• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.28 no.9
• /
• pp.698-706
• /
• 2017

The risk of high power electromagnetic(HPEM) pulse exposure to the devices used in digital control system such as PLC(programmable logic controller) and communication cable is increasing. In this paper, two different frequency ranges HPEMs were exposed to those control systems to assess the each vulnerability. The vulnerability of the EUTs exposed from HPEM were analyzed and compared with a variation of distances and source power. As the EUTs were exposed to higher level of HPEM, the voltage and communication waveform of the control system had shown a distorted response. And the unshielded twisted pair(UTP) cable connected to the EUTs showed operation failures with induced voltage. However, the foiled twisted pair(FTP) cable shielded the connected device efficiently from the HPEM exposure. Therefore, the necessity of the protection measures against the vulnerability of HPEM exposure for the digital control system used in power facilities and industrial site were verified.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.102-110
• /
• 2001

대부분의 해킹 공격은 공격 대상 프로그램의 소스코드 보안취약점에 의해서 발생하지만 프로그램 개발시에 소스코드 보안성에 대해서는 고려되지 않았다. 이러한 문제점으로 인하여 해킹 공격의 근본적인 원인을 해결할 수 없었다. 본 논문에서는 취약점의 원인이 되는 코드를 컴파일시 생성된 어셈블리 코드 수준에서 탐지하는 방법을 제시하고자 한다. 취약한 코드를 컴파일러 수준에서 점검하는 것보다 어셈블리 코드 수준에서 점검하는 것은 어느 정도의 메모리 영역까지 점검할 수 있어 더 정확하다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.91-101
• /
• 2005

Although the studies on the analysis and classification of source-level vulnerabilities in operating systems are not direct and positive solutions to the exploits with which the host systems are attacked, It is important in that those studies can give elementary technologies in the development of security mechanisms. But, whereas Linux systems are widely used in Internet and intra-net environments recently, the information on the basic and fundamental vulnerabilities inherent in Linux systems has not been studied enough. In this paper, we propose characteristic classification and correlational analyses on the source-level vulnerabilities in Linux kernel that are opened to the public and listed in the SecurityFocus site for 6 years from 1999 to 2004. This study may contribute to expect the types of attacks, analyze the characteristics of the attacks abusing vulnerabilities, and verify the modules of the kernel that have critical vulnerabilities.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.10
• /
• pp.1397-1402
• /
• 2021

The overlay2 file system is one of the union file systems that mounts multiple directories into one. The source directory used for this overlay2 file system mount has a characteristic that it operates independently of the write-able layer after mounting, so it is often used for container platforms for application delivery. However, the overlay2 file system has a security vulnerability that the write-able layer is also modified when file in the source directory is modified. In this study, I proposed the overlay2 file system protection technology to remove the security vulnerabilities of the overlay2 file system. As a result of empirically implementing the proposed overlay2 file system protection technology and verifying the function, the protection technology proposed in this study was verified to be effective. However, since the method proposed in this study is a passive protection method, a follow-up study is needed to automatically protect it at the operating system level.

• Journal of the Korean Society of Environmental Restoration Technology
• /
• v.26 no.1
• /
• pp.17-33
• /
• 2023

Disasters in coastal regions are a constant source of damage due to their uncertainty and complexity, leading to the proposal of green infrastructure as a nature-based solution that incorporates the concept of resilience to address the limitations of traditional grey infrastructure. This study analyzed trends in research related to coastal disasters and green infrastructure by conducting a co-occurrence keyword analysis of 2,183 articles collected from the Web of Science (WoS). The analysis resulted in the classification of the literature into four clusters. Cluster 1 is related to coastal disasters and tsunamis, as well as predictive simulation techniques, and includes keywords such as surge, wave, tide, and modeling. Cluster 2 focuses on the social system damage caused by coastal disasters and theoretical concepts, with keywords such as population, community, and green infrastructure elements like habitat, wetland, salt marsh, coral reef, and mangrove. Cluster 3 deals with coastal disaster-related sea level rise and international issues, and includes keywords such as sea level rise (or change), floodplain, and DEM. Finally, cluster 4 covers coastal erosion and vulnerability, and GIS, with the theme of 'coastal vulnerability and spatial technique'. Keywords related to green infrastructure in cluster 2 have been continuously appearing since 2016, but their focus has been on the function and effect of each element. Based on this analysis, implications for planning and management processes using green infrastructure in response to coastal disasters have been derived. This study can serve as a valuable resource for future research and policy in responding to and managing various disasters in coastal regions.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.07a
• /
• pp.75-76
• /
• 2015

본 논문에서는 S/W 개발 보안 지침을 알려준다. S/W 개발 보안에서 S/W의 보안 취약점 유형에 대하여 설명한다. S/W 보안 취약점 유형인 입력 데이터 검증 및 표현, API 악용, 보안 특성, 시간 및 상태, 에러처리 코드품질, 그리고 캡슐화에 대하여 설명하도록 한다. 즉, 본 논문에서는 보안 취약점에 대한 소스코드 레벨에서의 대응조치에 대한 가이드를 제시하고자 한다.

