• Title/Summary/Keyword: Information weakness

Search Result 789, Processing Time 0.019 seconds

Implement Static Analysis Tool using JavaCC

  • Kim, Byeongcheol;Kim, Changjin;Yun, Seongcheol;Han, Kyungsook
    • Journal of the Korea Society of Computer and Information
    • /
    • v.23 no.12
    • /
    • pp.89-94
    • /
    • 2018
  • In this paper, we implemented a static analysis tool for weakness. We implemented on JavaCC using syntax information and control flow information among various information. We also tested the performance of the tool using Juliet-test suite on Eclipse. We were classified using information necessary for diagnosis and diagnostic methods were studied and implemented. By mapping the information obtained at each compiler phase the security weakness, we expected to link the diagnostic method with the program analysis information to the security weakness. In the future, we will extend to implement diagnostic tools using other analysis information.

A Study on the Remove Use-After-Free Security Weakness (소프트웨어 개발단계 Use-After-Free 보안약점 제거방안 연구)

  • Park, Yong Koo;Choi, Jin Young
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.6 no.1
    • /
    • pp.43-50
    • /
    • 2017
  • Use-After-Free security problem is rapidly growing in popularity, especially for attacking web browser, operating system kernel, local software. This security weakness is difficult to detect by conventional methods. And if local system or software has this security weakness, it cause internal security problem. In this paper, we study ways to remove this security weakness in software development by summarize the cause of the Use-After-Free security weakness and suggest ways to remove them.

A development of weakness calculation method for information system (정보시스템 취약도 계산 방법 개발)

  • Park, Joong-Gil
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.5
    • /
    • pp.131-139
    • /
    • 2007
  • Vulnerability analysis helps to remove discriminating vulnerabilities that exist in various equipment that composes operating information system. It is possible to explain representation and exclusion method about vulnerabilities of each equipment by vulnerability analysis. But it is difficult to display the weakness of whole information system. To do this, analyst synthesizes several information that achieved by vulnerability analysis. But the existing method does not provide fair evaluation because operators' personal opinion. In this paper, we explain about method that unites discriminatively vulnerable point and expresses whole weakness degree in numerical value by equipment, by system class, or by overall system.

Research on Secure Coding and Weakness for Implementation of Android-based Dynamic Class Loading (안드로이드 동적 클래스 로딩 기법을 이용한 개발단계에서의 보안약점 및 시큐어 코딩 연구)

  • Kim, Hyunjo;Choi, Jin-Young
    • Journal of Korea Multimedia Society
    • /
    • v.19 no.10
    • /
    • pp.1792-1807
    • /
    • 2016
  • Android application is vulnerable to reverse engineering attack. And by this, it is easy to extract significant module from source code and repackage it. To prevent this problem, dynamic class loading technique, which is able to exclude running code from distributed source code and is able to load running code dynamically during runtime can be used. Recently, this technique was adapted on variety of fields and applications like updating pre-loaded android application, preventing from repacking malicious application, etc. Despite the fact that this technique is used on variety of fields and applications, there is fundamental lack on the study of potential weakness or related secure coding. This paper would deal with potential weaknesses during the implementation of dynamic class loading technique with analysing related international/domestic standard of weaknesses and suggest a secure way for the implementation of dynamic class loading technique. Finally, we believe that this technique described here could increase the level of trust by decreasing the weakness related to dynamic class loading technique.

Nuclear-related Software analysis based on secure coding (시큐어 코딩 중심으로 본 원자력 관련 소프트웨어)

  • Jung, Da-Hye;Choi, Jin-Young;Lee, Song-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.2
    • /
    • pp.243-250
    • /
    • 2013
  • We have entered into an era of smart software system where the many kinds of embedded software, especially SCADA and Automotive software not only require high reliability and safety but also high-security. Removing software weakness during the software development lifecycle is very important because hackers exploit weaknesses which are source of software vulnerabilities when attacking a system. Therefore the coding rule as like core functions of MISRA-C should expand their coding focus on security. In this paper, we used CERT-C secure coding rules for nuclear-related software being developed to demonstrate high-safety software, and proposed how to remove software weakness during development.

Evaluation Methodology of Diagnostic Tool for Security Weakness of e-GOV Software (전자정부 소프트웨어의 보안약점 진단도구 평가방법론)

  • Bang, Jiho;Ha, Rhan
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38C no.4
    • /
    • pp.335-343
    • /
    • 2013
  • If the SW weaknesses, which are the main cause of cyber breaches, are analyzed and removed in the SW development stages, the cyber breaches can be prevented effectively. In case of Domestic, removing SW weaknesses by applying Secure SDLC(SW Development Life Cycle) has become mandatory. In order to analyze and remove the SW weaknesses effectively, reliable SW weakness diagnostic tools are required. Therefore, we propose the functional requirements of diagnostic tool which is suitable for the domestic environment and the evaluation methodology which can assure the reliability of the diagnostic tools. Then, to analyze the effectiveness of the proposed evaluation framework, both demonstration results and process are presented.

