• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.518-521
• /
• 2014

최근 개인정보 유출 등으로 인해 정보시스템의 보안약점 및 소스코드 품질에 대한 관심이 높으며, 특히 개인자산과도 관련된 금융 정보 시스템의 경우에는 더욱 높다. 해당 시스템의 보안성 강화를 위해서는 개발단계에서부터 보안취약점과 코드의 품질을 높일 수 있는 정적분석 기반의 진단도구 활용이 중요하다. 많은 분야에서 진단도구의 활용이 이루어지고 있지만 금융 정보시스템의 경우 다른 SW 와 특성이 다르기 때문에 추가적인 진단규칙이 반영된 진단도구의 활용이 필요하다. 본 논문은 여러 진단도구 중 전자정부개발에 사용하고, 비교적 진단규칙 추가가 용이한 PMD 에 추가 진단규칙을 반영한 후 생명보험 정보시스템에 적용하고 이에 대한 PMD 검출 계수를 분석한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.534-536
• /
• 2015

소프트웨어 산업의 발전에 따라 개발 수요의 충족 및 개발 효율성의 증대를 위해 다양한 개발 방법론과 개발 지원 도구들이 등장해 왔다. 그러나 데이터베이스 응용 소프트웨어(Database Application Software, DB-App)의 개발이 활발함에도 불구하고, 해당 분야 개발의 효율을 도모하는 방안에 관한 연구는 미비한 실정이다. DB-App의 소스 코드(Source code)에는 쿼리(Query)문이 빈번하게 사용되지만 작성 과정에서 오류가 발생하기가 쉽고 관리에 대한 어려움이 있다. 이는 개발 효율을 저하시켜 비용을 증가시키는 요인이 된다. 본 논문에서는 다양한 데이터베이스와 프로그래밍 언어로 개발되는 DB-App 개발을 지원하기 위한 방법을 기술하였으며, 사용자의 설정에 따라 쿼리문을 포함한 소스 코드를 생성하는 도구를 설계하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.3
• /
• pp.27-34
• /
• 2004

As software developing paradigm has been changing to complicate Web environment, study of complexity becomes vigorous. Yet still it seems that general agreement has not to be reached to architecture or complexity measure of Web application. And so traditional complexity metrics - program size(LOC) and Cyclomatic Complexity can be derived from the source code after implementation. it is not helpful to the early phase of software development life cycle - analysis and design phase. In this study 6 Web projects has been used for deriving applications with possible errors suited by Complexity Indicator. Using 61 programs derived, linear correlation between complexity, number of classes and number of methods has been proposed. As Web application complexity could be estimated before implementation, effort and cost management will be processed more effectively.

• The KIPS Transactions:PartD
• /
• v.16D no.6
• /
• pp.871-880
• /
• 2009

Along with the complexity and size growth of embedded software, it is critical to meet the nonfunctional requirements such as power consumption as well as functional requirements such as correctness. This paper, apart from the existing studies of source code-based power analysis, proposes an approach of model-based power analysis using UML 2.0. Specially, we focus on the development of energy library to analyze the power consumption of embedded software. Our energy library supports model-based power analysis, and also supports the easy adaption for the change of embedded application.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.309-320
• /
• 2019

Blockchain has been developed as a key technology for many cryptocurrency systems such as Bitcoin. These days, blockchain technology attracts many people to adopt it to various fields beyond cryptocurrency systems for their information sharing and processing. However, with the development and increasing adoption of the blockchain, security incidents frequently happen in the blockchain systems due to their implementation flaws. In order to solve this problem, in this paper, we analyze the software vulnerabilities of Bitcoin and Ethereum, which are the most widely used blockchain applications in real world. For that purpose, we conduct an in-depth analysis of source code of them to detect software vulnerabilities, and examine an OS command injection attack exploiting the detected ones.

