• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.11
• /
• pp.46-52
• /
• 2017

Along with the expansion of areas in which ICT and Internet of Things (IoT) devices are utilized, open source software has recently expanded its scope of applications to include computers, smart phones, and IoT devices. Hence, as the scope of open source software applications has varied, there have been increasing malicious attempts to attack the weaknesses of open source software. In order to address this issue, various secure coding programs have been developed. Nevertheless, numerous vulnerabilities are still left unhandled. This paper provides some methods to handle newly raised weaknesses based on the analysis of histories and patterns of previous open source vulnerabilities. Through this study, we have designed a weaknesses analysis system that utilizes weakness histories and pattern learning, and we tested the performance of the system by implementing a prototype model. For five vulnerability categories, the average vulnerability detection time was shortened by about 1.61 sec, and the average detection accuracy was improved by 44%. This paper can provide help for researchers studying the areas of weaknesses analysis and for developers utilizing secure coding for weaknesses analysis.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.9
• /
• pp.724-731
• /
• 2016

As the structural damage caused by earthquakes has been gradually increasing, estimating the seismic fragility of structures has become essential for earthquake preparation. Seismic fragility curves are widely used as a probabilistic indicator of structural safety against earthquakes, and many researchers have made efforts to develop them in a more accurate and effective manner. However, most of the previous research studies used simplified 2D analytical models when deriving fragility curves, mainly to reduce the numerical simulation time; however, in many cases 2D models are inadequate to accurately evaluate the seismic behavior of a structure and its seismic vulnerability. Thus, this study provides a way to derive more accurate, but still effective, seismic fragility curves by using 3D analytical models. In this method, the reliability analysis software, FERUM, is integrated with the structural analysis software, ZEUS-NL, enabling the automatic exchange of data between these two software packages, and the first order reliability method (FORM), which is not a sampling-based method, is utilized to calculate the structural failure probabilities. These tools make it possible to conduct structural reliability analyses effectively even with 3D models. By using the proposed method, this study conducted a seismic vulnerability assessment of RC frame structures with their 3D analytical models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.701-713
• /
• 2021

Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.

• Journal of Digital Convergence
• /
• v.13 no.3
• /
• pp.201-208
• /
• 2015

Recently computer, smart phone, medical devices, etc has become used in a variety of environments as the application fields of IT products have become diversification. Attack case of abuse of software security vulnerabilities is on the increase as the application fields of software have become diversification. Accordingly, secure coding program is of a varied but history management, updating, API module to be vulnerable to attack. Thus, this paper proposed a materialization of CMS linked system to enable check the vulnerability of the source code to content unit for secure software development, configuration management system that interwork on the transmission module. Implemented an efficient coding system secure way that departmentalized by the function of the program and by analyzing and applying secure coding standards.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.175-180
• /
• 2017

In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.

• The Journal of Society for e-Business Studies
• /
• v.16 no.2
• /
• pp.129-142
• /
• 2011

Traditionally research in Service Oriented Architecture(SOA) security has focused primarily on exploiting standards and solutions separately. There exists no unified methodology for SOA security to manage risks at the enterprise level. It needs to analyze preliminarily security threats and to manage enterprise risks by identifying vulnerabilities of SOA. In this paper, we propose a metric-based vulnerability assessment method using dynamic properties of services in SOA. The method is to assess vulnerability at the architecture level as well as the service level by measuring run-time dependency between services. The run-time dependency between services is an important characteristic to understand which services are affected by a vulnerable service. All services which directly or indirectly depend on the vulnerable service are exposed to the risk. Thus run-time dependency is a good indicator of vulnerability of SOA.

• Journal of Korea Multimedia Society
• /
• v.17 no.6
• /
• pp.706-715
• /
• 2014

It is used to lead to serious structural vulnerability of the system security of security-critical system when we have quickly developed software system according to urgent release schedule without appropriate security planning, management, and assurance processes. The Data Set and Provider of DataSnap, which is a middleware of Delphi XE2 of the Embarcadero Technologies Co., certainly help to develop an easy and fast-paced procedure, but it is difficult to apply security program and vulnerable to control software system security when the connection structure Database-DataSnap server-SQL Connection-SQL Data set-Provider is applied. This is due to that all kinds of information of Provider are exposed on the moment when DataSnap Server Port is sure to malicious attackers. This exposure becomes a window capable of running SQL Command. Thus, it should not be used Data Set and Provider in the DataSnap Server in consideration of all aspects of security management. In this paper, we study on the verification of the security vulnerabilities for Client and Server DataSnap in Dlephi XE2, and we propose a secure coding method to improve security vulnerability in the DataSnap server system.

• Earthquakes and Structures
• /
• v.12 no.2
• /
• pp.223-236
• /
• 2017

Seismic assessment and rehabilitation of Monumental Buildings constitute an important issue in many regions around the world to preserve cultural heritage. On the contrary, many recent earthquakes have demonstrated the high vulnerability of this type of structures. The high nonlinear masonry behaviour requires ad hoc refined finite element numerical models, whose complexity and computational costs are generally unsuitable for practical applications. For these reasons, several authors proposed simplified numerical strategies to be used in engineering practice. However, most of these alternative methods are oversimplified being based on the assumption of in-plane behaviour of masonry walls. Moreover, they cannot be used for modelling the monumental structures for which the interaction between plane and out-plane behaviour governs the structural response. Recently, an innovative discrete-modelling approach for the simulation of both in-plane and out of-plane response of masonry structures was proposed and applied to study several typologies of historic structures. In this paper the latter model is applied with reference to a real case study, and numerically compared with an advanced finite element modelling. The method is applied to the St.Venerio church in Reggiolo (Italy), damaged during the 2012 Emilia-Romagna earthquake and numerically investigated in the literature.

• Journal of the military operations research society of Korea
• /
• v.22 no.2
• /
• pp.166-181
• /
• 1996

Aircraft survivability is determined by the susceptibility and the vulnerability. The aircraft susceptibility and vulnerability depend upon the hardware and software factors. Each of the hardware and software factors consisted of the qualitative and quantitative attributes varies according to the time of the mission. In order to establish the mathermatical model to analyze and evaluate the aircraft survivability, qualitative factors have to be transformed into quantitative factors. Even if many researches in the area of dynamic concept analysis and conversion of qualitative factors into the quantitative factors has been insufficient. This research enhances these insufficient area by developing a reliable aircarft survivability analysis method. The major areas of this research are as follows. First, a method for the conversion of the qualitative factors into the quantitative factors is developed by combining the Fuzzy Set Theory concept and the Delphi Technique. Second, by using the stochastic network diagram for the dynamic survivability analysis, the aircraft survivability and the probability of kill are calculated from the state probability for the situation during mission. The advantage of the analysis technique developed in this research includes ease of use and flexibility. In other words, in any given aircraft's mission execution under any variable probability density function, the developed computer program is able to analyze and evaluate the aircraft survivability.

• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.257-262
• /
• 2015

The ministry of security and public administration provide the secure coding guide that can remove the vulnerability of applications and defend cyber attack from the coding step because cyber attack like the hacking about 75% abusing the vulnerability of applications. In this paper we find the oder of priority and did the criticality analysis used by AHP about 7 items in the secure coding which the ministry of security and public administration provide. The result is decided that 'exception handling' is the most important item. There is no secure coding items in software supervision currently, therefore the result of the research will make good use audit standards in the process of the software development.