• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1225-1234
• /
• 2019

The security of the firmware is more important because embedded devices have become popular. Network devices such as routers can be attacked by attackers through web application vulnerabilities in embedded firmware. Therefore, they must be found and removed quickly. The Firmadyne framework proposes a dynamic analysis method to find vulnerabilities after emulating firmware. However, it only performs vulnerability checks according to the analysis methods defined in the tool, thus limiting the scope of vulnerabilities that can be found. In this paper, fuzzing is performed in emulation-based environment through fuzzing, one of the software security test techniques. We also propose a Fabfuzz tool for efficient emulation based fuzzing. Experiments have shown that in addition to the vulnerabilities identified in existing tools, other types of vulnerabilities have been found.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.4
• /
• pp.115-124
• /
• 2021

Since function block diagram (FBD) programs are widely used to implement safety-critical systems, effective testing for FBD programs has become important. Mutation testing, a fault-based testing, is highly effective in fault detection but computationally expensive. To support testers for FBD programs, we propose an automated mutant generator for FBD programs. We designed the MuGenFBD tool with the cost and equivalent mutant issues in consideration. We conducted experiments on real industrial examples to present the performance of MuGenFBD. The results show that MuGenFBD can generate mutants for FBD programs automatically with low probability of equivalent mutants and low cost. This tool can effectively support mutation analysis and mutation-adequate test generation for FBD programs.

• Journal of Platform Technology
• /
• v.8 no.4
• /
• pp.47-58
• /
• 2020

DO-330 Software Tool Qualification Considerations is a guideline for development of tools used to develop/verify software and hardware installed on aircraft. And among several processes, the verification process is very crucial as it occupies a large proportion for DO-330. Especially, in order to qualify tool with high safety level, test objectives must be performed with independence, accordingly, more time, cost, and manpower are required than other objectives. In addition, even if the test cases or test procedures are well defined, the higher the complexity of the test the higher probability of human error occurs. In this paper, we propose Script-based Test Automation Agent software structure for efficient DO-330 verification process of A661UAGEN tool developed by Hanwha Systems. Compared to the test performed manually by the test engineer, testing time of the Script-based Test Automation Agent is reduced by 87.5% and testing productivity is increased by 43.75%.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.5
• /
• pp.1267-1276
• /
• 1997

In this paper, the optimal model for specific test data was selected autimatically among sofware reliability growh models bassed on NAPP(Non Homogeneous Posission Preocess), and in result the tool for the reliability estimating scales was implemented.Whith the implemented tool, software optimal rekiability estimating scales(total expected number errors, error detection rate, expected number of errors remaining in the sortware, reliability, ete) could be predicted. By the reliability estimating scales gained form this, sofware development and projecr management could be applied. In order to test the optimal of the implemented tool, the comparicon with other paper and analization was done by using actual error data.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.04a
• /
• pp.529-532
• /
• 2016

IT 융 복합 산업에서 소프트웨어가 차지하는 비중이 높아짐에 따라 프로젝트 관리는 점차 중요해지고 IT기업의 경쟁력을 결정하는 중요 요소가 되고 있다. 프로젝트 관리 중 일정 관리는 가장 기초적이고 관리적 요소가 가장 많이 들어있으며 일정 관리의 실패는 Time-To-Market을 맞추지 못한다. 일정 관리를 위해 고려해야할 문제점들은 겉으로 확인되는 진척율과 실제로 개발된 진척율의 차이, 팀원의 낭비되는 시간을 지속적 관리 등이 있음에도 현장에서는 도구 또는 파일을 통해 진행 사항을 관리하지만 세부 작업별 활동까지 연계가 되지 않아 일정 관리의 진행 상황이 명확히 드러나지 않는다. 따라서 본 논문에서는 소스코드 기반의 실시간 프로젝트 일정 관리 도구를 제안한다. 프로젝트 계획 단계에서 작업을 컴포넌트 별로 세분화되어 있을 때 이 도구를 사용하여 컴포넌트 내부 메서드의 소스코드 작성을 통해 소프트웨어 개발 진척도를 명확하게 파악하고 해당 소스 코드의 테스트를 통해 의도대로 개발이 이루어졌는지를 확인 가능하다. 그리고 피드백을 통해 개발자에게 개발 일정 및 계획 수정에 대한 알림으로 지연되는 시간 없이 수정 가능하다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.475-478
• /
• 2014

