DOI QR코드

DOI QR Code

AHP기법을 이용한 시큐어 코딩의 항목 간 중요도 분석

An Analysis of the Importance among the Items in the Secure Coding used by the AHP Method

  • Kim, Chi-Su (Division of Computer Engineering in Kongju University)
  • 투고 : 2014.10.15
  • 심사 : 2015.01.20
  • 발행 : 2015.01.28

초록

해킹과 같은 사이버 공격의 약 75%가 애플리케이션의 보안 취약점을 악용하기 때문에 안전행정부에서는 코딩 단계에서부터 사이버 공격을 막을 수 있고 보안취약점을 제거할 수 있는 시큐어 코딩 가이드를 제공하고 있다. 본 논문에서는 안행부가 제시한 시큐어 코딩 가이드 7개의 항목들에 대해 AHP기법을 사용하여 우선순위를 찾고 중요도 분석을 하였다. 그 결과 '에러 처리'가 가장 중요한 항목으로 결정되었다. 현재 소프트웨어 감리에 시큐어 코딩에 관한 항목이 없는데, 이 분석 결과는 소프트웨어 개발 과정 중 감리 기준으로 유용하게 사용될 것이다.

The ministry of security and public administration provide the secure coding guide that can remove the vulnerability of applications and defend cyber attack from the coding step because cyber attack like the hacking about 75% abusing the vulnerability of applications. In this paper we find the oder of priority and did the criticality analysis used by AHP about 7 items in the secure coding which the ministry of security and public administration provide. The result is decided that 'exception handling' is the most important item. There is no secure coding items in software supervision currently, therefore the result of the research will make good use audit standards in the process of the software development.

키워드

참고문헌

  1. Sung-Hyun Seo, Gil-Soo Jeon, The Security Threat of the Smart Phone and confrontational Strategy, no. 132, TTA(www.tta.or.kr), 2010.
  2. http://www.mopas.go.kr, A guide to secure software development, Publication, MOPAS, No.11-1311000-000330-10, Retrieved May 2012.
  3. Gun-Tae Jo, Young-Gon Jo, Hyun-Soo Kang, decision making using AHP, DongHyun Publishing Company, 2003
  4. The ministry of security and public administration, Android-JAVA Secure Coding Guide, 2011
  5. Sung-Min Lee, Comparative analysis on potential error-possibility and security vulnerability in software, Master's Thesis, Dept. of Digital Media& Information Engineering in KOREA Univ. 2010.
  6. Da-Hye Jung, Secure MISRA-C, Master's Thesis, Dept. of Embedded Software in KOREA Univ. 2013.
  7. Dong-Won Kim, The Study on Self Assessment of Mobile Secure Coding, Master's Thesis, Konkuk Graduate School of Information and Communications. 2011.
  8. Seung-Jun Lee, A Study on the measure of efficient secure coding of the mobile app, Master's Thesis, Konkuk Graduate School of Information and Communications, 2012.
  9. Jong-Chan An, A Study on Safe JSP Source Code Development Guide, Master's Thesis, Konkuk Graduate School of Information and Communications, 2012.
  10. CERT, "Secure Coding", http://www.cert.org/secure-coding/, CERT Coordination Center (CERT/CC), Last updated February 18, 2010
  11. Boo-Hyung Lee, A Study on Selection and Management Method of Specific IS Audit Standard Checkists Using AHP, Korean Institute od Information Technology, Vol.11 No.4, pp180-181, 2013. 4.
  12. Yun-sik Son, Se-Man Oh, A Study on the Structured Weakness Classification for Mobile Applications, Journal of Korea Multimedia Society Vol. 15, No. 11, November 2012 https://doi.org/10.9717/kmms.2012.15.11.1349
  13. Jun-Yeob Sin, A Study On Development Security Audit Methods In Mobile Service Environment, Master's Thesis, Konkuk Graduate School of Information and Communications, 2012.