• Journal of Information Processing Systems
• /
• 제6권1호
• /
• pp.91-106
• /
• 2010

The rapid growth of communication and globalization has changed the software engineering process. Security has become a crucial component of any software system. However, software developers often lack the knowledge and skills needed to develop secure software. Clearly, the creation of secure software requires more than simply mandating the use of a secure software development lifecycle; the components produced by each stage of the lifecycle must be correctly implemented for the resulting system to achieve its intended goals. This study demonstrates that a more effective approach to the development of secure software can result from the integration of carefully selected security patterns into appropriate stages of the software development lifecycle to ensure that security designs are correctly implemented. The goal of this study is to provide developers with an Integrated Security Development Framework (ISDF) that can assist them in building more secure software.

• 한국CDE학회논문집
• /
• 제13권4호
• /
• pp.314-322
• /
• 2008

This paper introduces an integration of Product Data Management (PDM) and Software Configuration Management (SCM). PDM and SCM have supported development of mechanical products and software products respectively. The importance of software components in the current products increases rapidly since the software enables the products to satisfy various customer requirements efficiently. Therefore the current product development needs enhanced product data management that can control both the hardware and software data seamlessly. This paper proposes an extended product data model for integrating SCM into PDM. The extension enables PDM document management to support the version control for software development. It also enables engineers to control both the software and hardware parts as integrated data objects during product configuration and engineering change management. The proposed model is implemented by using a commercial Product Lifecycle Management (PLM) system and a development of a network based robot system is tested by the implemented product development environment.

• Nuclear Engineering and Technology
• /
• 제38권3호
• /
• pp.259-276
• /
• 2006

As the use of digital systems becomes more prevalent, adequate techniques for software specification and analysis have become increasingly important in nuclear power plant (NPP) safety-critical systems. Additionally, the importance of software verification and validation (V&V) based on adequate specification has received greater emphasis in view of improving software quality. For thorough V&V of safety-critical systems, V&V should be performed throughout the software lifecycle. However, systematic V&V is difficult as it involves many manual-oriented tasks. Tool support is needed in order to more conveniently perform software V&V. In response, we developed four kinds of computer aided software engineering (CASE) tools to support system specification for a formal-based analysis according to the software lifecycle. In this work, we achieved optimized integration of each tool. The toolset, NuSEE, is an integrated environment for software specification and V&V for PLC based safety-critical systems. In accordance with the software lifecycle, NuSEE consists of NuSISRT for the concept phase, NuSRS for the requirements phase, NuSDS for the design phase and NuSCM for configuration management. It is believed that after further development our integrated environment will be a unique and promising software specification and analysis toolset that will support the entire software lifecycle for the development of PLC based NPP safety-critical systems.

• 정보보호학회논문지
• /
• 제24권1호
• /
• pp.171-182
• /
• 2014

CC는 평가보증등급에 따라 정보보호제품의 보안취약점을 최소화할 수 있도록 지원하는 제도이다. 소프트웨어 개발보안은 소프트웨어의 개발 생명주기에서 보안취약점을 발생시킬 수 있는 보안약점을 제거하는 방법이다. 하지만 CC는 정보보호제품이 인증된 시점 이전의 보안취약점에 대해선 고려하지만 인증된 시점 이후에 발생할 수 있는 새로운 보안취약점에 대해서 고려하지 않기 때문에 정보보호제품의 안전성과 신뢰성에 대한 문제가 발생할 수 있다. 또한, 국가 및 공공기관의 정보화사업에 도입되는 정보보호제품은 CC와 소프트웨어 개발보안을 모두 만족시켜야 되기 때문에 개발자, 평가자에게 부담이 된다. 따라서 본 논문은 CC에서 소프트웨어 개발보안을 활용해야하는 당위성을 검증하기 위해 CC와 소프트웨어 개발보안이 제거할 수 있는 보안약점 및 보안취약점의 상관관계를 비교하였다. 또한, CC에서 소프트웨어 개발보안을 활용하기 위한 평가방법을 제안하여 정보보호제품의 안전성과 신뢰성을 극대화하고 개발자와 평가자의 부담을 최소화하였다.

• International journal of advanced smart convergence
• /
• 제12권2호
• /
• pp.187-192
• /
• 2023

Currently, our society is showing many changes due to the influence of information and communication technology (ICT). At the center of these information and communication technologies are software, intelligence, and sensing technologies. The software-related industry is steadily developing due to various software development policies implemented by the government and related organizations. Software development is desirable, but on the other hand, some negative aspects are also appearing. In this study, we proposed an objective way to infer the progress of software development for reasonable resolution of cases when a dispute related to the progress of development occurred during the software development process. The proposed solution was based on the waterfall model. The outputs generated in each process of the waterfall model are contents excluded from subjectivity. Therefore, it can be used as an objective method for calculating software development progress.