• Journal of Information Processing Systems
• /
• v.20 no.2
• /
• pp.173-184
• /
• 2024

The connected car services are one of the most widely used services in the Internet of Things environment, and they provide numerous services to existing vehicles by connecting them through networks inside and outside the vehicle. However, although vehicle manufacturers are developing services considering the means to secure the connected car services, concerns about the security of the connected car services are growing due to the increasing number of attack cases. In this study, we reviewed the research related to the connected car services that have been announced so far, and we identified the threats that may exist in the connected car services through security threat modeling to improve the fundamental security level of the connected car services. As a result of performing the test to the applications for connected car services developed by four manufacturers, we found that all four companies' applications excessively requested unnecessary permissions for application operation, and the apps did not obfuscate the source code. Additionally, we found that there were still vulnerabilities in application items such as exposing error messages and debugging information.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.11
• /
• pp.94-103
• /
• 2017

As automatic hacking tools and techniques have been improved, the number of new vulnerabilities has increased. The CVE registered from 2010 to 2015 numbered about 80,000, and it is expected that more vulnerabilities will be reported. In most cases, patching a vulnerability depends on the developers' capability, and most patching techniques are based on manual analysis, which requires nine months, on average. The techniques are composed of finding the vulnerability, conducting the analysis based on the source code, and writing new code for the patch. Zero-day is critical because the time gap between the first discovery and taking action is too long, as mentioned. To solve the problem, techniques for automatically detecting and analyzing software (SW) vulnerabilities have been proposed recently. Cyber Grand Challenge (CGC) held in 2016 was the first competition to create automatic defensive systems capable of reasoning over flaws in binary and formulating patches without experts' direct analysis. Darktrace and Cylance are similar projects for managing SW automatically with artificial intelligence and machine learning. Though many foreign commercial institutions and academies run their projects for automatic binary analysis, the domestic level of technology is much lower. This paper is to study developing automatic detection of SW vulnerabilities and defenses against them. We analyzed and compared relative works and tools as additional elements, and optimal techniques for automatic analysis are suggested.

• Journal of the Korean Society of Environmental Restoration Technology
• /
• v.24 no.1
• /
• pp.53-68
• /
• 2021

The study aims to propose a locating method of green space for reducing Particulate Matter (PM) in ambient air in conjunction with its source traces and vulnerable groups. In order to carry out the aims and purposes, a literature review was conducted to derive indicators of vulnerable area to PM. Based on the developed indicators, the vulnerable areas and green spaces creation strategies for each cluster were developed for the case of Seongdong-gu, Seoul. As a result, six indicators for vulnerability analysis were came out including the vulnerable groups (children's facilities, old people's facilities), emission sources (air pollutant emission workplaces, roads), and environmental indicators (particulate matter concentration, NDVI). According to the six selected indicators, the target area was divided into 39 hexagons and analyzed to result the most vulnerable areas to particulate matter. As a result of comprehensive vulnerability analysis, the Seongsu-dong area was found to be the most vulnerable to particulate matter, and 5 clusters were derived through k-means cluster analysis. Cluster 1 was analyzed as areas that most vulnerable to particulate matter as a result of the comprehensive analysis, therefore urgent need to create green spaces to reduce particulate matter. Cluster 2 was areas that mostly belonged to the Han River. Cluster 3 corresponds to the largest number of hexagons, and since many vulnerable groups are distributed, it was analyzed as a cluster that required the creation of a green spaces to reduce particulate matter, focusing on facilities for vulnerable groups. Three hexagons are included in cluster 4, and the cluster has many roads and lacks vegetation in common. Cluster 5 has a lot of green spaces and is generally distributed with fewer vulnerable groups and emission sources; however, it has a high level of particulate matter concentration. In a situation where various green spaces creation projects for reducing particulate are being implemented, it is necessary to consider the vulnerable groups and emission sources and to present green space creation strategies for each space characteristic in order to increase the effectiveness of such projects. Therefore, this study is regarded as meaningful in suggesting a method for selecting a green area for reducing PM.

• Proceedings of the Korean Institute of IIIuminating and Electrical Installation Engineers Conference
• /
• 2008.10a
• /
• pp.229-234
• /
• 2008

The new millennium has started with several innovations driven by fast evolution of the technologies in energy sector. A strong impulse towards the diffusion of new economical efficient technologies regulatory incentives related to energy production from renewable source and a small scale building trigeneration and to promotion of more sustainable environmental-friendly generation solutions, the evolution of electricity markets, more and more binding local emission constraints, and the need for improving the security of supply to reduce the energy system vulnerability. The 24 percentage energy quantify of total energy consumption consumes in commercial buildings and residential houses and the 30% portion of total $CO_2$ emissions covers also in the commercial buildings and residential houses sector. To cope with efficiently this energy sinuation in building sector, Building microgrid or building tooling, heating & power(BCHP) system has been interested in recent day due to meeting thermal and electric energy requirements efficiently and with appropriate energy quality. A multi agent system is a collective of intelligent agents that communicate with each other and work cooperatively to achieve common goals. Also, it is to medicate and coordinate communication between Control Areas and Security Coordinators for teal-time control of the BCHP system and the power pid. In this new circumstance, it is very important to integrate the power and energy delivery system and the information system(communication, networks, and intelligent equipment) that controls it. Therefore, development of smart control modules with open communication protocol and seamlessly interchange the data and information between control network and data network including extranet and intranet give a great meanings. We designed and developed the TCP/IP-CAN IED agent modules and ModBus./LonTalk/(TCP/IP) IED agent ones to configure the multi-agent system based smart energy network of commercial buildings and also intelligent algorithms for inverter fault diagnostics which ran be operated in control level or agent level network.