• KIPS Transactions on Computer and Communication Systems
• /
• 제6권1호
• /
• pp.43-50
• /
• 2017

Use-After-Free security problem is rapidly growing in popularity, especially for attacking web browser, operating system kernel, local software. This security weakness is difficult to detect by conventional methods. And if local system or software has this security weakness, it cause internal security problem. In this paper, we study ways to remove this security weakness in software development by summarize the cause of the Use-After-Free security weakness and suggest ways to remove them.

• Journal of Information Technology Applications and Management
• /
• 제27권6호
• /
• pp.89-99
• /
• 2020

Cloud computing is rapidly increasing for achieving comfortable computing. Cloud computing has essentially security vulnerability of software and hardware. For achieving secure cloud computing, the vulnerabilities of cloud computing could be analyzed in a various and systematic approach from perspective of the service designer, service operator, the designer of cloud security and certifiers of cloud systems. The paper investigates the vulnerabilities and security controls from the perspective of administration, and systems. For achieving the secure operation of cloud computing, this paper analyzes technological security vulnerability, operational weakness and the security issues in an enterprise. Based on analysis, the paper suggests secure establishments for cloud computing.

• Journal of the Society of Disaster Information
• /
• 제5권1호
• /
• pp.142-158
• /
• 2009

The increasing number of crimes in rapidly changing modern society is enhancing people's desire for safety. As of 2008, 2,900 private security businesses with 133,000 employees operated in the private security industry which emerged in response to growing demands from society and people. Of the employees, bodyguards (hereinafter referred to as "private security guard") accounted for about 10% or 13,000. Most private security guards were suffering from various occupational diseases. Especially as they needed to guard their clients many hours a day and worked in a standing position for a long time, private security guards often complained of low back pain. Under the pain, they were hardly expected to perform their tasks efficiently. There are several causes of low back pain. The most prevalent cause is muscle weakness and imbalance around low back. Especially because private security work often requires security guards to maintain a standing position for a long time, many of them are suffering from low back pain. This study pursued the following purposes. First, it tried to identify the pathogenesis of low back pain caused by muscle weakness and imbalance around low back. Second, it tried to provide private security guards, who can hardly have personal time at work, with an easy method to prevent and manage low back pain any time by researching an effective therapy for low back pain caused by muscle weakness and imbalance around low back.

• Journal of the Korea Society of Computer and Information
• /
• 제23권12호
• /
• pp.89-94
• /
• 2018

In this paper, we implemented a static analysis tool for weakness. We implemented on JavaCC using syntax information and control flow information among various information. We also tested the performance of the tool using Juliet-test suite on Eclipse. We were classified using information necessary for diagnosis and diagnostic methods were studied and implemented. By mapping the information obtained at each compiler phase the security weakness, we expected to link the diagnostic method with the program analysis information to the security weakness. In the future, we will extend to implement diagnostic tools using other analysis information.

• Journal of Korea Multimedia Society
• /
• 제15권11호
• /
• pp.1349-1357
• /
• 2012

In recent years, security accidents which are becoming the socially hot issue not only cause financial damages but also raise outflow of private information. Most of the accidents have been immediately caused by the software weakness. Moreover, it is difficult for software today to assure reliability because they exchange data across the internet. In order to solve the software weakness, developing the secure software is the most effective way than to strengthen the security system for external environments. Therefore, suggests that the coding guide has emerged as a major security issue to eliminate vulnerabilities in the coding stage for the prevention of security accidents. Developers or administrators effectively in order to use secure coding coding secure full set of security weaknesses organized structurally and must be managed. And the constant need to update new information, but the existing Secure Coding and Security weakness is organized structurally do not. In this paper, we will define and introduce the structured weakness for mobile applications by the surveys of existing secure coding and coding rules for code analysis tools in Java.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제23권2호
• /
• pp.243-250
• /
• 2013

We have entered into an era of smart software system where the many kinds of embedded software, especially SCADA and Automotive software not only require high reliability and safety but also high-security. Removing software weakness during the software development lifecycle is very important because hackers exploit weaknesses which are source of software vulnerabilities when attacking a system. Therefore the coding rule as like core functions of MISRA-C should expand their coding focus on security. In this paper, we used CERT-C secure coding rules for nuclear-related software being developed to demonstrate high-safety software, and proposed how to remove software weakness during development.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제22권6호
• /
• pp.1407-1417
• /
• 2012

In order to protect a software system from security attacks, it is important to remove the software security weaknesses through the entire life cycle of software development. To remove the software weaknesses more effectively, software weaknesses are prioritized and sorted continuously. In this paper, we introduce the existing scoring systems for software weakness and software vulnerability, and propose a new quantitative standard for the scoring system, which helps evaluate the importance of software weakness objectively. We also demonstrate the practicability of the proposed standard by scoring 2011 CWE/SANS Top 25 list with the proposed standard and comparing it to the original score of MITRE.

• Proceedings of the KSRS Conference
• /
• 대한원격탐사학회 2004년도 Proceedings of ISRS 2004
• /
• pp.712-715
• /
• 2004

War game Simulation System is a simulation system of military operation. In order to ensure all of the data that are running are secure, this system has to emphasize the security policy. In this paper, we analyze the running environment and the weakness of the security about exiting system. For improving the weakness, we design and implement this security system that is consisted of three components: Authentication System, Encryption System and Network Security System. Therefore, we can apply War game Simulation System to security system and improve the secure performance of this one.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제20권6호
• /
• pp.53-57
• /
• 2010

Recently, Lee et al. proposed a delegation-based authentication protocol for secure and private roaming service in global mobility networks. In this paper, we show that the protocol cannot protect the privacy of an user even though the protocol provides the user anonymity. To prove the weakness, we show that the protocol cannot provide the unlinkability and also examine the weakness of the protocol caused by the lack of the unlinkability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제22권5호
• /
• pp.1179-1189
• /
• 2012

We propose an improvement on the Guideline of Secure Software Development for Korea e-Government that is under revision by the Ministry of Public Administration and Security in 2012. We adopted a rule-oriented organization instead shifting from the current weakness-oriented one. The correspondence between the weakness and coding rules is identified. Also, added is the coverage of diagnostic tools over the rules to facilitate the usage by programmers during coding period When the proposed guideline is applied to secure software development, the weakness would be controlled indirectly by enforcing coding rules. Programmers responsibility would be limited to the compliance of the rules, while the current version implies that it is programmers responsibility to guarantee being free from the weakness, which is hard to achieve at reasonable cost.