• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.680-683
• /
• 2013

방화벽, 백신, IPS, 취약점 점검 시스템 등 중요 시스템의 보안을 위해 다수의 소프트웨어들이 운용되고 있다. 그 중 취약점 점검 시스템은 중요 서버의 보안 취약점을 점검하여 사전에 보안 위협을 예방한다는 측면에서 중요하다. 그러나 서버의 취약점을 점검해주는 소프트웨어 자체에 취약점이 존재한다면 취약점 보완을 위해 도입한 시스템이 취약점을 내포하고 있는 모순된 상황을 발생시킨다. 본 논문에서는 취약점 점검 시스템의 매니저와 에이전트의 점검 패킷을 분석하여 데이터 필드에 임의의 값을 주입하는 SPIKE 기반의 퍼즈 테스팅 기법으로 매니저와 에이전트 모두에서 DoS(Denial of Service) 취약점을 발견하였다. 해당 취약점은 다수의 SQL 세션을 생성하고 시스템의 CPU 점유율을 100%로 높여 시스템의 다른 서비스조차 이용할 수 없는 상태를 보였다.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.44 no.4
• /
• pp.465-482
• /
• 2024

The global use of groundwater in coastal areas has increased. Events such as seawater intrusion (SWI) are expected to increase along with the acceleration of natural disasters owing to environmental changes such as climate change, resulting in large-scale damage worldwide. Current trends in the research of coastal groundwater and related natural disasters include testing and verifying technologies using major case studies from individual countries. We identified global research trends in coastal groundwater, related these trends to changing environments and climate, and confirmed the qualitative and quantitative growth of these studies. This study describes the theoretical background and techniques for coastal groundwater analysis and details regional-scale SWI indicators based on analytical and numerical studies. This review highlights recent technologies that consider uncertainty and promotes discussions on field data obtained using new technologies. Finally, the research findings and trends for a regional coastal aquifer in Korea are discussed to describe recent SWI approaches for groundwater resources.

• Earthquakes and Structures
• /
• v.14 no.5
• /
• pp.467-476
• /
• 2018

The seismic vulnerability of skewed bridges had been observed in many past earthquakes. Researchers have found that the in-plane rotation of the girders was one of the main reasons for the vulnerability of these types of bridges. To date, not many experimental works have been done on this topic, especially those including pounding between adjacent structures. In this study, shake table tests were performed on a bridge-abutment system consisting of a straight, $30^{\circ}$, and $45^{\circ}$ bridge with and without considering pounding. Skewed bridges with the same fundamental frequency and those having the same girder mass as the straight bridge were studied. Under the loadings considered, skewed bridges with the same frequency as the straight tend to have smaller responses than those with the same mass. The average maximum bending moment developed in the piers of the $30^{\circ}$ bridge with the same mass as that of the straight when pounding was not considered was 1.6 times larger than when the frequencies were the same. It was also found that the NZTA recommendations for the seat lengths of skewed bridges could severely underestimate the relative displacements of these types of bridges in the transverse direction, especially when pounding occurs. In the worst case, the average transverse displacement of the $45^{\circ}$ bridge was about 2.6 times the longitudinal displacement of the straight, which was greatly over the limit suggested by the NZTA of 1.25 times.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.1003-1008
• /
• 2017

The Internet of Things has attracted considerable research attention in recent years. In order for the new IoT technology to be widely used, the reliability and protection of information is required. IoT systems are very vulnerable to physical security due to their easy accessibility. Along with the development of SoC technology, many operating systems have been developed and many new operating systems have been introduced. In this paper, we describe the vulnerability analysis results for operating systems running on the ARMv7 Thumb Architecture hardware platform. For the recently introduced "Windows 10 IoT Core" operating system, I implemented the Zero-Day Attack by implanting the penetration code developed through the research into a specific IoT system. The virus detection test for the resulting penetration code was validated by referral to the "virustotal" site.

• Journal of Digital Convergence
• /
• v.13 no.2
• /
• pp.177-183
• /
• 2015

Cross Site Scripting enables hackers to steal other user's information (such as cookie, session etc.) or to do abnormal functions automatically using vulnerability of web application. This attack patterns of Cross Site Scripting(XSS) can be divided into two types. One is Reflect XSS which can be executed in one request for HTTP and its reply, and the other is Stored XSS which attacks those many victim users whoever access to the page which accepted the payload transmitted. To correspond to these XSS attacks, some measures have been suggested. They are data validation for user input, output validation during HTML encoding procedures, and removal of possible risk injection point to prevent from trying to insert malicious code into web application. In this paper, the methods and procedures for these two types are explained and a penetration testing is done. With these suggestions, the attack by XSS could be understood and prepared by its countermeasures.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.175-180
• /
• 2017

