• Journal of Information Technology Applications and Management
• /
• v.24 no.1
• /
• pp.25-32
• /
• 2017

For repairable software systems, the Mean Time Between Failure (MTBF) is used as a measure of software system stability. Therefore, the evaluation of software reliability requirements or reliability characteristics can be applied MTBF. In this paper, we want to compare MTBF in terms of parameter estimation using Makeham life distribution. The parameter estimates used the least square method which is regression analyzer method and the maximum likelihood method. As a result, the MTBF using the least square method shows a non-decreased pattern and case of the maximum likelihood method shows a non-increased form as the failure time increases. In comparison with the observed MTBF, MTBF using the maximum likelihood estimation is smallerd about difference of interval than the least square estimation which is regression analyzer method. Thus, In terms of MTBF, the maximum likelihood estimation has efficient than the regression analyzer method. In terms of coefficient of determination, the mean square error and mean error of prediction, the maximum likelihood method can be judged as an efficient method.

• The KIPS Transactions:PartD
• /
• v.8D no.6
• /
• pp.699-704
• /
• 2001

Developing a component-based software requires verified and standardized software components. This paper presents a component quality management (CQM) process. The process was developed and applied to the government-sponsored trial projects that developed software components. The process is composed of four phases：quality specification, quality planning, quality control, and quality evaluation. With this process, we can establish quality goals and focus our efforts on the activities to achieve the goals. A component quality model is also suggested to transform the implicit quality requirements into the measurable quality goals and to be used for the basis when we evaluate the quality of software components against the quality goals.

• Journal of KIISE:Software and Applications
• /
• v.29 no.12
• /
• pp.860-872
• /
• 2002

Fault tree analysis is the most widely used saftly analysis technique in industry. However, the analysis is often applied manually, and there is no systematic and automated approach available to validate the analysis result. In this paper, we demonstrate that a real-time model checker UPPAAL is useful in formally specifying the required behavior of safety-critical software and to validate the accuracy of manually constructed fault trees. Functional requirements for emergency shutdown software for a nuclear power plant, named Wolsung SDS2, are used as an example. Fault trees were initially developed by a group of graduate students who possess detailed knowledge of Wolsung SDS2 and are familiar with safety analysis techniques including fault tree analysis. Functional requirements were manually translated in timed automata format accepted by UPPAAL, and the model checking was applied using property specifications to evaluate the correctness of the fault trees. Our application demonstrated that UPPAAL was able to detect subtle flaws or ambiguities present in fault trees. Therefore, we conclude that the proposed approach is useful in augmenting fault tree analysis.

• Journal of Digital Convergence
• /
• v.15 no.5
• /
• pp.197-205
• /
• 2017

To achieve web application security goals effectively by providing web security features such as information leakage prevention, web application firewall system must be able to achieve the goal of enhancing web site security and providing secure services. Therefore, it is necessary to study the security evaluation of web application firewall system based on related standards. In this paper, we analyze the requirements of the base technology and security quality of web application firewall, and established the security evaluation criteria based on the international standards for software product evaluation. Through this study, it can be expected that the security quality level of the web application firewall system can be confirmed and the standard for enhancing the quality improvement can be secured. As a future research project, it is necessary to continuously upgrade evaluation standards according to international standards that are continuously changing.

• Journal of Electrical Engineering and Technology
• /
• v.12 no.2
• /
• pp.959-968
• /
• 2017

Electrical safety monitoring System (ESMS) is a critical component in modern power systems, which is characterized by large-scale access points, massive users and versatile requirements. For convenience of the information integration and analysis, the software development, maintenance, and application in the system, the cloud platform based ESMS is established and assessed in this paper. Firstly the framework of the system is proposed, and then the assessment scheme with a set of evaluation indices are presented, by which the appropriate cloud product can be chosen to meet the requirements of a specific application. Moreover, to calculate the weights of the evaluation indices under uncertainty, an improved interval AHP method is adopted to take into consideration of the fuzziness of expert scoring, the qualitative consistency test, and the two normalizations in the process of eigenvectors. Case studies have been made to verify the feasibility of the assessment approach for ESMS.

• Journal of Software Assessment and Valuation
• /
• v.8 no.2
• /
• pp.45-51
• /
• 2012

This paper is to identify and assess vulnerabilities of services considering the nature of service layers for analyzing vulnerability of SOA security. It is a model driven approach which provides the way to present security requirements of the business model and identify the vulnerabilities of the services to extract the secure service model. We validate the proposed method with the analytic evaluation because the predictive nature of our methodology poses some specific challenges for its validation.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.6
• /
• pp.95-105
• /
• 2008

Recently use of embedded software has been increased to different areas. The requirements and demands for the embedded software have also been altered. In the past, the embedded system was used in simple task and small portable devices but now, the usage of the embedded software has expanded to do much more complex and precise actions in a variety platform environment. The embedded software enables multiple softwares to be integrated into one and at the same time, control it. Currently the biggest challenges embedded software is facing during its development process is the improvement in product production and quality assurance. Our research team has developed an embedded software based on the component (technology or methodology) which both improves production capabilities as well as quality. Additionally, we also established and constructed a reliability test system which can effectively test the quality of the developed embedded software to further increase its competiveness.

• Journal of Applied Reliability
• /
• v.9 no.2
• /
• pp.107-119
• /
• 2009

Reliability tests should be designed to verify whether reliability requirements are satisfied or not effectively and efficiently. The portion of reliability requirements that a reliability test scheme composed of different types of tests can cover is defined as test coverage in software engineering. For the cases of hardwares, to be effective, a reliability test scheme should enhance the test coverage. This study is to develop an evaluation method of test coverage for a reliability test scheme proposed for new products. Case studies are also given.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.35-41
• /
• 2013

What is an alternative to medical information security of medical information more secure preservation and safety of various types of security threats should be taken, starting from the software design. Interspersed with medical information systems medical information to be able to integrate the real-time exchange of medical information must be reliable data communication. The software architecture design of medical information systems and sharing of medical information security issues and communication phase allows the user to identify the requirements reflected in the software design. Software framework design, message standard design, design a web-based inter-process communication procedures, access control algorithm design, architecture, writing descriptions, evaluation of various will procedure the establishing architecture. The initial decision is a software architecture design, development, testing, maintenance, ongoing impact. In addition, the project will be based on the decision in detail. Medical information security method based on the design software architecture of today's medical information security has become an important task of the framework will be able to provide.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.7
• /
• pp.3671-3689
• /
• 2019

Software defined networking brings unique security risks such as control plane saturation attack while enhancing the performance of wireless sensor networks. The attack is a new type of distributed denial of service (DDoS) attack, which is easy to launch. However, it is difficult to detect and hard to defend. In response to this, the attack threat model is discussed firstly, and then a DDoS attack prevention extension, called FuzzyGuard, is proposed. In FuzzyGuard, a control network with both the protection of data flow and the convergence of attack flow is constructed in the data plane by using the idea of independent routing control flow. Then, the attack detection is implemented by fuzzy inference method to output the current security state of the network. Different probabilistic suppression modes are adopted subsequently to deal with the attack flow to cost-effectively reduce the impact of the attack on the network. The prototype is implemented on SDN-WISE and the simulation experiment is carried out. The evaluation results show that FuzzyGuard could effectively protect the normal forwarding of data flow in the attacked state and has a good defensive effect on the control plane saturation attack with lower resource requirements.