• Journal of KIISE
• /
• v.42 no.4
• /
• pp.487-495
• /
• 2015

Since most of information is computerized nowadays, it is extremely important to promote the security of the computerized information. However, the software itself can threaten the safety of information through many abusive methods enabled by coding mistakes. Even though the Secure Coding Guide has been proposed to promote the safety of information by fundamentally blocking the hacking methods, it is still hard to apply the techniques on other programming languages because the proposed coding guide is mainly written for C and Java programmers. In this paper, we reclassified the coding rules of the Secure Coding Guide to extend its applicability to programming languages in general. The specific coding guide adopted in this paper is the C Secure Coding Guide, announced by the Ministry of Government Administration and Home Affairs of Korea. According to the classification, we applied the rules of programming in Sprout, which is a newly proposed Korean programming language. The number of vulnerability rules that should be checked was decreased in Sprout by 52% compared to C.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.3
• /
• pp.87-98
• /
• 2009

This paper discuss secure information flow analysis and its visualization. Information leak is defined as existence of information flow from variables which have user's private informations to variables that anyone can access. Secure information flow analysis has been made to decide of whether the information leak is or not. There are many researches for secure information flow analysis concerning high level programming languages. But actually, programs that user executes don't have program source code represented in high level programming language. Thus there is need for analysis of program represented in low level language. More to analysis, visualization of analysis is very important. So, this paper discuss visualization of secure information flow analysis. In this paper, Mini x86 Assembly Language which is subset of x86 assembly language is defined and secure information flow analysis of program is proposed. In addition, this paper defines transfer function that is used for analysis and shows how to visualize control flow graph.

• ETRI Journal
• /
• v.38 no.5
• /
• pp.934-940
• /
• 2016

In this paper, secure multicasting with the help of cooperative decode-and-forward relays is considered for the case in which a source securely sends a common message to multiple destinations in the presence of a single eavesdropper. We show that the secrecy rate maximization problem in the secure multicasting scenario under an overall power constraint can be solved using semidefinite programing with semidefinite relaxation and a bisection technique. Further, a suboptimal approach using zero-forcing beamforming and linear programming based power allocation is also proposed. Numerical results illustrate the secrecy rates achieved by the proposed schemes under secure multicasting scenarios.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.3
• /
• pp.943-950
• /
• 2010

A secure entrance system is complicated because it should have various functions like monitoring, logging, tracing, authentication, authorization, staff locating, managing staff enter-and-leave, and gate control. In this paper, we built and applied a secure entrance system for a domestic nuclear plant using Aspect Oriented Programming(AOP) and design pattern. Using AOP has an advantage of clearly distinguishing the role for each functional module because building a system separated independently from the system's business logic and security logic is possible. It can manage system alternation flexibility by frequent change of external environment, building a more flexible system based on increased code reuse, efficient functioning is possible which is an original advantage of AOP. Using design pattern enables to design by structuring the complicated problems that arise in general software development. Therefore, the safety of the system can also be guaranteed.

• The KIPS Transactions:PartA
• /
• v.11A no.6
• /
• pp.439-450
• /
• 2004

Mobile agents are autonomous and dynamic entities that can migrate among various nodes in the network. Java's Jini framework facilitates mobile agent system development, providing hey features for distributed network programming. However, due to the security weakness, Jinil.0 service has a fundamental limitation on developing mobile agent systems which support secure remote communications. In this paper, we describe a Jini2.0-based secure mobile agent system named SecureJMoblet. On the top of Jini2.0, the system provides basic functionalities of a mobile agent system such as creation, transfer and control. In addition, with the SeureJS developed for secure JavaSpace service, SecureJMoblet supports a secure object repository and a reliable communication among mobile agents.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.1
• /
• pp.105-114
• /
• 2010

