• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.10
• /
• pp.831-840
• /
• 2013

Recently, to enhance the security of software, static analysis tools for removing weaknesses, the cause of vulnerability, have been used a lot in the software development stage. Therefore, the tools need to have the rules being able to diagnose various weaknesses. Top 5 weaknesses found in the software developed by major domestic information projects from 2011 to 2012 is 76% of top 10 weaknesses per year. Software security can be improved a lot if top 5 weaknesses just are removed properly in software development. In this paper, we propose the PMD's rules for diagnosing the major weaknesses and present the results of its performance test.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.557-564
• /
• 2019

As the number and type of software increases, those security vulnerabilities are also increasing. Various types of software may have multiple vulnerabilities and those vulnerabilities as they can cause irrecoverable significant damage must be detected and deleted quickly. Various studies have been carried out to detect the vulnerability of the current software, but it is slow, and prediction accuracy is low. Therefore, in this paper, we describe a method to efficiently predict software vulnerability by using neural network algorithm and compare prediction accuracy with conventional system using machine learning algorithm. As a result of the experiment, the prediction system proposed in this paper showed the highest prediction rate.

• International journal of advanced smart convergence
• /
• v.13 no.2
• /
• pp.48-60
• /
• 2024

With the exponential growth of satellite data utilization, machine learning has become pivotal in enhancing innovation and cybersecurity in satellite systems. This paper investigates the role of machine learning techniques in identifying and mitigating vulnerabilities and code smells within satellite software. We explore satellite system architecture and survey applications like vulnerability analysis, source code refactoring, and security flaw detection, emphasizing feature extraction methodologies such as Abstract Syntax Trees (AST) and Control Flow Graphs (CFG). We present practical examples of feature extraction and training models using machine learning techniques like Random Forests, Support Vector Machines, and Gradient Boosting. Additionally, we review open-access satellite datasets and address prevalent code smells through systematic refactoring solutions. By integrating continuous code review and refactoring into satellite software development, this research aims to improve maintainability, scalability, and cybersecurity, providing novel insights for the advancement of satellite software development and security. The value of this paper lies in its focus on addressing the identification of vulnerabilities and resolution of code smells in satellite software. In terms of the authors' contributions, we detail methods for applying machine learning to identify potential vulnerabilities and code smells in satellite software. Furthermore, the study presents techniques for feature extraction and model training, utilizing Abstract Syntax Trees (AST) and Control Flow Graphs (CFG) to extract relevant features for machine learning training. Regarding the results, we discuss the analysis of vulnerabilities, the identification of code smells, maintenance, and security enhancement through practical examples. This underscores the significant improvement in the maintainability and scalability of satellite software through continuous code review and refactoring.

• Journal of Digital Convergence
• /
• v.14 no.11
• /
• pp.501-505
• /
• 2016

Recently, the frequency of dealing important information regarding financial services like paying through smart device or internet banking on smart device has been increasing. Also, with the development of smart device execution environment towards open software environment, it became easier for users to download and use random application software, and its security aspect appears to be weakening. This study inspects features of hardware-based smart device security technology. Furthermore, this study proposes a realization method in MTM hardware-based secure smart device execution environment for an application software that runs in smart devices. While existing MTM provides the root of trust function only for the mobile device, the MTM-based mobile security environment technology proposed in this paper can provide numerous security functions that application program needs in mobile device. The further researches on IoT devices that are compatible with security hardware, gateway security technology and methods that secure reliability and security applicable to varied IoT devices by advancing security hardware are the next plan to proceed.

• Journal of Information Technology Services
• /
• v.7 no.2
• /
• pp.41-57
• /
• 2008

The development of service-based software and web-based application aims for providing user-demand service. On-demand software is emerging for same reason. Software delivery models like on-demand software is expected to change the software industry as an important technical revolution with the firm's strategy. Few research, however, has been done on the on-demand software. While much research on ASP and SaaS focused on firm' use, this study intends to examine the intention of using on-demand software targeting personal user. The intention to use of on-demand software was empirically examined in terms of quality, user characteristics, usefulness, easy of use, and security. Results shows that usefulness and easy of use are most significantly related to the intention of using on-demand software. Other factors are also found to affect the intention to use of on-demand software. This study contributes to improve the understanding and interest in on-demand software and it is expected to spread widely for individual user.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.43-49
• /
• 2011

