• Journal of Internet Computing and Services
• /
• v.8 no.4
• /
• pp.119-128
• /
• 2007

In this paper, We study on the Data Quality Model of ISO/IEC 25012 among the Software product Quality Requirements and Evaluation(SQuaRE) in ISO/IEC 25000 Series. Because of the increasing data, user require the accuracy data, recent data, suitable data for used tools, complied security and not open to be public. We research the data quality management in the point of application of be affect influenced low quality in business. We propose the testing items and we propose the method of the evaluation proposed testing items. We study on the basis international Standards ISO/IEC 25012 and ISO/IEC 9126-2 and we proposed the testing method quantitatively on the basis of ISO/IEC 25000.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.803-810
• /
• 2017

Recently, social security problems have been caused by the development of the software industry, and a variety of automation techniques have been used to verify software stability. In this paper, we propose a method of automatically detecting a use-after-free vulnerability on Windows system calls using dynamic symbolic execution, one of the software testing methods. First, a static analysis based pattern search is performed to select a target point. Based on the detected pattern points, we apply an induced path search technique that blocks branching to areas outside of interest. Through this, we overcome limitations of existing dynamic symbolic performance technology and verify whether vulnerability exists at actual target point. As a result of applying the proposed method to the Windows system call, it is confirmed that the use-after-free vulnerability, which had previously to be manually analyzed, can be detected by the proposed automation technique.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.7-13
• /
• 2007

Finite failure NHPP models presented in the literature exhibit either constant, monotonic increasing or monotonic decreasing failure occurrence rates per fault. Accurate predictions of software release times, and estimation of the reliability and availability of a software product require quantification of a critical element of the software testing process : test coverage. This model called Enhanced non-homogeneous poission process (ENHPP). In this paper, exponential coverage and S-shaped model was reviewed, proposes the superposition model, which maked out efficiency application for software reliability. Algorithm to estimate the parameters used to maximum likelihood estimator and bisection method, model selection based on SSE statistics for the sake of efficient model, was employed.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.115-120
• /
• 2008

Accurate predictions of software release times, and estimation of the reliability and availability of a software product require quantification of a critical element of the software testing process： Change-point problem. In this paper, exponential (Goel-Okumoto) model was reviewed, proposes the percentile change-point problem, which maked out efficiency application for software reliability. Algorithm to estimate the parameters used to maximum likelihood estimator and bisection method, model selection based on SSE statistics, for the sake of efficient model, was employed. Using NTDS data, The numerical example of percentilechange-point problemi s presented.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.181-184
• /
• 2018

최근 주목 받고 있는 소프트웨어 정의 네트워크(SDN: Software-Defined Networks)는 기존 네트워크 운용의 비효율성과 복잡성을 근본적으로 해결하기 위해 등장한 개방형 네트워크 인프라이다. SDN 시스템이 점차 상용화, 개방화 되는 시점에서, 내재되어있는 보안적 위협을 줄이기 위하여 효율적이고 자동화된 취약점 탐지의 필요성이 대두되고 있다. 본 논문에서는 자동화된 소프트웨어 테스트 기법 중 하나인 퍼즈테스팅이 SDN에 적용되어야 할 이유를 살펴보고자 한다. 또한, 기존에 관련된 연구의 분석을 통해 현재 학계의 연구동향을 파악하고 앞으로의 연구 방향성을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.969-974
• /
• 2014

CC (Common Criteria) requires collecting vulnerability information and analyzing them by using penetration testing for evaluating IT security products. Under the time limited circumstance, developers cannot help but apply vulnerability analysis at random to the products. Without the systematic vulnerability analysis, it is inevitable to get the diverse vulnerability analysis results depending on competence in vulnerability analysis of developers. It causes that the security quality of the products are different despite of the same level of security assurance. It is even worse for the other IT products that are not obliged to get the CC evaluation to be applied the vulnerability analysis. This study describes not only how to apply vulnerability taxonomy to IT security vulnerability but also how to manage security quality of IT security products practically.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.8
• /
• pp.1989-2009
• /
• 2013

How to discover router vulnerabilities effectively and automatically is a critical problem to ensure network and information security. Previous research on router security is mostly about the technology of exploiting known flaws of routers. Fuzzing is a famous automated vulnerability finding technology; however, traditional Fuzzing tools are designed for testing network applications or other software. These tools are not or partly not suitable for testing routers. This paper designs a framework of discovering router protocol vulnerabilities, and proposes a mathematical model Two-stage Fuzzing Test Cases Generator(TFTCG) that improves previous methods to generate test cases. We have developed a tool called RPFuzzer based on TFTCG. RPFuzzer monitors routers by sending normal packets, keeping watch on CPU utilization and checking system logs, which can detect DoS, router reboot and so on. RPFuzzer' debugger based on modified Dynamips, which can record register values when an exception occurs. Finally, we experiment on the SNMP protocol, find 8 vulnerabilities, of which there are five unreleased vulnerabilities. The experiment has proved the effectiveness of RPFuzzer.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.85-92
• /
• 2012

There are many software reliability models that are based on the times of occurrences of errors in the debugging of software. It is shown that it is possible to do asymptotic likelihood inference for software reliability models based on infinite failure model and non-homogeneous Poisson Processes (NHPP). For someone making a decision about when to market software, the conditional failure rate is an important variables. The finite failure model are used in a wide variety of practical situations. Their use in characterization problems, detection of outliers, linear estimation, study of system reliability, life-testing, survival analysis, data compression and many other fields can be seen from the many study. Statistical Process Control (SPC) can monitor the forecasting of software failure and there by contribute significantly to the improvement of software reliability. Control charts are widely used for software process control in the software industry. In this paper, we proposed a control mechanism based on NHPP using mean value function of log Poission, log-linear and Parto distribution.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.709-722
• /
• 2022

The recent "Log4j Security Vulnerability Incident" has occurred, and the information system that uses the open source "Log4J" has been exposed to vulnerabilities. The incident brought great vulnerabilities in the information systems of South Korea's major government agencies or companies and global information systems, causing problems with open source vulnerabilities. Despite the advantages of many advantages, the current development paradigm, which is developed using open source, can easily spread software security vulnerabilities, ensuring open source safety and reliability. You need to check the open source. However, open source vulnerability scan tools have various languages and functions. Therefore, the existing software evaluation criteria are ambiguous and it is difficult to evaluate advantages and weaknesses, so this paper has developed a new evaluation criteria for the vulnerability analysis tools of open source

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.117-126
• /
• 2006

Bayesian inference and model selection method for software reliability growth models are studied. Software reliability growth models are used in testing stages of software development to model the error content and time intervals between software failures. In this paper, could avoid multiple integration using Gibbs sampling, which is a kind of Markov Chain Monte Carlo method to compute the posterior distribution. Bayesian inference for general order statistics models in software reliability with diffuse prior information and model selection method are studied. For model determination and selection, explored goodness of fit (the error sum of squares), trend tests. The methodology developed in this paper is exemplified with a software reliability random data set introduced by of Weibull distribution(shape 2 & scale 5) of Minitab (version 14) statistical package.