• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.42 no.5
• /
• pp.398-405
• /
• 2014

Recently the embedded software has been widely applied to the safety-critical systems in aviation and defense industries, therefore, the higher level of reliability, availability and fault tolerance has become a key factor for its implementation into the systems. The integrity of the software can be verified using the static analysis tools. And recent developed static analysis tool can evaluate code integrity through the mathematical analysis method. In this paper we detect the autocode error and violation of coding rules using the formal verification tool, Polyspace(R). And the fundamental errors on the flight control law model have been detected and corrected using the formal verification results. As a result of verification process, FBW helicopter control law autocode can ensure code integrity.

• Journal of Korea Multimedia Society
• /
• v.8 no.7
• /
• pp.988-999
• /
• 2005

As the Internet continues to have the commercial trade changed, the method of payment is one of critical components to conduct successful businesses through the internet. An electronic cash has all of the characteristics of a traditional commodity cash and ensures the security for all transactions. Accordingly an internet billing system based on the electronic cash is expected as the secure and efficient payment method for the future electronic commerces. The digital contents such as digital merchandise and services have the characteristic that both the delivery of merchandise and the payment of money can be accomplished on the same network and are helpful to idealize the design of the electronic commerce system. In this paper, Anonymity got to be possible by using a virtual ID in the process of payment, the payment steps were decreased by being processed on the same network, and the efficiency and the security were guaranteed by decreasing the frequency of the coding and communication.

• Journal of KIISE:Software and Applications
• /
• v.37 no.10
• /
• pp.773-778
• /
• 2010

OWASP announced most of vulnerabilities result from the data injection by user in 2010 after 2007. Because the contaminated input data is determined at runtime, those data should be checked dynamically. To analyze data and its flow at runtime, dynamic analysis method usually inserts instrument into source code. Intermediate code insertion makes it difficult to manage and extend the code so that the instrument code would be spreaded out according to increase of analysis coverage and volume of code under analysis. In addition, the coupling gets strong between instrument modules and target modules. Therefore developers will struggle against modify or extend the analysis code as instrument. To solve these problem, this paper defines vulnerabilities as a concern using AOP, and suggest the flexible and extensible analysis method to insertion and deletion without increase of coupling.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.961-974
• /
• 2015

With the advancement of SIEM from ESM, it allows deep correlated analysis using huge amount of data. By collecting software's vulnerabilities from assessment with certain classification measures (e.g., CWE), it can improve detection rate effectively, and respond to software's vulnerabilities by analyzing big data. In the phase of monitoring and vulnerability diagnosis Process, it not only detects predefined threats, but also vulnerabilities of software in each resources could promptly be applied by sharing CCE, CPE, CVE and CVSS information. This abstract proposes a model for effective detection and response of software vulnerabilities and describes effective outcomes of the model application.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.115-122
• /
• 2012

As the most common application development of software development time, error-free quality, adaptability to frequent maintenance, such as the need for large and complex software challenges have been raised. When developing web applications to respond to software reusability, reliability, scalability, simplicity, these quality issues do not take into account such aspects traditionally. In this situation, the traditional development methodology to solve the same quality because it has limited development of new methodologies is needed. Quality of applications the application logic, data, and architecture in the entire area as a separate methodology can achieve your goals if you do not respond. In this study secure coding, the big issue, web application factors to deal with security vulnerabilities, web application architecture, design procedure is proposed. This proposal is based on a series of ISO/IEC9000, a web application architecture design process.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.945-950
• /
• 2017

Due to the vulnerability of the software, there is a hacking attack on the country's cyber infrastructure and real financial assets. Software is an integral part of the operating system and execution system that controls and operates Internet information provision, cyber financial settlement and cyber infrastructures. Analyzing these software vulnerabilities and enhancing security will enhance the security of cyber infrastructures and enhance the security of actual life in the actual country and people. Software development security system analysis and software development Security diagnosis analysis and research for enhancing security of software vulnerability. In addition, we will develop a textbook for the training of software vulnerability diagnosis and maintenance education, develop pilot test problems, pilot test of diagnostic staff, The purpose of this study is to enhance the software security of the cyber infrastructures of national and national life by presenting curriculum and diagnosis guide to train the software vulnerability examiner.

• KIISE Transactions on Computing Practices
• /
• v.21 no.2
• /
• pp.115-120
• /
• 2015

The Testing Frontier Capability Assessment Model (TCAM) is based on ISO/IEC 9126, TMMi and TPI. Since ISO/IEC 9126, TMMi and TPI were made over 10 years ago, TCAM faces the problem that it can not assess and analyze the capability of small businesses that employ new software development methods or processes, for example Agile, TDD(Test Driven Development), App software, and Web Software. In this paper, a method to improve the problem is proposed. The paper is composed of the following sections: 1) ISO/IEC 9126, ISO/IEC 25010 and ISO/IEC/IEEE 29119 part 2 review 2) TCAM review 3) software product quality perspective comparison, and analysis between ISO/IEC 9126, ISO/IEC 25010 and TCAM 4) comparison, and analysis between ISO/IEC/IEEE 29119 part2 and TCAM and 5) proposal for the improvement of TCAM.

• Journal of KIISE
• /
• v.42 no.7
• /
• pp.860-867
• /
• 2015

In the defense field, weapon systems are increasing in importance, as well as the weight of the weapon system embedded software development as an advanced technology. As the development of a network-centric warfare has become important to secure the reliability and quality of embedded software in modern weapons systems in battlefield situations. Also, embedded software problems are transferred to the production stage in the development phase and the problem gives rise to an enormous loss at the national level. Furthermore, development companies have not systematically constructed a software reliability test. This study suggests that approaches about a qualityverification- system establishment of embedded software, based on a variety of source code reliability test verification case analysis.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.3
• /
• pp.307-320
• /
• 2002

Electronic commerce creates serious problems for tax administration because of difficulties associated with the identification of traders, coding of trade activities and so on. The core issue with respect to resolving tax-related problems in electronic commerce is first, the identification of individual transactions through internet and their contents as well as traders. Secondly, it is the ability of tax authorities to secure effectively such data and information as identifying taxpayers, taxable amount and tax evasion on time. The tax authorities are studying the way to resolve tax evasion associated with electronic commerce by using payment system. Above of all, it is imperative to establish a systematic international cooperation in collecting value added taxes for electronic commerce. In order to enhance the effectiveness of tax system, the authorities of different nations should make joint efforts to collect taxes by exchanging such information as identification and registration of business as well as details of transactions among nations of production and consumption.

• Journal of Software Engineering Society
• /
• v.28 no.1
• /
• pp.13-22
• /
• 2019

To enhance effective and efficient applications of automated security vulnerability checkers in highly competitive and fast-evolving IT industry, this paper studies a comprehensive set of security bug checkers in open-source static analysis frameworks and how they can be utilized for source code inspections according to the security vulnerability inspection guidelines by MOIS. This paper clarifies the relationship be tween all 42 inspection criteria in the MOIS guideline and total 323 security bug checkers in 4 popular open-source static analysis frameworks for Java web applications. Based on the result, this paper also discuss the current challenges and issues in the MOIS guideline, the comparison among the four security bug checker frameworks, and also the ideas to improve the security inspection methodologies using the MOIS guideline and open-source static security bug checkers.