• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1449-1461
• /
• 2018

As the number of software vulnerabilities grows year by year, attacks on software are also taking place a lot. As a result, the security administrator must identify and patch vulnerabilities in the software. However, it is important to prioritize the patches because patches for all vulnerabilities are realistically hard. In this paper, we propose a scoring system that expands the scale of risk assessment metric by taking into consideration attack patterns or weaknesses cause vulnerabilities with the vulnerability information provided by the NIST(National Institute of Standards and Technology). The proposed scoring system is expanded based on the CWSS and uses only public vulnerability information to utilize easily for any company. In this paper, we applied the automated scoring system to software vulnerabilities, and showed the expanded metrics with consideration for influence of attack pattern and weakness are meaningful.

• Journal of Biosystems Engineering
• /
• v.22 no.2
• /
• pp.237-246
• /
• 1997

Shucking(removing the meat from the shell) an oyster requires that the muscle attachments to the two shell valves and the hinge be severed. Described here is the computer vision software needed to locate the oyster hinge line so it can be automatically severed, one step in development of an automated oyster shucker. Oysters are first prepared by washing and trimming off a small shell piece on the oyster hinge end to provide access to the outer hinge surface. A computer vision system employing a color video comera then gabs an image of the hinge end of the oyster shell. This image is Processed by the computer using software. The software is a combination of commercially available and custom written routines that locate the oyster hinge. The software uses four feature variables, circularity, rectangularity, aspect-ration, and Euclidian distance, to distinguish the hinge object from other dark colored objects on the hinge end of the oyster. Several techniques, including shrink-expand, thresholding, and others, were used to secure an image that could be reliably and efficiently processed to locate the oyster hinge line.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.229-244
• /
• 2024

Recently, supply chain attacks against nuclear facilities such as "Evil PLC" are increasing due to the application of digital technology in nuclear power plants such as the APR1400 reactor. Nuclear supply chain security requires a asset management system that can systematically manage a large number of providers due to the nature of the industry. However, due to the nature of the control system, there is a problem of inconsistent management of attribute information due to the long lifecycle of software assets. In addition, due to the availability of the operational technology, the introduction of automated configuration management is insufficient, and limitations such as input errors exist. This study proposes a systematic asset management system using SBOM(Software Bill Of Materials) and an improvement for input errors using natural language processing techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.803-810
• /
• 2017

Recently, social security problems have been caused by the development of the software industry, and a variety of automation techniques have been used to verify software stability. In this paper, we propose a method of automatically detecting a use-after-free vulnerability on Windows system calls using dynamic symbolic execution, one of the software testing methods. First, a static analysis based pattern search is performed to select a target point. Based on the detected pattern points, we apply an induced path search technique that blocks branching to areas outside of interest. Through this, we overcome limitations of existing dynamic symbolic performance technology and verify whether vulnerability exists at actual target point. As a result of applying the proposed method to the Windows system call, it is confirmed that the use-after-free vulnerability, which had previously to be manually analyzed, can be detected by the proposed automation technique.

• Journal of KIISE:Software and Applications
• /
• v.29 no.12
• /
• pp.860-872
• /
• 2002

Fault tree analysis is the most widely used saftly analysis technique in industry. However, the analysis is often applied manually, and there is no systematic and automated approach available to validate the analysis result. In this paper, we demonstrate that a real-time model checker UPPAAL is useful in formally specifying the required behavior of safety-critical software and to validate the accuracy of manually constructed fault trees. Functional requirements for emergency shutdown software for a nuclear power plant, named Wolsung SDS2, are used as an example. Fault trees were initially developed by a group of graduate students who possess detailed knowledge of Wolsung SDS2 and are familiar with safety analysis techniques including fault tree analysis. Functional requirements were manually translated in timed automata format accepted by UPPAAL, and the model checking was applied using property specifications to evaluate the correctness of the fault trees. Our application demonstrated that UPPAAL was able to detect subtle flaws or ambiguities present in fault trees. Therefore, we conclude that the proposed approach is useful in augmenting fault tree analysis.