• 정보처리학회논문지D
• /
• 제15D권4호
• /
• pp.523-530
• /
• 2008

소프트웨어 개발 시, 생명주기의 프로세스 개선에 저해 요인이 되는 결함이 다수 존재한다. 생명주기의 저해 요인을 제거하고 동시에 체계적으로 이를 관리하기 위하여 본 논문에서는 위험요소의 관리방안을 제안한다. 유사한 프로젝트를 수행 시 영역 전문가의 지식을 활용한 결함요소의 상태전이를 관리하여 발생되는 문제점을 예측, 대비할 수 있게 하여, 소프트웨어 프로세스를 개선할 수 있다. 본 연구에서는 소프트웨어 개발시 발생하는 위험요소 관리에 대한 결함의 전이를 찾아내고, 예방 및 원인을 식별하고자 한다. 또한 이를 정량화 하여 전이단계를 제시한다.

• International journal of advanced smart convergence
• /
• 제9권4호
• /
• pp.167-172
• /
• 2020

In the 4th industrial revolution, there are many projects for diverse software applications of smart city environments. Most of the stakeholders focus on considering software quality for their developed software. Nobody doesn't guarantee requirement satisfaction after complete development. At this time, we can only work on user acceptance testing for requirement satisfaction on frequently changing requirements. Why keeps the requirement traceability? This traceability is to identify risks related to requirements, to assure correct software development based on customer requirements. To solve this, we are researching how to implement requirement traceability across each artifact's relationship to each activity of a whole development lifecycle.

• 인터넷정보학회논문지
• /
• 제5권4호
• /
• pp.95-113
• /
• 2004

RUP(Rational Unified Process) 객체 지향적이며 사용사례 및 아키텍처 중심의 반복적인 개발방법론이다. 이전에 수행된 대부분 공공분야의 대규모 소프트웨어 개발은 폭포수형 개발 프로세스를 적용하였으나 최근에는 소프트웨어 개발에 따른 위험을 최소화 하고 품질을 향상하기 위하여 RUP와 같은 반복 개발방법의 적용을 시도하고 있다. 그러나 대규모 복합 체계의 개발 프로세스와 그 일부인 소프트웨어 개발 프로세스로서 RUP를 적용한 국내의 연구 자료는 미흡한 실정이다. 본 논문에서는 RUP를 기반으로 복합 체계의 일부인 소프트웨어를 개발하는 프로세스를 고찰하고자 한다. 이를 위하여 국내 CIS 소프트웨어 개발 사례를 통하여 체계개발 프로세스와 통합된 RUP프로세스를 제시하고 기존의 폭포수형 프로세스 및 RUP와 비교 경가론 한다. 된 논문의 연구결과는 공공기관에서 대규모 복합체계의 소프트웨어를 개발하는 경우에 RUP 기반 프로세스의 조정, 개발관리에 있어서 위헌의 최소화와 최종 제품의 품질향상에 기여한 것으로 믿는다.

• Journal of information and communication convergence engineering
• /
• 제4권1호
• /
• pp.23-27
• /
• 2006

The discipline of software performance is very broad; it influences all aspects of the software development lifecycle, including architecture, design, deployment, integration, management, evolution and servicing. Thus, the complexity of software is an important aspect of development and maintenance activities. Much research has been dedicated to defining different software measures that capture what software complexity is. In most cases, the description of complexity is given to humans in forms of numbers. These quantitative measures reflect human-seen complexity with different levels of success. Software complexity growth has been recognized to be beyond human control. In this paper, we have focused our discussion on the increasing software complexity and the issue with the problems being faced in managing this complexity. This increasing complexity in turn affects the software productivity, which is declining with increase in its complexity.

• Journal of Information Processing Systems
• /
• 제9권1호
• /
• pp.69-88
• /
• 2013

Agile methods are highly attractive for small projects, but no agile method works well as a standalone system. Therefore, some adaption or customization is always required. In this paper, the Agile Framework for Small Projects (AFSP) was applied to four industry cases. The AFSP provides a structured way for software organizations to adopt agile practices and evaluate the results. The framework includes an extended Scrum process and agile practices, which are based on agility and critical success factors in agile software projects that are selected from Scrum, XP, FDD, DSDM and Crystal Clear. AFSP also helps software managers and developers effectively use agile engineering techniques throughout the software development lifecycle. The case study projects were evaluated on the basis of risk-based agility factors, the agility of the adopted practices, agile adoption levels, and the degree of the agile project success. The analysis of the results showed that the framework used in the aforementioned cases was effective.