최근 인터넷이 발전함에 따라 월드와이드웹(World Wide Web) 기반의 웹 서비스가 급격한 발전을 이루었다. 또한 이 웹 서비스를 바탕으로 다양한 컨텐츠들과 이를 이용하는 사용자의 수도 함께 증가하였다. 그러나 이와 같은 웹 서비스의 보편화가 증대될수록 이를 악용하려는 사이버 범죄 또한 비례하여 증가하고 있다. 최근에는 공격자들이 스마트폰을 대상으로 악성코드를 전파하기 위한 방법으로 웹 서비스를 활용하기 시작하면서 웹 서비스의 보안에 대한 중요성이 더욱 강조되고 있다. 이러한 웹 서비스 보안의 필요성을 인지하고, 많은 사람들이 무료로 쉽게 웹 서비스 보안취약점을 진단 할 수 있도록 여러 오픈소스 기반의 보안 취약점 진단도구가 연구, 개발되고 있다. 하지만 웹 서비스의 보안약점을 진단하는 도구의 적합성 평가 및 기능 분류가 명확하지 않아서 진단도구를 선택하고 활용함에 있어 어려움이 따른다. 본 논문에서는 OWASP에서 위험도에 따라 선정한 웹 서비스의 보안 취약점 Top 10 항목과 소프트웨어 보안약점 진단가이드 등을 통해 웹 서비스 보안 취약점을 진단하는 도구에 대한 분석 기준을 제시한다. 이후 오픈소스로 공개된 테스트 기반 취약점 탐지도구와 소스 기반 취약점 진단도구들에 대해 제시한 기준을 이용하여 분석한다. 본 논문의 분석결과로 웹 서비스의 안전성을 평가하기 위해 활용할 수 있는 진단 도구에 대한 분석정보를 제공함으로써 보다 안전한 웹 서비스의 개발과 운영에 기여할 것으로 기대한다.

• Design Convergence Study
• /
• v.17 no.3
• /
• pp.1-19
• /
• 2018

Hand rehabilitation training tools are used in hospitals and at home for patients and users who require recovery of disabled hands and improvement in overall hand function. However, existing training tools are not organized into a progressive system, and they lead to repeatability operations over a period of time. As a result, patients feel free and cannot be motivated by rehabilitation, and continuous rehabilitation training is difficult. Based on this argument, the study combines one of the elements of the game called the "Cat's cradle" to enable the user to feel achievement through play and to achieve natural rehabilitation through unconsciousness. After examining the characteristics of the tool, the user's environment, the relevance of the Cat's cradle game to the training tool and to the patient's continued rehabilitation was established. And design elements were derived through professional interviews. Later, design guidelines and prototypes have been created to complement the problems associated with guidelines and prototypes by conducting usability testing and design element assessment.

• Proceedings of the Korea Contents Association Conference
• /
• 2007.11a
• /
• pp.435-439
• /
• 2007

Document categorization system is important in the internet age in which huge number of documents are created and need to be dealt with. By this reason a lot of research has been done in this field. For the development of the system, a supervised learning method is widely used. This approach needs a test collection as a prerequisite. For the case of English, several test collections are available which provide a lot of help for developing systems and doing research. But no public test collections have been reported and are not available in the case of Korean. To improve the situation for Korean we are undergoing the construction of a Korean test collection. In this paper the approaches being used and current stage of the collection will be described.

• Proceedings of the Korea Contents Association Conference
• /
• 2007.11a
• /
• pp.160-166
• /
• 2007

HANTEC 2.0 (A Korean Test Collection) is distributed for evaluation of information retrieval systems. HANTEC 2.0 is consists of 120,000 documents, 50 topics(queries) and relevant information. The relevant information is constructed by pooling methods. The relevant information is very important for evaluation of information retrieval systems. So we would like to review of the relevant information by manual method. It will be show validation of pooling method and HANTEC relevant information. We make tool for manual review of relevant information and review of that. We review of relevant information between manual relevant information and HANTEC's. We review of pooling method and HANTEC relevant information. The manual relevant information will be use evaluation of information retrieval systems.

• The Journal of Society for e-Business Studies
• /
• v.9 no.1
• /
• pp.303-320
• /
• 2004

Smart card is a useful tool used in electronic payment systems and it is very important to test whether a smart card operates correctly. In this paper, we analyze previous researches on testing smart cards, such as ISO/IEC and KS standard documents, and Guideline of Card Quality Test. We also propose the functional test results done on the Highpassplus card of Korea Highway Corporation. By testing the Hipgpassplus card we can get card systems with reliable functionality and security. Furthermore, this can help developing more reliable security systems. The test results of the Highpassplus card proposed in this paper are the first research on testing smart cards in services in Korea and we expect that the test methods of smart card will be advanced based on our results.