Web-based health information provides a lot of conveniences, however the security vulnerabilities that appear in the network environment without the risk of exposure in the use of information are growing. Web-based medical information security issues when accessing only the technology advances, without attempting to seek a safe methodology are to increase the threat element. So it is required. to take advantage of web-based information security measures as a web-based access control security mechanism-based design. This paper is based on software architecture, design, ideas and health information systems were designed based on access control security mechanism. The methodologies are to derive a new design procedure, to design architecture and algorithms that make the mechanism functio n. To accomplish this goal, web-based access control for multiple patient information architecture infrastructures is needed. For this software framework to derive features that make the mechanism was derived based on the structure. The proposed system utilizes medical information, medical information when designing an application user retrieves data in real time, while ensuring integration of encrypted information under the access control algorithms, ensuring the safety management system design.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1297-1307
• /
• 2018

The rise of Online game ESD(Electronic Software Distribution) like Steam, the method of game piracy are more diversified. In Online Game ESD, Software DRM is applied to game because we have to play in offline situation, but it is easily bypassed due to low security level. In this study, we analyze crack files of pirated games to learn how to bypass Steam DRM and to establish countermeasures for based on API call birthmark. The generated birthmark showed more than 85% resilience in representing crack groups and 95% credibility in detecting cracked games. With this study, it is possible to enhance the security of the online game Electronic Software Distribution platform, and to provide a high level of game piracy protection for indie game developers, especially those who can not purchase Third Party DRM to protect their own games.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.191-197
• /
• 2024

Software reuse gives the meaning for rapid software development and the quality of the software. Most of the Java components/libraries open-source are available only in Java Archive (JAR) file format. When a software design enters into the development process, the developer needs to select necessary JAR files manually via analyzing the given software architecture and related JAR files. This paper proposes an automated approach, JarBot, to suggest all the necessary JAR files for given software architecture in the development process. All related JAR files will be downloaded from the internet based on the extracted information from the given software architecture (class diagram). Class names, method names, and attribute names will be extracted from the downloaded JAR files and matched with the information extracted from the given software architecture to identify the most relevant JAR files. For the result and evaluation of the proposed system, 05 software design was developed for 05 well-completed software project from GitHub. The proposed system suggested more than 95% of the JAR files among expected JAR files for the given 05 software design. The result indicated that the proposed system is suggesting almost all the necessary JAR files.

• International journal of advanced smart convergence
• /
• v.13 no.2
• /
• pp.69-79
• /
• 2024

AI technology is a central focus of the 4th Industrial Revolution. However, compared to some existing non-artificial intelligence technologies, new AI adversarial attacks have become possible in learning data management, input data management, and other areas. These attacks, which exploit weaknesses in AI encryption technology, are not only emerging as social issues but are also expected to have a significant negative impact on existing IT and convergence industries. This paper examines various cases of AI adversarial attacks developed recently, categorizes them into five groups, and provides a foundational document for developing security guidelines to verify their safety. The findings of this study confirm AI adversarial attacks that can be applied to various types of cryptographic modules (such as hardware cryptographic modules, software cryptographic modules, firmware cryptographic modules, hybrid software cryptographic modules, hybrid firmware cryptographic modules, etc.) incorporating AI technology. The aim is to offer a foundational document for the development of standardized protocols, believed to play a crucial role in rejuvenating the information security industry in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.11-18
• /
• 2013

In order to prevent tampering and reverse engineering of executive code, this paper propose a new tamper resistant software mechanism. This paper presents a cryptographic MAC function and a relationship which has its security level derived by the importance of code block instead of by merely getting the encryption and decryption key from the previous block. In this paper, we propose a cryptographic MAC function which generates a dynamic MAC function key instead of the hash function as written in many other papers. In addition, we also propose a relationships having high, medium and low security levels. If any block is determined to have a high security level then that block will be encrypted by the key generated by the related medium security level block. The low security block will be untouched due to efficiency considerations. The MAC function having this dynamic key and block relationship will make analyzing executive code more difficult.