• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.81-87
• /
• 2015

Recently, with the development of the ICT environment, the use of the software is growing rapidly. And the number of the web server software used with a variety of users is also growing. However, There are also various damage cases increased due to a software security vulnerability as software usage is increasing. Especially web shell hacking which abuses software vulnerabilities accounts for a very high percentage. These web server environment damage can induce primary damage such like homepage modification for malware spreading and secondary damage such like privacy. Source code weaknesses checking system is needed during software development stage and operation stage in real-time to prevent software vulnerabilities. Also the system which can detect and determine web shell from checked code in real time is needed. Therefore, in this paper, we propose the system improving security for web server by detecting web shell attacks which are invisible to existing detection method such as Firewall, IDS/IPS, Web Firewall, Anti-Virus, etc. while satisfying existing secure coding guidelines from development stage to operation stage.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.5
• /
• pp.229-234
• /
• 2017

Because of the invisible nature of software and the bad coding habits (bad smell) of the existing developers, there are many redundant codes and unnecessary codes, which increases the complexity and makes it difficult to upgrade software. Therefore, it is required a code visualization so that developers can easily and automatically identify the complexity of the source code. To do this, it is necessary to construct SW visualization tool based on open source software and redefine the coupling and cohesion according to the object oriented viewpoint. Specially to identify a bad smell code pattern, we suggest how to plug-in diverse parsers within our tool. In this paper, through redefining coupling and cohesion from an object oriented perspective, we will extract bad smell code patterns within source code from inputting any pattern into the tool.

• Journal of Information Processing Systems
• /
• v.17 no.3
• /
• pp.537-555
• /
• 2021

Many researchers have carried out studies related to programming languages since the beginning of computer science. Besides programming with traditional programming languages (i.e., procedural, object-oriented, functional programming language, etc.), a new paradigm of programming is being carried out. It is programming with natural language. By programming with natural language, we expect that it will free our expressiveness in contrast to programming languages which have strong constraints in syntax. This paper surveys the approaches that generate source code automatically from a natural language description. We also categorize the approaches by their forms of input and output. Finally, we analyze the current trend of approaches and suggest the future direction of this research domain to improve automatic code generation with natural language. From the analysis, we state that researchers should work on customizing language models in the domain of source code and explore better representations of source code such as embedding techniques and pre-trained models which have been proved to work well on natural language processing tasks.

• Nuclear Engineering and Technology
• /
• v.52 no.7
• /
• pp.1597-1601
• /
• 2020

Background: Non-destructive evaluation of defects in metals or composites specimens is a regular method in radiographic imaging. The maintenance examination of metallic structures is a relatively difficult effort that requires robust techniques for use in industrial environments. Methods: In this research, iron plate, lead marker and tungsten defect with a 0.1 cm radius in spherical shape were separately simulated by MCNP code and SuperMC software. By ¹⁹²Ir radiation source, two exposures were considered to determine the depth of the actual defined defect in the software. Also by the code, displacement shift of the defect were computed derived from changing the source location along the x- or y-axis. Results: The computed defect depth was identified 0.71 cm in comparison to the actual one with accuracy of 13%. Meanwhile, the defect position was recognized by disorder and reduction in obtained gamma flux. The flux amount along the x-axis was approximately 0.5E+11 units greater than the y-axis. Conclusion: This study provides a method for detecting the depth and position of the defect in a particular sample by combining code and software simulators.

• Nuclear Engineering and Technology
• /
• v.47 no.2
• /
• pp.212-218
• /
• 2015

We describe a comparative analysis of different tools used to assess safety-critical software used in nuclear power plants. To enhance the credibility of safety assessments and to optimize safety justification costs, $Electricit{\acute{e}}$ de France (EDF) investigates the use of methods and tools for source code semantic analysis, to obtain indisputable evidence and help assessors focus on the most critical issues. EDF has been using the PolySpace tool for more than 10 years. Currently, new industrial tools based on the same formal approach, Abstract Interpretation, are available. Practical experimentation with these new tools shows that the precision obtained on one of our shutdown systems software packages is substantially improved. In the first part of this article, we present the analysis principles of the tools used in our experimentation. In the second part, we present the main characteristics of protection-system software, and why these characteristics are well adapted for the new analysis tools. In the last part, we present an overview of the results and the limitations of the tools.

• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.9
• /
• pp.349-354
• /
• 2019

s programming education becomes more important in recent years, it is necessary to learn how the source code written by students reflects Object-Oriented(OO) concepts. We present a tool called the Round-Trip Translator(RTT) that transforms the Unified Modeling Language(UML) class diagram and Java source code to provide a web-based environment that provides real-time synchronization of UML and source code. RTT was created by improving existing RTE and is a tool for students who are learning OO concepts to understand how their UML or source code reflects the concepts that user intended. This study compares the efficiency and user- friendliness of RTT with the existing Round-Trip Engineering-based tools. The results show that students have improved understanding of OO concepts through UML and source code translation by using the RTT. We also found out that students were satisfied with the use of the RTT, which provides more efficient and convenient user interface than the existing tools.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.147-155
• /
• 2010

It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.

• Journal of Multimedia Information System
• /
• v.4 no.4
• /
• pp.255-262
• /
• 2017

In recent software development, repetitive code fragments (i.e., clones) are common due to the copy-and-paste programming practice, the framework-based development, or the reuse of same design patterns. Such similar code fragments are likely to introduce more bugs but are easily disregarded by a code reviewer or a programmer. In this paper, we present a code review tool to help code reviewers identify important code changes written by other programmers and recommend which changes need to be reviewed first. Specifically, to identify important code changes, our approach detects code clones across revisions and investigates them. Then, to help a code reviewer, our approach ranks the identified changes in accordance with several software quality metrics and statistics on those clones and changes. Furthermore, our approach allows the code reviewer to express their preferences during code review time. As a result, the code reviewer who has little knowledge of a code base can reduce his or her effort by reviewing the most significant changes that require an instant attention. To evaluate our approach, we integrated our approach with a modern IDE (e.g., Eclipse) as a plugin and then analyzed two third-party open source projects. The experimental results indicate that our approach can improve code reviewer's productivity.

• The KIPS Transactions:PartD
• /
• v.11D no.4
• /
• pp.799-808
• /
• 2004

Well documented, simplified and clarified source code is required for the mission critical application software area in which C programing language is generally used. We suggest an XML_based comment management system for C source code. The comment management system is composed of 6 modules including comment user module, reviewer module, comment extraction module, comment traceability link module, comment tag definition module and storage management module. The XML comment tags defined in this paper cover categories of the development process activities applying the IEEE standard 1028 and IEEE standard 1012. The XML Schema Is used to insert comments into C source code and to extract XML tags from C source code and the XSL-FO is used fur the visual display professing o( comment extraction results.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.45-52
• /
• 2020

Traditional methods of detecting security vulnerabilities in source-code require a lot of time and effort. If there is good data, the issue could be solved by using the data with machine learning. Thus, this paper proposes a source-code vulnerability detection method based on machine learning. Our method employs the code2vec model that has been used to propose the names of methods, and uses as a data set, Juliet Test Suite that is a collection of common security vulnerabilities. The evaluation shows that our method has high precision of 97.3% and recall rates of 98.6%. And the result of detecting vulnerabilities in open source project shows hopeful potential. In addition, it is expected that further progress can be made through studies covering with vulnerabilities and languages not addressed here.