• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.191-197
• /
• 2024

Software reuse gives the meaning for rapid software development and the quality of the software. Most of the Java components/libraries open-source are available only in Java Archive (JAR) file format. When a software design enters into the development process, the developer needs to select necessary JAR files manually via analyzing the given software architecture and related JAR files. This paper proposes an automated approach, JarBot, to suggest all the necessary JAR files for given software architecture in the development process. All related JAR files will be downloaded from the internet based on the extracted information from the given software architecture (class diagram). Class names, method names, and attribute names will be extracted from the downloaded JAR files and matched with the information extracted from the given software architecture to identify the most relevant JAR files. For the result and evaluation of the proposed system, 05 software design was developed for 05 well-completed software project from GitHub. The proposed system suggested more than 95% of the JAR files among expected JAR files for the given 05 software design. The result indicated that the proposed system is suggesting almost all the necessary JAR files.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.841-852
• /
• 2021

Biometric recognition refers to a technology that identifies or verifies an individual after registering each individual's physical, physiological, and behavioral characteristics with an automated device. However, the biometric data used here corresponds to personal information since it can identify an individual. Therefore, when it is compromised or misused, it negatively affects the privacy of the data subject. In this paper, we review the current status of domestic laws related to biometric information and the status of infringements related to this. And then, some biometric application models are derived and vulnerabilities and countermeasures for each model are discussed. Finally, for the developer and service provider of the biometric system, protection guidance is presented.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.3-9
• /
• 2015

A web application that allows a web service created by a internal developer who has security awareness show certain level of security. However, in the case of development by outsourcing, it is inevitable to implement the development centered on requested function rather than the issue of security. Thus in this paper, we improve the software testing process focusing on security for exclusion the leakage of important information and using an unauthorized service that results from the use of the vulnerable web application. The proposed model is able to consider security in the initial stage of development even when outsourced web application, especially, It can prevent the development schedule delay caused by the occurrence of modification for program created by programer who has low security awareness. This result shows that this model can be applied to the national defense area for increasing demand web application centered resource management system to be able to prevent service of web application with security vulnerability based on high test.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.531-534
• /
• 2011

본 연구의 목적은 차세대 MEAP 환경에서의 보안 평가 모델을 제시하는 것이다. 기업용 애플리케이션 개발환경은 PES 및 MEAP을 거쳐 완벽한 OSMP구현을 위한 HTML5 환경으로 발전하고 있다. 이와 더불어 보안의 위협도 증대되고 있으나, HTML5 환경에서의 보안에 대한 연구는 미흡한 실정이다. 이러한 문제에 대비하기 위해서는 기존 개발환경의 보안 특징을 살펴볼 필요가 있다. 본 연구에서는 보안위협요소를 Back-End System, Client, Developer, OS 4가지로 도출한 후, 이에 해당하는 보안 위협 문제들을 살펴보고 보안 평가 모델을 제시하였다. 본 모델은 단계별 보안이슈를 포함하고 있으며, 향후 HTML5 시대에 논의될 보안 이슈의 방향성을 제시한다는데 그 의미가 있다. 따라서 본 연구는 기업형 하이브리드 애플리케이션 개발을 준비하는 기업 및 연구자에게 시사점을 제공할 것으로 기대된다.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.61-67
• /
• 2012

Accordingly the number of smart-phone-based malicious codes is also increasing and their techniques for malicio us purpose are getting more clever and evolved. Among them, the malicious codes related to Android take the major portion and it can be estimated that they are based on open source so that the access to the system is easy. Intent is a technique to support the communication between application's components by transmitting message subjects in Android. Intent provides convenience to developers, but it can be utilized as security vulnerability that allows the developer with a malicious purpose to control the system as intended. The vulnerability of intent security is that personal information can be accessed using discretionally its proper function given to application and smart phone's functions can be maliciously controlled. This paper improves with the Intent security vulnerability caused by the smart phone users' discretional use of custom kernel. Lastly, it verifies the malicious behaviors in the process of installing an application and suggests a technique to watch the Intent security vulnerability in realtime after its installation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.303-306
• /
• 2011

