• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.79-86
• /
• 2016

Under the influence of software security-enhanced development guidelines announced in 2012, secure coding practices become widely applicable in developing information systems aiming to enhance security capabilities. Although continuous enhancement activities for code security is important, management issues for code security have been less addressed in the guidelines. This paper analyses limitation of secure coding practices from the viewpoint of quality management. In particular this paper suggests structures and the use of software metrics from coding to maintenance phases so that it can be of help in the future by extending the use of security metrics.

• Convergence Security Journal
• /
• v.14 no.1
• /
• pp.33-41
• /
• 2014

The purpose of this study is to establish the relationship of empowerment and organization attachment with the organization culture of security organization. This study is based by setting the security organization employed in security firms in the capital area(Seoul) in 2012 as the parent population and using the purposive sampling method to analyze a total amount of 280 examples. The frequency analysis, analysis on primary factors, reliability analysis, multiple regression analysis, path analysis methods using SPSSWIN 18.0 were used in analysis. The reliability of the survey showed a Cronbach's ${\alpha}$ value of over 0.690. The results are like the following. First, the organization culture of security organization affect empowerment. Thus, the more a practical development culture is settled, the more the capability of self-determinism, meaningfulness, and effect is amplified. Moreover, the more a consensual culture is established, the more the capability of self-determinism is enhanced, and the more a hierarchical culture is established, the more the meaningfulness is enhanced. Second, the organization culture of security organization affect organization attachment. Thus, the continuous normative attachment is enhanced when a more hierarchical culture is established. Moreover, emotional attachment is enhanced when a more practical development culture is established. Third, the empowerment of security organization affects organization attachment. Thus, the continuous normative attachment is decreased when one's capability of self-determinism is more lacking. However, the continuous normative attachment is higher when the meaningfulness and effect is enhanced. Moreover, emotional attachment is enhanced when meaningfulness is increased. Fourth, the organization culture of security organization directly/indirectly affects empowerment and organization attachment. Thus, empowerment is an important mediating factor between organization culture and organization attachment.

• 한국디지털정책학회:학술대회논문집
• /
• 2004.11a
• /
• pp.173-184
• /
• 2004

E-Government security is crucial to the development of e-government. Due to the complexity and characteristics of e-government security, the viable current approaches for security focus on preventing the network intrusion or misusing in advanced and seldom concern of the forensics data attaining for the investigation after the network attack or fraud. We discuss the method for resolving the problem of the e-government security from the different side of view - network forensics approaches? from the thinking of the active protection or defense for the e-government security, which can also improve the ability of emergence response and incident investigation for e-government security.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.3-9
• /
• 2015

A web application that allows a web service created by a internal developer who has security awareness show certain level of security. However, in the case of development by outsourcing, it is inevitable to implement the development centered on requested function rather than the issue of security. Thus in this paper, we improve the software testing process focusing on security for exclusion the leakage of important information and using an unauthorized service that results from the use of the vulnerable web application. The proposed model is able to consider security in the initial stage of development even when outsourced web application, especially, It can prevent the development schedule delay caused by the occurrence of modification for program created by programer who has low security awareness. This result shows that this model can be applied to the national defense area for increasing demand web application centered resource management system to be able to prevent service of web application with security vulnerability based on high test.

• Smart Media Journal
• /
• v.6 no.3
• /
• pp.29-40
• /
• 2017

Lately weight for smartphone mounted to function for NFC is increasing, rapidly. Because of this, NFC related technology is made by many companies. We developed Gallery-Auction for security enhancements and new services of NFC-based 2 factor electronic payment system. Enhanced security features development of user authentication module through fingerprint recognition to apply FIDO authentication technology and developed electronic contract voice service of Gallery-Auction using TTS(Text to Speech). Therefore we enhanced convenient and simple authentication method and security through NFC mobile electronic payment.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.101-109
• /
• 2017

The Internet of things is a system that connects and communicates all sorts of things such as people, objects, and data. It's to create and share information by its own each other. It can be used to enhance the function of private security and has brought about innovative development of private security. The Internet of things is a system that allows devices connected to the Internet to communicate independently of people-objects, objects-objects connected to the Internet. That and can be used in many industries, especially in the private security sector, its value is high. The use of the Internet of things to private security sector can reinforce security zones with always-on surveillance systems, also be enhanced by its own preparedness and response to the situation. However, this study will discusse the application and development of private security in the Internet of things. The practical application of the virtual space is an immediate task and it is also an essential factor in securing security.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.1
• /
• pp.9-19
• /
• 2011

Secure and efficient authentication schemes over insecure networks have been a very important issue with the rapid development of networking technologies. Wang et al. proposed a remote user authentication scheme using smart cards. However, recently, Chen et al. pointed out that their scheme is vulnerable to the impersonation attack and the parallel session attack, and they proposed an enhanced authentication scheme. Chen et al. claimed that their scheme is secure against the various attacks. However, we have found that their scheme cannot resist the parallel attack and the stolen smart card attack. Therefore, in this paper, we show the security flaws in Chen et al.'s scheme and propose an improved remote user authentication scheme using tamper-resistant smart cards to solve the problem of Chen et al.'s scheme. We also analyze our scheme in terms of security and performance.

• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.43-51
• /
• 2016

In the 1980s, private security was established in the framework of institutional framework with the Security Industry Act which was enacted in 1976. The agents who brought in the development of the private sector in 1980 enjoyed a boom in the global economy, affected by its high-flying dollar value, low international interest rate, low oil prices, and the blooming economy. In addition, the semiconductor, computers and communications equipment that was promoted in accordance with the e-Literacy plan were raised. Following the economic development of various events such as Seoul International Trade Fair, "86 Asian Games," and "88 Seoul Olympic Games," private security expenses were enhanced by increasing awareness of civilian expenses. Also, in the 1980s, Korean investment in foreign companies, including Japan's Secom, or Korean technology, brought many changes to the private security. Meanwhile, the cost of security, which has been centered around human expenses, has brought about the era of mechanized spending, or machine security expenses. The purpose of this study is to systematically analyze the social environment surrounding the private security in the 1980s and systematically analyze the important factors that contribute to private security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.973-983
• /
• 2019

The importance of information security has been increasingly emphasized at the national, organizational, and individual levels due to the widespread adoption of software applications. High-safety software, which includes embedded software, should run without errors, similar to software used in the airline and nuclear energy sectors. Software development techniques in the above sectors are now being used to improve software security in other fields. Secure coding, in particular, is a concept encompassing defensive programming and is capable of improving software security. In this paper, we propose a software security vulnerability detection method using an improved coding standard searching technique. Public static analysis tools were used to assess software security and to classify the commands that induce vulnerability. Software security can be enhanced by detecting Application Programming Interfaces (APIs) and patterns that can induce vulnerability.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.63-69
• /
• 2017

The middleware in the IoT system is software that acts as a messenger to connect and exchange data between humans and objects, objects and objects. IoT middleware exists in various forms in all areas, including hardware, protocol, and communication of different kinds, which are different in form and purpose. However, IoT middleware exists in various forms across different areas, including hardware, protocol, and communication of different types and purposes. Therefore, even if the system is designed differently for each role, it is necessary to strengthen the security in common. In this paper, we analyze the structure of IoT middleware using Service Oriented Architecture(SOA) approach and design system security requirements based on it. It was defined: Target Of Evaluation(TOE) existing system development method and the object is evaluated by Common Criteria(CC) for verification based otherwise. The proposed middleware system will be correlated with the security problem definition and the security purpose, which will be the basis for implementing the security enhanced IoT system.