Browse > Article
http://dx.doi.org/10.9717/kmms.2012.15.11.1349

A Study on the Structured Weakness Classification for Mobile Applications  

Son, Yunsik (동국대학교 컴퓨터공학과)
Oh, Se-Man (동국대학교 컴퓨터공학과)
Publication Information
Journal of Korea Multimedia Society / v.15, no.11, 2012 , pp. 1349-1357 More about this Journal
Abstract
In recent years, security accidents which are becoming the socially hot issue not only cause financial damages but also raise outflow of private information. Most of the accidents have been immediately caused by the software weakness. Moreover, it is difficult for software today to assure reliability because they exchange data across the internet. In order to solve the software weakness, developing the secure software is the most effective way than to strengthen the security system for external environments. Therefore, suggests that the coding guide has emerged as a major security issue to eliminate vulnerabilities in the coding stage for the prevention of security accidents. Developers or administrators effectively in order to use secure coding coding secure full set of security weaknesses organized structurally and must be managed. And the constant need to update new information, but the existing Secure Coding and Security weakness is organized structurally do not. In this paper, we will define and introduce the structured weakness for mobile applications by the surveys of existing secure coding and coding rules for code analysis tools in Java.
Keywords
Secure Coding; Program Analysis; Mobile Application;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Gary McGraw, Software Security: Building Security In, Addison-Wesley, Boston, Massachusetts, 2006.
2 John Viega, Gary MaGraw, Software Security: How to Avoid Security Problems the Right Way, Addison-Wesley, Boston, Massachusetts, 2006.
3 Common Weakness Enumeration(CWE): A community-Developed Dictionary of Software Weakness Types, http://cwe.mitre.org/, 2009.
4 J. McManus and D. Mohindra, The CERT Sun Microsystems Secure Coding Standard for Java, https://www.securecoding.cert.org/ confluence/pages/viewpage.action?pageId= 34669015/, 2009.
5 Roberta Cozza, Carolina Milanesi, Anshul Gupta, Hugues J. De La Vergne, Annette Zimmermann, CK Lu, Atsuro Sato, and Tuong Huy Nguyen, Competitive Landscape: Mobile Devices, Worldwide, 3Q10, Gartner Inc., Stamford, Connecticut, 2010.
6 H. Chen and D. Wagner, "MOPS: an Infrastructure for Examining Security Properties of Software," Proc. of the 9th ACM Conference on Computer and Communications Security, pp.235-244, 2002.
7 Fortify Software Inc., Fortify Source Code Analysis(SCA), http://www.fortify.com/products/ sca/, 2009.
8 Coverity, Inc., Coverity Static Analysis, http:// www.coverity.com/products/static-analysis. html, 2009.
9 FindBugs, http://findbugs.sourceforge.net/, 2012.
10 PMD, http://pmd.sourceforge.net/pmd-5.0.0/, 2012.
11 Jiwoo Park, Yunsik Son, Seokhoon Ko, and Seman Oh, "Design of A Compiler with Secure Coding Rules for Secure Software," CSIT2009, pp. 179-183, 2009.
12 Jiwoo Park, Yunsik Son, and Seman Oh, "Weakness Analysis Techniques for Mobile Applications," ICCCIT2011, pp. 50-55, 2011.
13 Yunsik Son and Seman Oh, "Design and Implementation of a Compiler with Secure Coding Rules for Secure Mobile Applications," International Journal of Security and Its Applications, Vol.6, No.4, pp. 201-206, 2012.
14 문일룡, 오세만, "모바일 애플리케이션을 위한 취약점 분석기의 설계 및 구현," 멀티미디어학회논문지, 제14권, 제10호, pp. 1335-1347, 2011.
15 Cigital, Cigital Java Security Rulepack, http:// www.cigital.com/securitypack/view/index. html, 2009.
16 Katrina Tsipenyuk, Brian Chess, and Gary McGraw, "Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors," IEEE Security & Privacy, Vol.3, No.6, pp. 81-84, 2005.   DOI
17 최윤희, 최은만, "안티 패턴 기반의 정적 분석을 이용한 안드로이드 어플리케이션 취약점 분석," 정보과학회논문지: 컴퓨팅의 실제 및 레터, 제18 권, 제4호, pp. 316-320, 2012.
18 AppPerfect, http://www.appperfect.com, 2012.
19 소프트웨어 개발보안(시큐어 코딩) 가이드, 행정안전부, 2012.