• The KIPS Transactions:PartD
• /
• v.9D no.6
• /
• pp.1043-1054
• /
• 2002

This paper intends to suggest a XML-based secure E-Procurement system using Unified Modeling Language(UML), as an application system for domestic automobile industry. Applying UML methodology, which is Component-based Development (CBD), we analyzed the workflow on procurement operation of automobile industry and implemented a prototype of efficient E-Procurement system for automobile industry, by developing XML/EDI and XML signature. Also, on this paper, object-oriented CBD is employed to minimize the risk of life cycle and reuse software as mentioned to limitation of information engineering methodology. It enables the interoperability with ERP (Enterprise Resource Planning) as corporate legacy system. This system proposes a solution to apply analysis and design of workflow, component development, interoperability with corporate information system, and XML signature for integrity and authentication of electronic documents in other system so far.

• Journal of Internet Computing and Services
• /
• v.14 no.4
• /
• pp.35-42
• /
• 2013

Nowadays many tasks are performed using the Web. Accordingly, many web-based application systems with various and complicated functions are being requested. In order to develop such web-based application systems efficiently, object-oriented analysis and design methodology is used, and Java EE(Java Platform, Enterprise Edition) technologies are used for its implementation. The security issues have become increasingly important. For such reasons, Java EE provides mechanism related to security but it does not provide interconnections with object-oriented analysis and design methodology for developing web application system. Consequently, since the security method by Java EE mechanism is implemented at the last step only, it is difficult to apply constant security during the whole process of system development from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology emphasized in the security for secure web application systems from the requirement analysis to implementation. The object-oriented analysis and design methodology adopts UMLsec, the modeling language with an emphasis on security for the requirement analysis and system analysis & design with regard to security. And for its implementation, RBAC (Role Based Access Control) of servlet from Java EE technologies is used. Also, the object-oriented analysis and design methodology for the secure web application is applied to online banking system in order to prove its effectiveness.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.4
• /
• pp.335-343
• /
• 2013

If the SW weaknesses, which are the main cause of cyber breaches, are analyzed and removed in the SW development stages, the cyber breaches can be prevented effectively. In case of Domestic, removing SW weaknesses by applying Secure SDLC(SW Development Life Cycle) has become mandatory. In order to analyze and remove the SW weaknesses effectively, reliable SW weakness diagnostic tools are required. Therefore, we propose the functional requirements of diagnostic tool which is suitable for the domestic environment and the evaluation methodology which can assure the reliability of the diagnostic tools. Then, to analyze the effectiveness of the proposed evaluation framework, both demonstration results and process are presented.

• Journal of Korean Society for Geospatial Information Science
• /
• v.3 no.2 s.6
• /
• pp.183-197
• /
• 1995

The broad meaning of system integration is to satisfy user requirement, and to secure and offer Hardware, Software, network, System development, maintenance, education and manpower in his own responsibility for successful business. But the basic concept of system integration is not justified and the methodology of propel procedure is not established. Therefore, in this thesis. first, We established the bagic concept of system integration in practical view. second, We modeled the propel procedure of system integration with many large project examples in view of up to date IT (information technology) view. We can enhance the compatative advantage by liking organizational strategy and IT and executing GIS project in view of system integration

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.35-41
• /
• 2013

What is an alternative to medical information security of medical information more secure preservation and safety of various types of security threats should be taken, starting from the software design. Interspersed with medical information systems medical information to be able to integrate the real-time exchange of medical information must be reliable data communication. The software architecture design of medical information systems and sharing of medical information security issues and communication phase allows the user to identify the requirements reflected in the software design. Software framework design, message standard design, design a web-based inter-process communication procedures, access control algorithm design, architecture, writing descriptions, evaluation of various will procedure the establishing architecture. The initial decision is a software architecture design, development, testing, maintenance, ongoing impact. In addition, the project will be based on the decision in detail. Medical information security method based on the design software architecture of today's medical information security has become an important task of the framework will be able to provide.

