• Journal of KIISE:Software and Applications
• /
• v.27 no.2
• /
• pp.134-147
• /
• 2000

Even though software industry has been activated, there lack in results of studies on evaluation effort and cost of software systems including Information Technology Security System (ITSS). In this paper, we present a process and a tool for evaluation effort and cost of ITSS, which are conformed to a ITSS evaluation criteria(i. e., Common Criteria or ISO/IEC 15408), by utilizing Evaluation Work Break-down Structure (EWBS) and conventional software development cost estimation methods. Even though we concentrate on ITSS, results of this paper can be applied to estimation of effort and cost of evaluation of software development process and software products.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.31-37
• /
• 2010

The risks and threats in IT security systems to protect, prevent damage and Risk should be minimized. Context of information security products such as information processing, storage, delivery, and in the process of information system security standards, That is the basic confidentiality, availability, integrity and secondary clarity, potential evidence, detection, warning and defense capabilities, to ensure sufficient and should be. Web services are the most important elements in the security, the web nature of port 80 for the service to keep the door open as a structure, Web applications, web sources and servers, networks, and to hold all the elements are fundamental weaknesses. Accordingly, these elements through a set of Web application development errors and set-up errors and vulnerabilities in Web applications using their own home pages and web servers to prevent hacking and to improve the efficiency of Web services is proposed methodology performs security BMT.

• Review of KIISC
• /
• v.13 no.6
• /
• pp.55-66
• /
• 2003

본고에서는 개발자에게 단위, 통합 및 서비스 시험에 대한 시험과정 보증문서 작성 기법에 대한 참고자료를 제공하기 위하여, 국내에서 개발된 침입차단시스템과 침입탐지시스템 평가기준에 의한 시험과정 보증요구사항을 분석하여 소프트웨어 공학에 기반한 전통적인 구조적 방법론을 토대로 한 시험과정 보증문서 작성 경험을 기술하고자 한다. 따라서, 개발자는 사용자 요구사항에 의한 객관적이고 체계적인 시험과정을 이해하여 시스템 개발에서 발생할 수 있는 오류를 줄일 수 있으며 또한, 정확한 보안 기능명세 및 시험보증 설계$.$개발$.$구현을 통하여 제품의 안전성 및 신뢰성 향상에 기여할 것으로 기대된다.

• Journal of the Korea Convergence Society
• /
• v.7 no.6
• /
• pp.35-41
• /
• 2016

As software is very important, modern men are interesting software quality testing. In this paper, we analyze the Internation standard and Test data, so, we propose the testing method by analysing testing data. We compare ISO/IEC 9126-2 testing model with ISO/IEC 25023 testing model. On the basis of ISO/IEC 25023, we classify the test data and we analyze the difference of International Standard to functionality, reliability, usability, efficiency, maintainability, portability, compatability, and security. By reality 331 testing data, we classify test data, and analyze difference according to sex. We find regression model by functionality, usability and testing date and we prove difference of testing date and the number of error by tester. Also, we prove difference of the number of error in software type.

• Journal of Platform Technology
• /
• v.8 no.4
• /
• pp.38-46
• /
• 2020

This study describes how to build a security control system using an open source big data solution so that private companies can build an overall security control infrastructure. In particular, the infrastructure was built using the Elastic Stack, one of the free open source big data analysis solutions, as a way to shorten the cost and development time when building a security control system. A comparative experiment was conducted. In addition, as a result of comparing and analyzing the functions, convenience, service and technical support of the two solution, it was found that the Elastic Stack has advantages in the security control of Big Data in terms of community and open solution. Using the Elastic Stack, security logs were collected, analyzed, and visualized step by step to create a dashboard, input large logs, and measure the search speed. Through this, we discovered the possibility of the Elastic Stack as a big data analysis solution that could replace Splunk.

• Journal of Digital Convergence
• /
• v.15 no.11
• /
• pp.251-259
• /
• 2017

Recently, the smart healthcare industry that grafted the Internet of Things (IoT) onto the healthcare and medical services is being highlighted. Smart healthcare refers to the healthcare and medical services offered on the basis of information communication technologies including application, wearable devices and platforms, etc. The number of next generation smart healthcare devices are increasing in the smart healthcare industry through the combination of information technology (IT) and Bio Technology (BT), which are the most active areas among the 6T, which are the areas of the next generation industry. With the emergence of a diverse range of smart healthcare systems or devices, whether the smart healthcare system can be linked with other systems organically and the security and quality of the system have become important elements of evaluation. In this Study, the characteristics and service types of smart healthcare systems were examined, and the trends in the technology and industry of the smart healthcare system were analyzed. Moreover, this Study aims to develop the evaluation method for security and standards for quality evaluation by deducing the factors for the evaluation of smart healthcare system on the basis of the results of aforementioned examination. It is anticipated that this can induce improvement of quality and development of highly reliable products of a smart healthcare system, and will become the core technology to substitute the technology protection barrier.