Privacy Weakness Analysis of Delegation-Based Authentication Protocol (위임기반 인증 프로토콜의 프라이버시 취약성 분석)

  • Youn, Taek-Young;Kim, Chang-Han
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.6
    • /
    • pp.53-57
    • /
    • 2010
  • Recently, Lee et al. proposed a delegation-based authentication protocol for secure and private roaming service in global mobility networks. In this paper, we show that the protocol cannot protect the privacy of an user even though the protocol provides the user anonymity. To prove the weakness, we show that the protocol cannot provide the unlinkability and also examine the weakness of the protocol caused by the lack of the unlinkability.

Understanding and Exercise of Gluteus Medius Weakness: A Systematic Review

  • Baik, Seung-min;Cynn, Heon-seock;Kim, Seok-hyun
    • Physical Therapy Korea
    • /
    • v.28 no.1
    • /
    • pp.27-35
    • /
    • 2021
  • A weak or dysfunctional gluteus medius (Gmed) is related to several pathologies, and individuals with hip abductor weakness have Gmed weakness. This study aimed to systematically review the literature associated with the anatomy and function of the Gmed, and the prevalence, pathology, and exercise of Gmed weakness. Papers published between 2010 and 2020 were retrieved from MEDLINE, Google Academic Search, and Research Information Sharing Service. The database search used the following terms: (glut* OR medius OR hip abduct*) AND weak*. The Gmed plays an important role in several functional activities as a primary hip abductor by providing pelvic stabilization and controlling hip adduction and internal rotation. Weakness of the Gmed is associated with many disorders including balance deficit, gait and running disorders, femoroacetabular impingement, snapping hip, gluteal tendinopathy, patellofemoral pain syndrome, osteoarthritis, iliotibial band syndrome, anterior cruciate ligament injury, ankle joint injuries, low back pain, stroke, and nocturia. Overuse of the tensor fasciae latae (TFL) as a hip abductor due to Gmed weakness can also cause several pathologies such as pain in the lower back and hip and degenerative hip joint pathology, which are associated with dominant TFL. Similarly, lateral instability and impaired movements such as lumbar spine lateral flexion or lateral tilt of the pelvis can occur due to compensatory activation of the quadratus lumborum for a weakened Gmed while exercising. Therefore, the related activation of synergistic muscles or compensatory movement should be considered when prescribing Gmed strengthening exercises.

The new Weakness of RSA and The Algorithm to Solve this Problem

  • Somsuk, Kritsanapong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.9
    • /
    • pp.3841-3857
    • /
    • 2020
  • RSA is one of the best well-known public key cryptosystems. This methodology is widely used at present because there is not any algorithm which can break this system that has all strong parameters within polynomial time. However, it may be easily broken when at least one parameter is weak. In fact, many weak parameters are already found and are solved by some algorithms. Some examples of weak parameters consist of a small private key, a large private key, a small prime factor and a small result of the difference between two prime factors. In this paper, the new weakness of RSA is proposed. Assuming Euler's totient value, Φ (n), can be rewritten as Φ (n) = ad + b, where d is the private key and a, b ∈ ℤ, if a divides both of Φ (n) and b and the new exponent for the decryption equation is a small integer, this condition is assigned as the new weakness for breaking RSA. Firstly, the specific algorithm which is created for this weakness directly is proposed. Secondly, two equations are presented to find a, b and d. In fact, one of two equations must be implemented to find a and b at first. After that, the other equation is chosen to find d. The experimental results show that if this weakness has happened and the new exponent is small, original plaintext, m, will be recovered very fast. Furthermore, number of steps to recover d are very small when a is large. However, if a is too large, d may not be recovered because m which must be always written as m = ha is higher than modulus.

A Study on the Structured Weakness Classification for Mobile Applications (모바일 애플리케이션을 위한 보안약점 구조화 기법에 대한 연구)

  • Son, Yunsik;Oh, Se-Man
    • Journal of Korea Multimedia Society
    • /
    • v.15 no.11
    • /
    • pp.1349-1357
    • /
    • 2012
  • In recent years, security accidents which are becoming the socially hot issue not only cause financial damages but also raise outflow of private information. Most of the accidents have been immediately caused by the software weakness. Moreover, it is difficult for software today to assure reliability because they exchange data across the internet. In order to solve the software weakness, developing the secure software is the most effective way than to strengthen the security system for external environments. Therefore, suggests that the coding guide has emerged as a major security issue to eliminate vulnerabilities in the coding stage for the prevention of security accidents. Developers or administrators effectively in order to use secure coding coding secure full set of security weaknesses organized structurally and must be managed. And the constant need to update new information, but the existing Secure Coding and Security weakness is organized structurally do not. In this paper, we will define and introduce the structured weakness for mobile applications by the surveys of existing secure coding and coding rules for code analysis tools in Java.