• Journal of Information Technology Applications and Management
• /
• v.23 no.3
• /
• pp.35-47
• /
• 2016

Many technology innovations fail. Only a few of them are successfully implemented. Most of the remaining are discontinued before long or fail to be routinized. Although employees attempted to adopt the innovation for some legitimacy reasons, they have not reached the stage of internalization in which they believe in the real value of the innovation and become committed to the innovation. The deficiency of internalization was utilized in many studies as an important factor for explaining the failed innovation cases. However, few empirical studies examine the role of internalization in technology adoption. This study aims to investigate a mediating effect of internalization on technology adoption.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.127-137
• /
• 2012

Recently, as modern Internet uses mashups, Web 3.0, JavaScript/AJAX widely, the rate at which new vulnerabilities are being discovered is increasing rapidly. It can subsequently introduce big security threats. In order to efficiently mitigate these web application vulnerabilities and security threats, it is needed to rank vulnerabilities based on severity and consider the severe vulnerabilities during a specific phase of software development lifecycle (SDLC) for web applications. In this paper, we have first verified whether the risk rating methodology of OWASP Top 10 vulnerabilities is a reasonable one or not by analyzing the vulnerability data of web applications in the US National Vulnerability Database (NVD). Then, by inspecting the vulnerability information of web applications based on OWASP Top-10 2010 list and CWE (Common Weakness Enumeration) directory, we have mapped the web-related entries of CWE onto the entries of OWASP Top-10 2010 and prioritized them. We have also presented which phase of SDLC is associated with each vulnerability entry. Using this approach, we can prevent or mitigate web application vulnerabilities and security threats efficiently.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.387-402
• /
• 2020

Conventional automotive development has mainly focused on ensuring correctness and safety and security has been relatively neglected. However, as the number of automotive hacking cases has increased due to the increased Internet connectivity of automobiles, international organizations such as the United Nations Economic Commission for Europe(UNECE) are preparing cybersecurity regulations to ensure security for automotive development. As with other IT products, automotive cybersecurity regulation also emphasize the concept of "Security by Design", which considers security from the beginning of development. In particular, since automotive development has a long lifecycle and complex supply chain, it is very difficult to change the architecture after development, and thus Security by Design is much more important than existing IT products. The problem, however, is that no specific methodology for Security by Design has been proposed on automotive development process. This paper, therefore, proposes a specific methodology for Security by Design on Automotive development. Through this methodology, automotive manufacturers can simultaneously consider aspects of functional safety, and security in automotive development process, and will also be able to respond to the upcoming certification of UNECE automotive cybersecurity regulations.

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.57-70
• /
• 2020

This study examines the subjective perception of software developers on happiness at work through the Q-sort methodology. Analysis of 63 respondents revealed four types happiness at work with highly differentiated characteristics: 'stability of work oriented', 'defiant self-driven, technology-oriented', 'realistic professionalism oriented', and 'genuinely technology and task-immersion oriented'. The 'defiant self-driven, technology-oriented' and 'genuinely technology and task-immersion oriented' types are interested in latest ICT and consider recognition of one's professionalism as well as self-realization result in happiness at work. On the other hand, the 'stability of work oriented' and 'realistic professionalism oriented' types did not pay much attention to one's growth of technical career but emphasized salary, welfare benefits and job promotion as the most important factors in happiness at work. Today, extraordinary SW developers are a key factor to acquire industrial competitiveness. Nations and corporations should prepare realistic ways to promote overall happiness at work by accurately understanding the varying characteristics and predisposition of domestic ICT personnel. In Korea, it is found that there is a shortage of 'genuinely technology and task-immersion oriented' SW developers. In order to secure national and industrial competitiveness in the era of the Fourth Industrial Revolution, creation of work ecosystem to promote high levels of happiness at work is required to secure quality software production and pride as an ICT professional.

• Korean Journal of Environment and Ecology
• /
• v.35 no.2
• /
• pp.193-203
• /
• 2021

As endangered species are gradually increasing due to land development by humans, it is essential to secure sufficient protected areas (PAs) proactively. Therefore, this study checked priority conservation areas to select candidate PAs when considering the impact of land development. We determined the conservation priorities by analyzing four scenarios based on existing conservation areas and reflecting the development impact using MARXAN, the decision-making support software for the conservation plan. The development impact was derived using the developed area ratio, population density, road network system, and traffic volume. The conservation areas of endangered species were derived using the data of the appearance points of birds, mammals, and herptiles from the 3rd National Ecosystem Survey. These two factors were used as input data to map conservation priority areas with the machine learning-based optimization methodology. The result identified many non-PAs areas that were expected to play an important role conserving endangered species. When considering the land development impact, it was found that the areas with priority for conservation were fragmented. Even when both the development impact and existing PAs were considered, the priority was higher in areas from the current PAs because many road developments had already been completed around the current PAs. Therefore, it is necessary to consider areas other than the current PAs to protect endangered species and seek alternative measures to fragmented conservation priority areas.