therefore, attackers may be able to modify the value of one security-critical variable by exploiting certain memory corruption vulnerabilities, but they will be prevented from using the variable for nefarious purposes. We evaluate a prototype implementation of IDM and use the experimental results to show that this method can defend against most known non-control-data attacks while imposing a moderate amount of performance overhead.

• Earthquakes and Structures
• /
• 제9권6호
• /
• pp.1337-1353
• /
• 2015

Seismic upgrading of existing structures is a technical and social issue aimed at risk reduction. Sustainable design is one of the most important challenges in any structural project. Nowadays, many retrofit strategies are feasible and several traditional and innovative options are available to engineers. Basically, the design strategy can lead to increase structural ductility, strength, or both of them, but also stiffness regulation and supplemental damping are possible strategies to reduce seismic vulnerability. Each design solution has different technical and economical performances. In this paper, four different design solutions are presented for the retrofit of an existing RC frame with poor concrete quality and inadequate reinforcement detailing. The considered solutions are based on FRP wrapping of the existing structural elements or alternatively on new RC shear walls introduction. This paper shows the comparison among the considered design strategies in order to select the suitable solution, which reaches the compromise between the obtained safety level and costs during the life-cycle of the building. Each solution is worked out by considering three different levels of seismic demand. The structural capacity of the considered retrofit solutions is assessed with nonlinear static analysis and the seismic performance is evaluated with the capacity spectrum method.