• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.10
• /
• pp.431-436
• /
• 2023

Recently the incorporation of artificial intelligence approaches in the field of software engineering has been one of the big topics. In the world, there are actively studying in two directions: 1) software engineering for artificial intelligence and 2) artificial intelligence for software engineering. We attempt to apply artificial intelligence to software engineering to identify and refactor bad code module areas. To learn the patterns of bad code elements well, we must have many datasets with bad code elements labeled correctly for artificial intelligence in this task. The current problems have insufficient datasets for learning and can not guarantee the accuracy of the datasets that we collected. To solve this problem, when collecting code data, bad code data is collected only for code module areas with high-complexity, not the entire code. We propose a method for exploring common weakness enumeration by learning the collected dataset based on transfer learning of the CodeBERT model. The CodeBERT model learns the corresponding dataset more about common weakness patterns in code. With this approach, we expect to identify common weakness patterns more accurately better than one in traditional software engineering.

• Journal of Korea Multimedia Society
• /
• v.19 no.10
• /
• pp.1792-1807
• /
• 2016

Android application is vulnerable to reverse engineering attack. And by this, it is easy to extract significant module from source code and repackage it. To prevent this problem, dynamic class loading technique, which is able to exclude running code from distributed source code and is able to load running code dynamically during runtime can be used. Recently, this technique was adapted on variety of fields and applications like updating pre-loaded android application, preventing from repacking malicious application, etc. Despite the fact that this technique is used on variety of fields and applications, there is fundamental lack on the study of potential weakness or related secure coding. This paper would deal with potential weaknesses during the implementation of dynamic class loading technique with analysing related international/domestic standard of weaknesses and suggest a secure way for the implementation of dynamic class loading technique. Finally, we believe that this technique described here could increase the level of trust by decreasing the weakness related to dynamic class loading technique.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.457-461
• /
• 2017

Barcode is widely being used in many places such as supermarket, cafeteria, library, etc. ISBN, Code 128, Code 39 are mainly used in barcode. Among them, Code 128 which is based on ASCII Code can transfer control letters that range from ASCII Code 0 to ASCII 32. Control letters intrinsically imply letters that are used to deliver information to peripheral devices such as a printer or communication joint, however, they play quite different roles if they are inputted on Windows. Generally, barcode devices doesn't verify input data, thus it enables people to tag any barcode that has specific control letters and execute the commands. Besides, most barcode recognition programs are using a database and they have more security weakness compared to other programs. On the basis of those reasons, I give an opinion that SQL Injection can attack barcode recognition programs through this study.

• Proceedings of the KSR Conference
• /
• 2010.06a
• /
• pp.1255-1261
• /
• 2010

An operating information and fault recode of train is very important information for safety driving and maintenance. And these information is increased and need high speed as the number of trains is increased. Wireless LAN or CDMA network is efficient to report more complicated and various information from vehicle to server in control center. Existing wireless transmission system has weakness due to transmission system is separated with TDCS and standalone. At first, standalone system needs space to be installed and cost is increased. And data transmission capacity and speed is limited by complicated structure that transmission system receive data thru serial communication like RS232 and then data transmission system send data to server in control center. This article is study to develop embedded & wireless fault code transmission device to be installed in TDCS to overcome weakness of space and to have more cost effective and simple structure. It is adapted 802.11b/g WiFi for wireless communication and OS is used embedded Linux that can easily implement wireless communication environment and ensure TCP/IP communication’s security. We also implement simple server to test wireless communication between embedded & wireless fault code transmission device and server in control center.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.189-192
• /
• 2017

마트, 식당, 도서관 등 우리 주변 많은 곳에서 바코드가 사용되고 있다. 바코드는 주로 ISBN, Code128, Code39 등의 형식이 쓰이는데 그중 Code 128은 ASCII Code를 기반으로 하기 때문에 ASCII Code 0번부터 32번까지의 제어 문자를 바코드에 담을 수 있다. 제어 문자는 본래 프린터 또는 통신 접속구 등 주변 장치에 정보를 전달하기 위하여 사용되는 문자를 뜻하지만 Windows상에서 입력될 시 전혀 다른 역할을 한다. 주로 바코드 기기에서 입력 값을 검증하지 않으므로 이를 이용해 제어 문자를 담은 바코드를 태깅해 명령 프롬포트를 열고 명령을 실행할 수 있다. 또한 대부분의 바코드 인식 프로그램이 DB를 사용하고, 보안이 다른 프로그램들에 비해 취약하다는 점에서 SQL Injection 공격 가능성을 제시한다.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.51-60
• /
• 2010

