Browse > Article
http://dx.doi.org/10.7471/ikeee.2018.22.2.242

A Study on a Secure Coding Library for the Battlefield Management System Software Development  

Park, Sanghyun (C4I.Cyber Team, R&D Division, Hanwha System Co. Ltd.)
Kim, Kwanyoung (C4I.Cyber Team, R&D Division, Hanwha System Co. Ltd.)
Choi, Junesung (The Board of Audit and Inspection of Korea AIRI)
Publication Information
Journal of IKEEE / v.22, no.2, 2018 , pp. 242-249 More about this Journal
Abstract
In this paper, we identify the code vulnerabilities that can be automatically detected through Visual Studio (VS) compiler and code analyzer based on a secure coding rule set which is optimized for development of battlefield information system. Then we describe a weak point item that can be dealt with at the implementation stage without depending on the understanding or ability of the individual programmer's secure coding through the implementation of the secure coding library. Using VS compiler and the code analyzer, the developers can detect only about 38% of security weaknesses. But with the help of the proposed secure coding library, about 48% of security weaknesses can be detected and prevented in the proactive diagnosis in the development stage.
Keywords
BMS; Secure Coding; Software; $C^{{+}{+}}$; .NET;
Citations & Related Records
연도 인용수 순위
  • Reference
1 DAPA, "Weapon System Software Development and Management Guide," 2016
2 June-sung Choi, Woo-je Kim, Won-hyung Park and Kwang-ho Kook, "Evaluation Method Using Analytic Hierarchy Process for C4I SW Secure Coding Rule Selection," The Journal of Korean Institute of Communications and Information Sciences, Vol. 38, No. 8, pp. 651-662, 2013. DOI : 10.7840/kics.2013.38C.8.651
3 Microsoft, "MS SDL 5.2," https://msdn.microsoft.com/en-us/library/windows/desktop/cc307748.aspx
4 James Ransome, "Core software security: security at the source," CRC press, 2013
5 Brandon Bray, Compiler Security Checks In Depth, https://msdn.microsoft.com/en-us/library/aa290051(v=vs.71).aspx.
6 Microsoft, "Security in the .NET Framework," https://msdn.microsoft.com/en-us/library/fkytk30f(v=vs.110).aspx
7 Nishant Sivakumar, "C++/CLI in Action," Manning, 2007
8 "C Secure Coding Guide", Ministry of the Administration, 2012
9 Microsoft CryptoAPI : https://en.wikipedia.org/wiki/Microsoft_CryptoAPI
10 RFC 4086(Randomness Requirements for Security)
11 Dieharder Random Number Tests, http://www.phy.duke.edu/-rgb/General/dieharder.php
12 Bjarne Stroustrup, "C++ Programming Language, The, 4th Edition," Addison-Wesley Professional, 2013
13 Design Guidelines for Developing Class Libraries, https://msdn.microsoft.com/en-us/library/ms229042(v=vs.100).aspx
14 OWASP, "OWASP Secure Coding Practices - Quick Reference Guide," 2010
15 CryptGenRandom : https://en.wikipedia.org/wiki/CryptGenRandom#Using_RNGCryptoServiceProvider