C language is frequently used to develop application and system programs. However, programs using C language are vulnerable to buffer overflow attacks. To prevent buffer overflow, programmers have to check boundaries of buffer areas when they develop programs. But vulnerable programs frequently result from improper programming habits and mistakes of programmers. Existing researches for preventing buffer overflow attacks only inform programmers of warnings about vulnerabilities and not remove vulnerabilities in advance so that the programs still include vulnerabilities. In this paper, we propose a function translator which prevents creating programs including buffer overflow vulnerabilities. To prevent creating binary from source including vulnerabilities, the proposed translator searches vulnerable functions which cause buffer overflows, and converts them into secure functions. Accordingly, developing vulnerable programs by programmers which lack in knowledge on security can be prevented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.973-983
• /
• 2019

The importance of information security has been increasingly emphasized at the national, organizational, and individual levels due to the widespread adoption of software applications. High-safety software, which includes embedded software, should run without errors, similar to software used in the airline and nuclear energy sectors. Software development techniques in the above sectors are now being used to improve software security in other fields. Secure coding, in particular, is a concept encompassing defensive programming and is capable of improving software security. In this paper, we propose a software security vulnerability detection method using an improved coding standard searching technique. Public static analysis tools were used to assess software security and to classify the commands that induce vulnerability. Software security can be enhanced by detecting Application Programming Interfaces (APIs) and patterns that can induce vulnerability.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5616-5630
• /
• 2019

Fully homomorphic encryption allows a third-party to perform arbitrary computation over encrypted data and is especially suitable for secure outsourced computation. This paper investigates secure outsourced computation of multiple matrix multiplication based on fully homomorphic encryption. Our work significantly improves the latest Mishra et al.'s work. We improve Mishra et al.'s matrix encoding method by introducing a column-order matrix encoding method which requires smaller parameter. This enables us to develop a binary multiplication method for multiple matrix multiplication, which multiplies pairwise two adjacent matrices in the tree structure instead of Mishra et al.'s sequential matrix multiplication from left to right. The binary multiplication method results in a logarithmic-depth circuit, thus is much more efficient than the sequential matrix multiplication method with linear-depth circuit. Experimental results show that for the product of ten 32×32 (64×64) square matrices our method takes only several thousand seconds while Mishra et al.'s method will take about tens of thousands of years which is astonishingly impractical. In addition, we further generalize our result from square matrix to non-square matrix. Experimental results show that the binary multiplication method and the classical dynamic programming method have a similar performance for ten non-square matrices multiplication.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.2
• /
• pp.646-663
• /
• 2014

Scrum is one of the most popular and efficient agile development methods. However, like other agile methods such as Extreme Programming (XP), Feature Driven Development (FDD), and the Dynamic Systems Development Method (DSDM), Scrum has been criticized because of lack of support to develop secure software. Thus, in 2011, we published research proposing the idea of a security backlog (SB). This paper represents the continuation of our previous research, with a focus on the evaluation in industry-based case study. Our findings highlight an improved agility in Scrum after the integration of SB. Furthermore, secure software can be developed quickly, even in situations involving requirement changes of software. Based on our experimental findings, we noticed that, when integrating SB, it is quite feasible to develop secure software using an agile Scrum model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.4
• /
• pp.1904-1921
• /
• 2019

In this paper, we investigate the problem of secure communications in multiple-input-multiple-output interference networks from the perspective of physical layer security. Specifically, the legitimate transmitter-receiver pairs are divided into different categories of active and inactive. To enhance the security performances of active pairs, inactive pairs serve as cooperative jammers and broadcast artificial noises to interfere with the eavesdropper. Besides, active pairs improve their own security by using joint transceivers. The encoding of active pairs and inactive pairs are designed by maximizing the difference of mean-squared errors between active pairs and the eavesdropper. In detail, the transmit precoder matrices of active pairs and inactive pairs are solved according to game theory and linear programming respectively. Experimental results show that the proposed algorithm has fast convergence speed, and the security performances in different scenarios are effectively improved.