• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.11
• /
• pp.46-52
• /
• 2017

Along with the expansion of areas in which ICT and Internet of Things (IoT) devices are utilized, open source software has recently expanded its scope of applications to include computers, smart phones, and IoT devices. Hence, as the scope of open source software applications has varied, there have been increasing malicious attempts to attack the weaknesses of open source software. In order to address this issue, various secure coding programs have been developed. Nevertheless, numerous vulnerabilities are still left unhandled. This paper provides some methods to handle newly raised weaknesses based on the analysis of histories and patterns of previous open source vulnerabilities. Through this study, we have designed a weaknesses analysis system that utilizes weakness histories and pattern learning, and we tested the performance of the system by implementing a prototype model. For five vulnerability categories, the average vulnerability detection time was shortened by about 1.61 sec, and the average detection accuracy was improved by 44%. This paper can provide help for researchers studying the areas of weaknesses analysis and for developers utilizing secure coding for weaknesses analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.89-95
• /
• 2008

This paper analyzes the intrinsic vulnerability problems of the authentication system for Internet commerce based on the ID and password strings gathered from the computer keyboard. Through the found vulnerability, it is easy to sniff user passwords as well as any other keyboard inputs even when each of the existing keyboard protection softwares is running. We propose several countermeasures against the possible attacks to the vulnerability at both points of the hardware and the software concerns. The more secure environment for Internet commerce is highly required by implementing the proposed countermeasures.

• International journal of advanced smart convergence
• /
• v.8 no.4
• /
• pp.47-57
• /
• 2019

We examine the weaknesses of the existing OOXML-based MS-Word file structure, and analyze how data concealment and forgery are performed in MS-Word digital documents. In case of forgery by including hidden information in MS-Word digital document, there is no difference in opening the file with the MS-Word Processor. However, the computer system may be malfunctioned by malware or shell code hidden in the digital document. If a malicious image file or ZIP file is hidden in the document by using the structural vulnerability of the MS-Word document, it may be infected by ransomware that encrypts the entire file on the disk even if the MS-Word file is normally executed. Therefore, it is necessary to analyze forgery and alteration of digital document through internal structure analysis of MS-Word file. In this paper, we designed and implemented a mechanism to detect this efficiently and automatic detection software, and presented a method to proactively respond to attacks such as ransomware exploiting MS-Word security vulnerabilities.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.9
• /
• pp.724-731
• /
• 2016

As the structural damage caused by earthquakes has been gradually increasing, estimating the seismic fragility of structures has become essential for earthquake preparation. Seismic fragility curves are widely used as a probabilistic indicator of structural safety against earthquakes, and many researchers have made efforts to develop them in a more accurate and effective manner. However, most of the previous research studies used simplified 2D analytical models when deriving fragility curves, mainly to reduce the numerical simulation time; however, in many cases 2D models are inadequate to accurately evaluate the seismic behavior of a structure and its seismic vulnerability. Thus, this study provides a way to derive more accurate, but still effective, seismic fragility curves by using 3D analytical models. In this method, the reliability analysis software, FERUM, is integrated with the structural analysis software, ZEUS-NL, enabling the automatic exchange of data between these two software packages, and the first order reliability method (FORM), which is not a sampling-based method, is utilized to calculate the structural failure probabilities. These tools make it possible to conduct structural reliability analyses effectively even with 3D models. By using the proposed method, this study conducted a seismic vulnerability assessment of RC frame structures with their 3D analytical models.

• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.257-262
• /
• 2015

The ministry of security and public administration provide the secure coding guide that can remove the vulnerability of applications and defend cyber attack from the coding step because cyber attack like the hacking about 75% abusing the vulnerability of applications. In this paper we find the oder of priority and did the criticality analysis used by AHP about 7 items in the secure coding which the ministry of security and public administration provide. The result is decided that 'exception handling' is the most important item. There is no secure coding items in software supervision currently, therefore the result of the research will make good use audit standards in the process of the software development.

• Structural Engineering and Mechanics
• /
• v.72 no.1
• /
• pp.83-97
• /
• 2019

In this research, the vulnerability of some reinforced concrete frames with different stories are studied based on the Park-Ang Damage Index. The damages of the frames are investigated under various earthquakes with nonlinear dynamic analysis in IDARC software. By examining the most important characteristics of earthquake parameters, the damage index and vulnerability of these frames are investigated in this software. The intensity of Erias, velocity spectral intensity (VSI) and peak ground velocity (PGV) had the highest correlation, and root mean square of displacement ($D_{rms}$) had the lowest correlation coefficient among the parameters. Then, the particle swarm optimization (PSO) algorithm was used, and the sinusoidal waves were equivalent to the used earthquakes according to the most influential parameters above. The damage index equivalent to these waves is estimated using nonlinear dynamics analysis. The comparison between the damages caused by earthquakes and equivalent sinusoidal waves is done too. The generations of sinusoidal waves equivalent to different earthquakes are generalized in some reinforced concrete frames. The equivalent sinusoidal wave method was exact enough because the greatest difference between the results of the main and artificial accelerator damage index was about 5 percent. Also sinusoidal waves were more consistent with the damage indices of the structures compared to the earthquake parameters.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.175-180
• /
• 2017

In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.

• The KIPS Transactions:PartC
• /
• v.15C no.2
• /
• pp.125-132
• /
• 2008

As the development of Internet technology, the number of IDs managed by each individuals has been increased. And many software development institutes have developed ID/PW management solutions to facilitate secure and convenient management of ID/PW. However, these solutions also can be vulnerable in case of administrator's password exposure. Thus, we need to derive security requirements from the vulnerability analysis of these solutions, also we need evaluation criteria for secure ID/PW management solution development. In this paper, we analyze the vulnerability of ID/PW management solution and propose the evaluation criteria for secure ID/PW management solution.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.15 no.3
• /
• pp.272-287
• /
• 2012

The optimal use of sonar systems for detection is a practical problem in a given ocean environment. In order to quantify the mission achievability in general, measure of effectiveness(MOE) is defined for specific missions. In this paper, using the specific MOE for detection, which is represented as cumulative detection probability(CDP), an integrated software package named as Optimal Acoustic Search Path Planning(OASPP) is developed. For a given ocean environment and sonar systems, the discrete observations for detection probability(PD) are used to calculate CDP incorporating sonar and environmental parameters. Also, counter-detection probability is considered for vulnerability analysis for a given scenario. Through modeling and simulation for a simple case for which an intuitive solution is known, the developed code is verified.

• Journal of Software Assessment and Valuation
• /
• v.17 no.2
• /
• pp.125-142
• /
• 2021

Reports of rampant cross-site scripting (XSS) vulnerabilities raise growing concerns on the effectiveness of current Static Analysis Security Testing (SAST) tools as an internet security device. Attentive to these concerns, this study aims to examine seven open-source SAST tools in order to account for their capabilities in detecting XSS vulnerabilities in PHP applications and to determine their performance in terms of effectiveness and analysis runtime. The representative tools - categorized as either text-based or graph-based analysis tools - were all test-run using real-world PHP applications with known XSS vulnerabilities. The collected vulnerability detection reports of each tool were analyzed with the aid of PhpStorm's data flow analyzer. It is observed that the detection rates of the tools calculated from the total vulnerabilities in the applications can be as high as 0.968 and as low as 0.006. Furthermore, the tools took an average of less than a minute to complete an analysis. Notably, their runtime is independent of their analysis type.