• Nuclear Engineering and Technology
• /
• v.51 no.7
• /
• pp.1776-1783
• /
• 2019

To accurately analyze the accidents in nuclear reactors, a thermohydraulic-neutronic coupling calculation is required to solve fluid dynamics and nuclear reactor kinetics equations in fine cells simultaneously and evaluate the local effects of neutronic and thermohydraulic parameters on each other. In the present study, a 3D thermohydraulic-neutronic coupling model is developed, validated and then applied for Isfahan MNSR (Miniature Neutron Source reactor) safety analysis. The proposed model is developed using FLUENT software and user defined functions (UDF) are applied to simulate the neutronic behavior of MNSR. The validation of the proposed model is first evaluated using 1mk reactivity insertion experiment into Isfahan MNSR core. Then, the developed coupling code is applied for a design basis accident (DBA) scenario analysis with the insertion of maximum allowed cold core reactivity of 4 mk. The results show that the proposed model is able to predict the behavior of the reactor core under normal and accident conditions with a good accuracy.

• KIISE Transactions on Computing Practices
• /
• v.23 no.9
• /
• pp.535-541
• /
• 2017

Today, the scale of the computer software market has increased, and massive sized software has been developed to satisfy diverse requirements. In this context, software complexity is increasing and the quality of software is becoming more difficult to manage. In particular, software reuse is important for the improvement of the environments of legacy systems and new system development. In this paper, we propose a method to reuse modules that are certified by quality. Reusable levels are divided into code area (method, class, and component), project domain, and business levels. Based on the coupling and cohesion of software complexity, we propose a reusable module extraction mechanism with reusability metrics, which constructs a visualization of the "reusable module's chunk" based on the method and class levels. By applying reverse engineering to legacy projects, it is possible to identify reusable modules/objects/chunks. If these modules/objects/chunks are to be reused to develop an extension system or similar new system, we need to ensure software reliability in order to reduce the time and cost of software development.

• Journal of KIISE:Software and Applications
• /
• v.33 no.4
• /
• pp.388-401
• /
• 2006

A tool for analyzing and testing software in real-time is required for the efficient development of highly reliable real-time mobile embedded software This too] requires various technologies, such as source code based white-box test and real-time system monitoring and control. The tool also should be designed to improve reusability and portability by considering the interaction with other kinds of real-time system. This paper identifies and analyzes the functional requirements for the test tool on real-time mobile embedded software and suggests an adequate tool architecture based on the collected requirements. It also suggests the specific implementation technology and architecture design pattern to support the tool's expandability and portability.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.2
• /
• pp.133-140
• /
• 2020

The IISS(Integrated Interface Storage System) software uses communication methods such as DSS(Data Sharing Service), UDP to perform the function of sending all messages from the Combat Management System to the analytical computer. Because IISS software handles all message used in the Combat Management System, the source code is large and has a highly dependent feature on message changes. Modification of software is a task that requires a lot of labor, such as series of software reliability test. so research has been conducted to reduce software development costs, including minimizing software modifications. In this paper, We study the method of messages receiving and architectural structure improvement to minimize reliance on message changes in the Combat Management System and improve the modifiability. Reduced message dependency by changing the way DSS and UDP protocols are communicated to Packet Sniffing. In addition, Factory Method Pattern were applied to improve the software design. Test comparing existing software and development elements have confirmed that the software has improved its modifiability and reuse.

• Journal of KIISE:Software and Applications
• /
• v.37 no.10
• /
• pp.773-778
• /
• 2010

OWASP announced most of vulnerabilities result from the data injection by user in 2010 after 2007. Because the contaminated input data is determined at runtime, those data should be checked dynamically. To analyze data and its flow at runtime, dynamic analysis method usually inserts instrument into source code. Intermediate code insertion makes it difficult to manage and extend the code so that the instrument code would be spreaded out according to increase of analysis coverage and volume of code under analysis. In addition, the coupling gets strong between instrument modules and target modules. Therefore developers will struggle against modify or extend the analysis code as instrument. To solve these problem, this paper defines vulnerabilities as a concern using AOP, and suggest the flexible and extensible analysis method to insertion and deletion without increase of coupling.