• KIPS Transactions on Software and Data Engineering
• /
• v.5 no.12
• /
• pp.615-622
• /
• 2016

Automotive control software can be a source of critical safety issues when developers do not comply system constraints. However, a violation is difficult to identify in complicated source code if not supported by an automated verification tool. This paper introduces two possible approaches that check whether an automotive control software complies API call constraints to compare their performance and effectiveness. One method statically analyzes the source code and explores all possible execution paths, and the other utilizes a model checker to monitor constraint violations for a given set of constraint automata. We have implemented both approaches and performed a series of experiments showing that the approach with model-checking finds constraint violations more accurately and scales better.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.1
• /
• pp.17-28
• /
• 2017

Recently, a study on data has been actively conducted because the value of the data has become more useful. Web crawler that is program of data collection recently spotlighted because it can take advantage of the various fields. Web crawler can be defined as a tool to analyze the web pages and collects the URL by traversing the web server in an automated manner. For the treatment of Big-data, distributed Web crawler is widely used which is based on the Hadoop MapReduce. But, it is difficult to use and has constraints on the performance. Apache spark that is the In-memory computing platform is an alternative to MapReduce. The search engine which is one of the main purposes of web crawler displays the information you search by keyword gathered by web crawler. If search engines implement a spark-based web crawler instead of traditional MapReduce-based web crawler, it would be a more rapid data collection.

• Journal of the Institute of Convergence Signal Processing
• /
• v.8 no.4
• /
• pp.272-278
• /
• 2007

In this paper, we present an automated API translator for embedded software development based on a model-driven approach. Since MDA(Model Driven Architecture) provides little support for the development of embedded software, we propose a new method which contains the MDA's advantage, automation of implement process, and can solve the problem of real-time overhead. First, we define 'generic APIs' which do not depend on any RTOS's but provide most of typical RTOS services. We can describe RTOS-related behaviors of target application using these generic APIs in a CIC(Common Intermediate Code). Then, we propose a transformation tool for translating a CIC using generic APIs into a C-code for specific RTOS. The proposed API translator converts them into C-code using XML transformation rule which is defined outside. It indicates that an API translator extends to other RTOS's by modifying or adding the transformation rule. From the experiment, we validate the proposed method.

• Fire Science and Engineering
• /
• v.33 no.5
• /
• pp.140-148
• /
• 2019

In line with the "mandatory seismic design of fire protection facilities," development of design automation software is indispensable for improving the reliability and efficiency of seismic design. The seismic design automation software developed in this study is an automated S/W for seismic design of fire-fighting facilities, and functions such as automatic arrangement of anti-shake braces according to Korea National Fire Agency's Seismic Design Standards for fire-fighting facilities, output of seismic bracing calculation bills and automatic quantities counting. In addition, the seismic design automation software not only reduces the work speed by three times compared to the manual design of the designer, but also improves the reliability of the design by reducing the human error related to the design quantity such as the brace. In addition, in the seismic design method of fire protection facilities that have been approached conservatively, it was possible to perform the optimal seismic design by using computer algorithms for at least in the use of braces.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.59-74
• /
• 2020

The web space where web applications run is the cyber information warfare of attackers and defenders due to the open HTML. In the cyber attack space, about 84% of worldwide attacks exploit vulnerabilities in web applications and software. It is very difficult to detect web vulnerability attacks with security products such as web firewalls, and high labor costs are required for security verification and assurance of web applications. Therefore, rapid vulnerability detection and response in web space by automated software is a key and effective cyber attack defense strategy. In this paper, we establish a security risk management model by intensively analyzing security threats against web applications and software, and propose a method to effectively diagnose web and application vulnerabilities. The testing results on the commercial service are analyzed to prove that our approach is more effective than the other existing methods.