The expansion of internet technology has made convenience. On the one hand various malicious code is produced. The number of malicious codes occurrence has dramadically increasing, and new or variant malicious code circulation very serious, So it is time to require analysis about malicious code. About malicious code require set criteria for judgment, malicious code taxonomy using Algorithm of weakness difficult to new or variant malicious code taxonomy but already discovered malicious code taxonomy is effective. Therefore this paper of object is various malicious code analysis besides new or variant malicious code type or form deduction using visualization of strong. Thus this paper proposes a malicious code analysis and grouping method using visualization.

• Journal of Korea Multimedia Society
• /
• v.14 no.10
• /
• pp.1335-1347
• /
• 2011

The dissemination and use of mobile applications have been rapidly expanding these days. And in such a situation, the security of mobile applications has emerged as a new issue. Although the safety of general software such as desktop and enterprise software is systematically achieved from the development phase to the verification phase through secure coding, there have been not sufficient studies on the safety of mobile applications yet. This paper deals with deriving weakness enumeration specialized in mobile applications and implementing a tool that can automatically analyze the derived weakness. Deriving the weakness enumeration can be achieved based on CWE(Common Weakness Enumeration) and CERT(Computer Emergency Response Team) relating to the event-driven method that is generally used in developing mobile applications. The analysis tool uses the dynamic tests to check whether there are specified vulnerabilities in the source code of mobile applications. Moreover, the derived vulnerability could be used as a guidebook for programmers to develop mobile applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.5
• /
• pp.2348-2365
• /
• 2018

QR codes as public patent are widely used to acquire the information in various fields. However, it faces security problem when delivering the privacy message by QR code. To overcome this weakness, we propose a secret hiding scheme by improving exploiting modification direction to protect the private message in QR code. The secret messages will be converted into octal digit stream and concealed to the cover QR code by overwriting the cover QR code public message bits. And the private messages can be faithfully decoded using the extraction function. In our secret hiding scheme, the QR code public message still can be fully decoded publicly from the marked QR codes via any standard QR Code reader, which helps to reduce attackers' curiosity. Experiments show that the proposed scheme is feasible, with high secret payload, high security protection level, and resistant to common image post-processing attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.605-615
• /
• 2018

Due to the rapid growth of the Internet of Things market, the use of the C/C++ language, which is the most widely used language in embedded systems, is also increasing. To improve the quality of code in the C/C++ language and reduce development costs, it is better to use static analysis, a software verification technique that can be performed in the first half of the software development life cycle. Many programs use static analysis to verify software safety and many static analysis tools are being used and studied. In this paper, we use Clang static analysis tool to check security weakness detection performance of verified test code. In addition, we compared the static analysis results of the test codes applied with the source obfuscation techniques, layout obfuscation, data obfuscation, and control flow obfuscation techniques, and the static analysis results of the original test codes, Analyze the detection ability impact of the Clang static analysis tool.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.10
• /
• pp.5144-5160
• /
• 2019

Secret sharing is an effective way of protecting secret messages. However, the traditional secret sharing schemes are considered meaningless due to malicious people attention which might raise risks. To overcome the weakness, this paper presents an effective secret sharing scheme with the functionality of cheater identification, based on meaningful QR code. The secret message will be split and concealed in the padding region of cover QR codes with the assistance of Latin square and it can be completely restored when all the involved participants cooperate. The concealing strategy exploits the characteristic of Reed-Solomon (RS) code to ensure the strong robustness of generated QR code pseudo-shares. The meaningful QR code pseudo-shares help to reduce the curious of unrelated persons. Some experiments were done to evaluate the performance of proposed scheme. The results showed that the proposed scheme is feasible, efficient and secure compared to the other existing schemes. It also achieves a higher secret payload and maintains stronger robustness.