System solutions for access control to the user's personal when you want to authenticate to the system is used. The valid user is really just a part of authorized users, the suitability of a valid user has been authenticated are not sure whether the problem is the fact. For example, one developer in the Unix operating system can be valid, but do not have permission to access the system should be limited for. In this paper, a single account for multiple users to use the system operational issues to improve the fine-grained delegation of authority, the session audit, the administrator account's policy-based management, with full rights the administrator account of distribution management and auditing the system overall is the study of access control measures.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.11
• /
• pp.131-138
• /
• 2020

Malware is generally recognized as a computer program that penetrates another computer system and causes malicious behavior intended by the developer. In cyberspace, it is also used as a cyber weapon to attack adversary. The most important factor that a malware must have as a cyber weapon is that it must achieve its intended purpose before being detected by the other's detection system. It requires a lot of time and expertise to create a single malware to avoid the other's detection system. We propose the framework that automatically generates variant malware when a binary code type malware is input using the DCM technique. In this framework, the sample malware was automatically converted into variant malware, and it was confirmed that this variant malware was not detected in the signature-based malware detection system.

• Convergence Security Journal
• /
• v.13 no.5
• /
• pp.97-105
• /
• 2013

It is very important the government project should be supported by enough budget for proceeding. The insufficient budget by poor budget estimating uesd to bring about discontinuing for the project. This is originally caused by inaccuracy for cost estimating about system and evaluating for system requirements on the projet initial phase. The system requirements is technical requirements that converted the user needs and is needs for communicating between stakeholder and developer and manufacturer. Also the system requirements is the primary factor to make the project cost. The cost estimating is not easy due to complication of cost factors and an aberration between cost estimating and actual cost. Specially, on the project initial phase, shortage of detail information for project make more difficult to do cost estimating. This study proposes the architecture for validating proper system requirements by using cost estimations methodology on the project initial phase and shows the computer tool for simulating the proposed architecture.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.61-74
• /
• 2007

In Common Criteria evaluation scheme, sponsor and evaluator should estimate evaluation cost and duration of IT security system evaluation in contracting the evaluation project. In this paper, We analyzed study result that achieve at 2003 and 2005, and utilized part of study result. And we empirically estimate relative evaluation effort ratios among evaluation assurance levels($EAL1{\sim}EAL7$) in CC v2.3 and CC v3.1. Also, we estimate the ratios from 'developer action elements', adjusted 'content and presentation of evidence elements', and 'evaluator action elements 'for each assurance component. We, especially, use ratio of amount of effort for each 'evaluator action elements', that was obtained from real evaluators in KISA in 2003. Our result will useful for TOE sponsor as well as evaluation project manager who should estimate evaluation cost and duration for a specific EAL and type of TOE, in a new CC v3.1 based evaluation schem.

• Journal of Information Technology Services
• /
• v.10 no.2
• /
• pp.223-234
• /
• 2011

Loosely coupled properties of SOA(Service Oriented Architecture) services do not guarantee that service applications always work properly. Service errors may also influence other services of SOA. These characteristics adversely affect software reliability. Therefore, it is a challenge to effectively manage system change and errors for operating services normally. In this study, we propose a SOA based framework using AOP(Aspect Oriented Programming) for reliable service applications. AOP provides a way to manipulate cross-cutting concerns such as logging, security and reliability and these concerns can be added to applications through weaving process. We define a service specification and an aspect specification for this framework. This framework also includes service provider, requester, repository, platform, manager, and aspect weaver to handle changes and exceptions of applications. Independent Exception Handler is stored to exhibited external Aspect Service Repository. When exception happened, Exception Handler is linked dynamically according to aspect rule that is defined in aspect specification and offer function that handle exception alternate suitable service in systematic error situation. By separating cross-cutting concerns independently, we expect that developer can concentrate on core service implementation and reusability, understanding, maintainability increase. Finally, we have implemented a prototype system to demonstrate the feasibility of our framework in case study.