In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.269-281
• /
• 2018

Many organizations are threatened by numerous information security attacks which are resulting in information security incidents. To prevent information security incidents, organizations invest on various information security measures like information security products, monitoring services and security training and educations. However they do not have enough knowledge about measurable utilities of information security investments. Since there is little studies empirically examining the effect of information security investments, this research aims to find out utilities of information security investment. We especially focuse on information security service investments. This study examined the data from the survey on information security for business sector which was conducted by Korean information & security agency. We utilized negative binomial regression model, which is a suitable model for over-dispersed count data. We found out that an investment on information security education and vulnerability testing have direct impact on reducing information security incidents. This research academically contributed to shed light on the utility of information security investments on reducing information security incidents. This research practically contributed to providing information security investment guideline for organizations which want to reduce information security incidents efficiently.

• Asian Pacific Journal of Cancer Prevention
• /
• v.15 no.3
• /
• pp.1227-1232
• /
• 2014

Background: Given that there are many Iranian women who have never had a Pap smear, this study was designed to develop and validate a measurement tool based on the Protection Motivation Theory to assess factors influencing the Iranian women's intention to perform first Pap testing. Materials and Methods: In this psychometric research, to determine the Content Validity Index (CVI) and the Content Validity Ratio (CVR), a panel of experts (n=10) reviewed scale items. Reliability was estimated through the Intraclass Correlation Coefficient (n=30) and internal consistency (n=240). Also, factor analysis (exploratory and conformity) was performed on the data of the sample women who had never had a Pap smear test (n=240). Results: A 26-item questionnaire was developed. The CVI and CVR scores of the scale were 0.89 and 0.90, respectively. Exploratory factor analysis loaded a 26-item with seven factors questionnaire (perceived vulnerability and severity, fear, response costs, response efficacy, self-efficacy, and protection motivation (or intention)) that jointly accounted for 72.76% of the observed variance. Confirmatory factor analysis indicated a good fit for the data. Internal consistency (range 0.70-0.93) and test-retest reliability (range 0.72-0.96) of sub-scales were acceptable. Conclusions: This study showed that the designed instrument was a valid and reliable tool for measuring the factors influencing the women's intention to perform their first Pap testing.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.11
• /
• pp.2459-2464
• /
• 2012

Many companies has led to the damage case being leaked to personal information by taking cyber attack. Also, planned hacking cases continues to increase for the purpose of acquiring monetary gain or causing social disruption induction, etc. Approximately 75% of the Web site attacks exploit the vulnerability of the application. Major security issue is to strengthen the S/W development security according to the legal basis. The members of the project team is the fact that the lack of recognition of application development security. In addition, passive response and security validation/testing, etc. throughout the SDLC to the entire area is insufficient. Therefore, rework due to the belated discovery of a defect has occurs. In this paper, we examine the case of the project step-by-step security activities by performing IT services companies. And, through this, we present security measures that can be applied to the step-wise real-world projects.

• Steel and Composite Structures
• /
• v.19 no.5
• /
• pp.1167-1184
• /
• 2015

Despite considerable life casualty and financial loss resulting from past earthquakes, many existing steel buildings are still seismically vulnerable as they have no lateral resistance or at least need some sort of retrofitting. Passive control methods with decreasing seismic demand and increasing ductility reduce rate of vulnerability of structures against earthquakes. One of the most effective and practical passive control methods is to use a shear panel system working as a ductile fuse in the structure. The shear Panel System, SPS, is located vertically between apex of two chevron braces and the flange of the floor beam. Seismic energy is highly dissipated through shear yielding of shear panel web while other elements of the structure remain almost elastic. In this paper, lateral behavior and related benefits of this system with narrow-flange link beams is experimentally investigated in chevron braced simple steel frames. For this purpose, five specimens with IPE (narrow-flange I section) shear panels were examined. All of the specimens showed high ductility and dissipated almost all input energy imposed to the structure. For example, maximum SPS shear distortion of 0.128-0.156 rad, overall ductility of 5.3-7.2, response modification factor of 7.1-11.2, and finally maximum equivalent viscous damping ratio of 35.5-40.2% in the last loading cycle corresponding to an average damping ratio of 26.7-30.6% were obtained. It was also shown that the beam, columns and braces remained elastic as expected. Considering this fact, by just changing the probably damaged shear panel pieces after earthquake, the structure can still be continuously used as another benefit of this proposed retrofitting system without the need to change the floor beam.