• The Magazine of the IEIE
• /
• v.21 no.1
• /
• pp.42-44
• /
• 1994

1924년 미국 특허청은 무선통신을 위한 하나의 새로운 신호방식에 대하여 특허를 부여했다. 이로써 Alfred Goldsmith는 Spread Spectrum을 이용한 통신방식을 실용화시키는 첫 장을 열었다. 이후 1970년대까지 이 특유한 통신방식은 보안을 최우선으로 하는 군용 무선통신의 전유물이라고도 할 수 있었다. 그러나 타인에 의하여 도청되거나 방해받는 확률이 작은만큼 남에게도 간섭내지 방해를 거의 주지않는다는 Spread Spectrum 통신방식의 특징때문에 1980년대 이후부터는 이 방식을 이용한 다수의 상용 통신제품과 서비스가 개발되기 시작하였다. 최근 셀룰라 시스템의 디지틀화 과정에서 CDMA 방식이 도입된 것도 바로 이러한 특징 때문이었던 것이다. 이제는 미국내의 통신산업체협회(TIA)에서 CDMA Air Interface 규격인 IS-95가 공식 발표됨에 따라 이미 국제적으로 채택되어 사용되고 있는 TDMA 방식의 첫 경쟁기술로 부상하였으나 CDMA 방식이 오늘에 이르기까지는 많은 논란과 평가들이 있었다. 비록 그간의 TIA의 TR45.5 소위원회와 다수의 산업체 및 연구기관들의 노력으로 상당부분의 의문점들이 해결되었으나 여타의 새로운 통신기술들이 그러하였듯이 CDMA방식을 이용한 셀룰라 및 개인통신 서비스가 실용적이고 편리한 상용제품으로 자리잡기 위하여는 몇 가지 진지하게 생각해 보아야 할 과제들이 있다. 이제 각 분야별로 CDMA이동통신 시스템의 당면과제에 대하여 간략히 나열하여 보고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.141-151
• /
• 2004

According to the improvemnent of electronic commerce, the requirements of security devices are becoming increasingly pervasive. The security API must design easily and securely to support a compatibility feature between security devices. It is chosen the PKCS #11 interface by RSA Labs that shows the compatibility and extensibility standards of many application product and implementation, and supported KCDSA mechanism which is a korean digital signature standard. And the PKCS #11 security API defines new key management function which provides more secure key management ability. We suggest the object attributes and templates of KCDSA private and public key object, generate and verify digital signature using KCDSA mechanism. The PKCS #11 supporting KCDSA mechanism is designed, implemented using C-Language, tested a performance, and analyzed the security and compatibiltiy feature.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.11
• /
• pp.148-154
• /
• 2016

Video security has recently emerged as an important issue owing to CCTV video image spill accidents over the Internet. KISA recommends the use of encryption protocols for remote access through its guidelines for CCTV personal video information protection. But still, many products do not adhere to the guidelines, and those products are easily exposed to security threats, such as hacking. To solve these security vulnerabilities, this paper proposes a CCTV system that connects from remote locations, and is implemented by using secure shell (SSH) tunneling techniques. The system enhances security by transmitting encrypted data by using SSH. By using the tunneling technique, it also solves the problem of not being able to access a CCTV recorder located inside a firewall. For evaluation of the system, this paper compares various CCTV remote access schemes and security. Experimental results on the effectiveness of the system show it is possible to obtain remote access without a significant difference in transmission quality and time. Applying the method proposed in this paper, you can configure a system secure from the threats of hacking.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.11-17
• /
• 2012

According to ISO/IEC 9000, quality to satisfy users' requirements when using the product or service is defined as the characteristics of the synthesized concept. Secure web application coding information systems with the reliability and quality of service is one of the determining factor. Secure coding in order to achieve the quality based on the model is necessary. The reason is that the security is in quality properties in the range of non-functional requirements that necessitates. Secure coding for the design of quality systems based on the quality of the definition of quality attributes, quality requirements, quality attribute scenarios are defined, and must be set. To this end, referring to IEEE 1061 quality model for web application, quality model structure is developed. Secure web application architecture design is composed of coding quality of the model systems, web applications draw interest to stakeholders, decision drivers secure coding architecture, quality attributes, eliciting quality requirements of the security settings, creating web application architecture descriptions and security framework.