• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.147-155
• /
• 2010

It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11c
• /
• pp.1991-1994
• /
• 2002

본 논문은 기존에 작성된 자바 프로그램이나 현재 구현 중인 자바 프로그램을 대상으로 메트릭 정보를 측정하는 자동화 도구의 설계 및 구현 결과를 논한다. 이러한 도구의 구현을 위해 필요한 가장 핵심적인 기능은 자바코드에 대한 분석 기능이다. 본 논문의 내용은 한국전자통신연구원의 컴포넌트 공학 연구팀 주관으로 EJB(Enterprise Java Beans) 기술을 기반으로 컴포넌트를 개발하기 위한 환경인 COBALT(Component Based Application devlopment Tool) 시스템의 부 시스템으로 구현된 자바코드 메트릭 측정 도구의 설계 및 구현 결과를 다룬다. 본 논문에서 구현된 자바 코드 메트릭 측정 도구을 통하여 클래스의 적절한 분할, 클래스 멤버 자원의 적절한 배치, 상속 트리의 적절한 조직 등을 이룰 수 있다.

• Journal of KIISE
• /
• v.43 no.12
• /
• pp.1334-1341
• /
• 2016

In recent years, the importance of managing software defects in the implementation stage has emerged because of the rapid development and wide-range usage of intelligent smart devices. Even if not a few studies have been conducted on the prediction models for software defects, their outcomes have not been widely shared. This paper proposes an efficient probabilistic management model of software metrics based on the Bayesian network, to overcome limits such as binary defect prediction models. We expect the proposed model to configure the Bayesian network by taking advantage of various software metrics, which can help in identifying improvements for refactoring. Once the source code has improved through code refactoring, the measured related metric values will also change. The proposed model presents probability values reflecting the effects after defect removal, which can be achieved by improving metrics through refactoring. This model could cope with the conclusive binary predictions, and consequently secure flexibilities on decision making, using indeterminate probability values.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.6
• /
• pp.145-150
• /
• 2017

Software maintenance accounts for a large portion of the software life cycle cost. In the software maintenance phase, comprehending the legacy source code is inevitable, which takes most of the time. Source code readability is a metric of the extent of code readers' difficulty of code comprehension based on the source code itself. The better the code is readable, the easier it is for code readers to comprehend the source code. This paper proposes novel source code readability metric to quantitative measure the extent of current source code under development, which is more enhanced measurement method than previous research that dichotomously judges whether the source code was readable or not. As an evaluation, we carried out a survey and analyzed them with Regression Analysis to find best parameters of the metric.

• Journal of KIISE:Software and Applications
• /
• v.26 no.3
• /
• pp.393-400
• /
• 1999

클래스에 관한 재사용 관련 정보는 기능.환경면에서 정보와 품질 메트릭 정보로 구분할 수 있다. 기능.환경면에서 정보는 재사용 부품의 기능과 구현 환경에 관한 정보이며, 품질메트릭 정보는 재상용 부품들의 재사용성을 가시적으로 측정할 수 있는 정보이다. 클래스의 재사용성을 측정하기 위해서는 클래스의 절차적이고 객체지향적인 특성들을 모두 고려하여야 한다. 그러므로 본 논문에서는 클래스에 관한 재사용성 관련 정보를 소개하고 품질 메트릭 정보를 정량화시키는 정의식들을 제안하고, 클래스 코드로부터 기능.환경면으로 정보와 품질 메트릭 정보를 추출 및 측정하였다

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.5
• /
• pp.199-206
• /
• 2023

The current software becomes the huge size of source codes. Therefore it is increasing the importance and necessity of static analysis for high-quality product. With static analysis of the code, it needs to identify the defect and complexity of the code. Through visualizing these problems, we make it guild for developers and stakeholders to understand these problems in the source codes. Our previous visualization research focused only on the process of storing information of the results of static analysis into the Database tables, querying the calculations for quality indicators (CK Metrics, Coupling, Number of function calls, Bad-smell), and then finally visualizing the extracted information. This approach has some limitations in that it takes a lot of time and space to analyze a code using information extracted from it through static analysis. That is since the tables are not normalized, it may occur to spend space and time when the tables(classes, functions, attributes, Etc.) are joined to extract information inside the code. To solve these problems, we propose a regularized design of the database tables, an extraction mechanism for quality metric indicators inside the code, and then a visualization with the extracted quality indicators on the code. Through this mechanism, we expect that the code visualization process will be optimized and that developers will be able to guide the modules that need refactoring. In the future, we will conduct learning of some parts of this process.

• Proceedings of the KAIS Fall Conference
• /
• 2009.12a
• /
• pp.802-805
• /
• 2009

SOA는 특정 기술이나 플랫폼에 종속되지 않고 느슨한 결합(Loosely Coupled)을 가지고 상호 연동할 수 있는 서비스들의 조합으로 어플리케이션 개발을 가능하게 하는 정보시스템 아키텍처이다. 즉, 한덩어리의 방대한 코드로 이루어진 어플리케이션들을 각각 개발하는 대신 각각의 비즈니스 기능을 수행하는 서비스를 구성하고, 이 서비스를 조합하거나 분리함으로써 비즈니스 프로세스들을 구현할 수 있게 하는 정보시스템 구축을 목표로 한다. 본 연구에서는 SOA기반 소프트웨어의 분야의 기반 기술을 조사하고 SOA기반 소프트웨어 시장과 표준화 동향을 조사하며 SOA기반 소프트웨어 기능성의 품질평가 메트릭을 개발하였다.

• The Journal of Society for e-Business Studies
• /
• v.8 no.2
• /
• pp.113-129
• /
• 2003

Component-based software development (CBSD) has been recognized effective reuse techniques for software development by many of researchers and companies. The purpose of CBSD is to produce a high quality software system quickly through using verified software component which is contained fine-grained business logics. This paper suggests the metrics and techniques for to extract component and its interface from legacy object oriented application. For extract component, we apply metrics to measure complexity, cohesion and coupling to the legacy system.

• Proceedings of the KAIS Fall Conference
• /
• 2011.05a
• /
• pp.204-206
• /
• 2011

SOA는 특정 기술이나 플랫폼에 종속되지 않고 느슨한 결합(Loosely Coupled)을 가지고 상호 연동할 수 있는 서비스들의 조합으로 어플리케이션 개발을 가능하게 하는 정보시스템 아키텍처이다. 즉, 한 덩어리의 방대한 코드로 이루어진 어플리케이션들을 각각 개발하는 대신 각각의 비즈니스 기능을 수행하는 서비스를 구성하고, 이 서비스를 조합하거나 분리함으로써 비즈니스 프로세스들을 구현할 수 있게 하는 정보시스템 구축을 목표로 한다. 본 연구에서는 SOA기반 소프트웨어의 분야의 기반 기술을 조사하고 SOA기반 소프트웨어 장점 및 SOA기반 소프트웨어 효율성의 품질평가 메트릭을 개발하였다.

• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.79-86
• /
• 2016

Under the influence of software security-enhanced development guidelines announced in 2012, secure coding practices become widely applicable in developing information systems aiming to enhance security capabilities. Although continuous enhancement activities for code security is important, management issues for code security have been less addressed in the guidelines. This paper analyses limitation of secure coding practices from the viewpoint of quality management. In particular this paper suggests structures and the use of software metrics from coding to maintenance phases so that it can be of help in the future by extending the use of security metrics.