• Proceedings of the KSR Conference
• /
• 2010.06a
• /
• pp.838-849
• /
• 2010

It is inevitable to control the systematic failure to obtain the software safety integrity of embedded software installed in rolling stock. Because it is not possible to assess systematic failure integrity by quantitative methods, SILs are used to group documentation, methods, tools and techniques throughout software development lifecycle which, when used effectively, are considered to provide an appropriate level of confidence in the realization of a system to a stated integrity level. Normally, safety approval process is through generic product, generic application and specification application for. For safety approval on generic application of software based system, it is required to apply the certified software processes from the planning stage for the assigned SIL. As such, we will develop project specific application with high safety integrity within time limit of contractual delivery schedule through software assessment to the modified area with the re-use of certified software module and documentation. At this point, Hyundai Rotem has developed software processes applicable to support SIL 4 based on EN50128 which was assessed and certified by TUV SUD. This paper introduces the Hyundai Rotem's detailed approach and prospective action to achieve software safety integrity level.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1159-1168
• /
• 2012

Control Flow Integrity(CFI) and Control Flow Locking(CFL) prevent unintended execution of software and provide integrity in control flow. Attackers, however, can still hijack program controls since CFI and CFL does not support fine-granularity, context-sensitive protection. In this paper, we propose a new CFI scheme, Source-code CFI(SCFI), to overcome the problems. SCFI provides context-sensitive locking for control flow. Thus, the proposed approach protects software against the attacks on the previous CFI and CFL schemes and improves safety.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.396-413
• /
• 2017

Dynamically checking the integrity of software at run-time is always a hot and difficult spot for trusted computing. Control-flow integrity is a basic and important safety property of software integrity. Many classic and emerging security attacks who introduce illegal control-flow to applications can cause unpredictable behaviors of computer-based systems. In this paper, we present a software-based approach to checking violation of control flow integrity at run-time. This paper proposes a high-performance and low-overhead software control flow checking solution, control flow checking at virtual edges (CFCVE). CFCVE assigns a unique signature to each basic block and then inserts a virtual vertex into each edge at compile time. This together with insertion of signature updating instructions and checking instructions into corresponding vertexes and virtual vertexes. Control flow faults can be detected by comparing the run-time signature with the saved one at compile time. Our experimental results show that CFCVE incurs only 10.61% performance overhead on average for several C benchmark programs and the average undetected error rate is only 9.29%. Compared with previous techniques, CFCVE has the characteristics of both high fault coverage and low memory and performance overhead.

• Journal of the Institute of Convergence Signal Processing
• /
• v.13 no.4
• /
• pp.211-219
• /
• 2012

In this paper, we described the software development for verifying the integrity of output data of TCP/IP for VLBI Correlation Subsystem (VCS) correlation block and proposed the performance improvement method in order to prevent the data loss of correlation output. The VCS correlation results are saved at the Data Archive system through TCP/IP packet transmission. In this paper, the integrity verification software is developed so as to confirm the integrity of correlation result saved at the data archive system using TCP/IP packet information of VCS. The 3-step integrity verification process is proposed by using the developed software, its effectiveness was confirmed in consequence of correlation experiments. In addition, TCP/IP packet transmission must be completed within minimum integration period. However, there is not only TCP/IP packet loss occurred but also the problem of correlation result integrity affected in account of a large quantity of packets and data during short integration time. In this paper, the reason of TCP/IP packet loss is analyzed and the modified methods for FPGA(Field Programmable Gate Array) of VCS are proposed, the integrity problem of correlation results will be solved.

• Journal of Navigation and Port Research
• /
• v.33 no.6
• /
• pp.395-400
• /
• 2009

In order to prepare for the DGNSS recapitalization and implementation of the functions for software based reference station and integrity monitor (RSIM) system, this paper proposes a design of integrity monitor functions of maritime differential GPS RSIM. The most critical functions of the integrity monitor (IM) are to generate and send flags to the reference station (RS) along with system feedback. Firstly, it presents the architecture of software based RSIM, and analyzes the performance standard of integrity monitor for maritime DGPS reference station This paper then designs the functions of integrity monitor for DGPS reference station based on the performance standard. Finally, this paper presents the results of performance analysis for the functionality of integrity monitor using the GNSS simulator. it discusses the study method and its application for the system implementation.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.7
• /
• pp.49-56
• /
• 2015

In this paper, we introduce recent cloud system security technologies categorizing them according to Reliability, Availability, Serviceability, Integrity, and Security (RASIS), terms that evaluate robustness of the computer system. Then we describe examples of security attacks and corresponding security technologies for each of them. We introduce security technologies based on Software Defined Network (SDN) for Reliability, security technologies based on hypervisor and virtualization for Availability, disaster restoration systems for Serviceability, authorization and access control technologies for Integrity, and encryption algorithms for Security. We believe that this paper provide wise view and necessary information for recent cloud system security technologies.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.193-201
• /
• 2023

Abstraction is the cornerstone of ideal software engineering (SWE). This paper discusses a problem of forming reasonable generalizations, representations and descriptions in various software development processes through the prism of poor-quality (rash, unconsidered, uncertain and harmful) abstractions. To do this, emphasis is made on an induced strategic connection between the required abstraction and its compact specific formulation based on existing research and the author's introspective experience. A software aim point and characteristic preservation of the solution integrity is the subject of the best formulation and a program module or code associated with it. Moreover, a personal attitude expressed by personal interest, motivation and creativity, is proclaimed to be a fundamental factor in successful software development.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.987-997
• /
• 2012

A Point-of-Sales (POS) terminal manages the selling process by a salesperson accessible interface in real time. Using a POS system makes a business and customer management much more efficient. For these reasons, many store install POS terminal and used it. But it has many problem that stealing personal information by hacking and insider corruption. Because POS system stored payment information like that sales information, card valid period, and password. In this paper, I proposed software integrity verification technique in POS system based on White list. This method can prevent accidents that personal information leak by hacking and POS system forge and falsification. This proposed method provides software integrity, so it can prevent inside and outside threats in advance.

• Journal of the Korean Society of Safety
• /
• v.17 no.3
• /
• pp.66-72
• /
• 2002

During the last ten years, effort has been made for reducing maintenance cost for aged equipments and ensuring safety, efficiency and profitability of petrochemical and refinery plants. Hence, it was required to develop advanced methods which meet this need. RBI(Risk Based Inspection) methodology is one of the most promising technology satisfying the requirements in the field of integrity management. In this study, a qualitative assessment algorithm for RBI based on the API 581 code was reconstructed for developing an RBI software. The user-friendly realRBI software is developed with a module for evaluating qualitative risk category using the potential consequence factor and the likelihood factor.

• Journal of Software Assessment and Valuation
• /
• v.15 no.2
• /
• pp.9-16
• /
• 2019

More than 25% of software copyright evaluations commissioned to the Korea Copyright Commission are software completeness-defective evaluations. Most of the existing software completeness-defective evaluation cases were made to ensure that the requirements contained in the contract or customer's desired requirements were implemented and able to run, limited to the functionality of the software. This paper proposes a more systematic and reasonable maturity-correction technique to meet software completeness definitions. The ISO / IEC 9241.10 standard is a design standard for improving software quality. The ISO / IEC 9241.10 standard specifies seven items that must be complied with and requires functional integrity for work and operational integrity for work efficiency. The software completeness-defective methodology presented in this paper complements the existing function's implementation-functioning methodology with completeness evaluation on the quality of software.