Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.4.901

A Study on Self Assessment of Mobile Secure Coding  

Kim, Dong-Won (Graduate School of Information Security, Korea University)
Han, Keun-Hee (Konkuk University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.4, 2012 , pp. 901-911 More about this Journal
Abstract
The removal of security vulnerabilities during the developmental stage is found to be much more effective and much more efficient than performing the application during the operational phase. The underlying security vulnerabilities in software have become the major cause of cyber security incidents. Thus, secure coding is drawing much attention for one of its abilities includes minimizing security vulnerabilities at the source code level. Removal of security vulnerabilities at the software's developmental stage is not only effective but can also be regarded as a fundamental solution. This thesis is a research about the methods of Mobile-Secure Coding Self Assessment in order to evaluate the security levels in accordance to the application of mobile secure coding of every individual, groups, and organizations.
Keywords
Secure Coding; Mobile Secure Coding Self Assessment(M-SCSA);
Citations & Related Records
연도 인용수 순위
  • Reference
1 행정안전부, 정보시스템 SW개발․운영자를 위한 소프트웨어 개발보안 가이드, http://www.mopas.go.kr/gpms/view/jsp/download/userBulletinDownload.jsp?userBtBean.bbsSeq=1012390&userBtBean.ctxCd=1002&userBtBean.orderNo=5, 2011년 6월
2 한국인터넷진흥원, 스마트폰 어플리케이션 마켓중심의 정보보호 대응 방안 연구, http://www.kisa.or.kr/jsp/common/libraryDown.jsp?folder=017163, 2010년 9월
3 행정안전부, SW 개발단계부터 보안약점 제거(시큐어코딩) 의무화, http://www.mopas.go.kr/gpms/view/jsp/download/userBulletinDownload.jsp?userBtBean.bbsSeq=1022211&userBtBean.ctxCd=1012&userBtBean.orderNo=1, 2012년 5월
4 오준석, "안드로이드 앱 시큐어 코딩 표준," 석사학위논문, 고려대학교 대학원, 2010년 12월
5 CWE, 2010 CWE/SANS Top 25 Most Dangerous Software Errors, http://cwe.mitre.org/top25/index.html
6 Gary McGraw, Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors, IEEE Security and Privacy Magazine, Vol.3. No.6, pp.81-84, Nov. 2005.   DOI   ScienceOn
7 행정안전부, Android-JAVA 시큐어 코딩 가이드, http://www.mopas.go.kr/gpms/view/jsp/download/userBulletinDownload.jsp?userBtBean.bbsSeq=1012390&userBtBean.ctxCd=1002&userBtBean.orderNo=9, 2011년 6월
8 Steve McConnell, CODE COMPLETE 소프트웨어 구현에 대한 실무서 2판, 정보문화사, 2005년 4월.
9 Robert C. Seacord, 버그 없는 안전한 소프트웨어를 위한 CERT C 프로그래밍, 에이콘, 2010년 2월
10 한명묵, 이철수, 정보보호개론, 서울:정익사, 2008년 3월
11 SK텔레콤, 안드로이드 개발 보안 지침서, 인포섹(주), 2010년 12월
12 FMECA, Failure Modes and Effects Analysis (FMEA) and Failure Modes, Effects and Criticality Analysis (FMECA), http://www.weibull.com/basics/fmea.htm, MIL-P-1629
13 Charlie Lai, "Java Insecurity: Accounting for Subtleties That Can Compromise Code" Software, IEEE, pp.13-19, Feb. 2008
14 Gary McGraw, Software Security, Addison- Wesley, Feb. 2006
15 John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, Seb. 2001
16 Lynn Futcher and Rossouw von Solms, "Guidelines for Secure Software Development," ACM Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology, pp.56-65, 2008.