• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.11-18
• /
• 2013

In order to prevent tampering and reverse engineering of executive code, this paper propose a new tamper resistant software mechanism. This paper presents a cryptographic MAC function and a relationship which has its security level derived by the importance of code block instead of by merely getting the encryption and decryption key from the previous block. In this paper, we propose a cryptographic MAC function which generates a dynamic MAC function key instead of the hash function as written in many other papers. In addition, we also propose a relationships having high, medium and low security levels. If any block is determined to have a high security level then that block will be encrypted by the key generated by the related medium security level block. The low security block will be untouched due to efficiency considerations. The MAC function having this dynamic key and block relationship will make analyzing executive code more difficult.

• Journal of Software Engineering Society
• /
• v.28 no.1
• /
• pp.13-22
• /
• 2019

To enhance effective and efficient applications of automated security vulnerability checkers in highly competitive and fast-evolving IT industry, this paper studies a comprehensive set of security bug checkers in open-source static analysis frameworks and how they can be utilized for source code inspections according to the security vulnerability inspection guidelines by MOIS. This paper clarifies the relationship be tween all 42 inspection criteria in the MOIS guideline and total 323 security bug checkers in 4 popular open-source static analysis frameworks for Java web applications. Based on the result, this paper also discuss the current challenges and issues in the MOIS guideline, the comparison among the four security bug checker frameworks, and also the ideas to improve the security inspection methodologies using the MOIS guideline and open-source static security bug checkers.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.3-10
• /
• 2020

Recently, the Internet and networks are regarded as essential infrastructures that constitute society, and security threats have been constantly increased. However, the network switch that actually transmits packets in the network can cope with security threats only through firewall or network access control based on fixed rules, so the effective defense for the security threats is extremely limited in the network itself and not actively responding as well. In this paper, we propose an in-network security framework using the high-level data plane programming language, P4 (Programming Protocol-independent Packet Processor), to deal with DDoS attacks and IP spoofing attacks at the network level by monitoring all flows in the network in real time and processing specific security attack packets at the P4 switch. In addition, by allowing the P4 switch to apply the network user's or administrator's policy through the SDN (Software-Defined Network) controller, various security requirements in the network application environment can be reflected.

• International Journal of Computer Science & Network Security
• /
• v.24 no.7
• /
• pp.1-10
• /
• 2024

Software architecture are High-level design decisions shaping a software system's components, structure, and interactions. It can be a blueprint for development, evolution, and ongoing maintenance. This research investigates the communication practices employed by software architects and developers to ensure adherence to the designed software architecture. It explores the factors influencing the selection of follow-up methods and the impact of follow-up frequency on successful implementation. Findings reveal that formalized follow-up procedures are not yet a ubiquitous element within the software development lifecycle. While electronic communication, particularly email, appears to be the preferred method for both architects and developers, physical and online meetings are utilized less frequently. Interestingly, the study suggests a potential confidence gap, with architects expressing concerns about developers' ability to faithfully implement the architecture. This may lead to architects providing additional clarification. Conversely, while most developers reported confidence in their software knowledge, overly detailed architecture documentation may pose challenges, highlighting the need for architects to consider alternative communication strategies. A key limitation of this study is the sample size, restricting the generalizability of the conclusions. However, the research offers valuable preliminary insights into the communication practices employed for architecture implementation, paving the way for further investigation with a larger and more diverse participant pool.

• Journal of IKEEE
• /
• v.16 no.4
• /
• pp.389-394
• /
• 2012

Most current systems have ignored security vulnerability concerned with boot firmware. It is highly likely that boot firmware may cause serious system errors, such as hardware manipulations by malicious programs or code, the operating system corruption caused by malicious code and software piracy under a condition of no consideration of security mechanism because boot firmware has an authority over external devices as well as hardware controls. This paper proposed a structural security mechanism based on software equipped with encrypted bootstrap patterns different from pre-existing bootstrap methods in terms of securely loading an operating system, searching for malicious codes and preventing software piracy so as to provide reliability of boot firmware. Moreover, through experiments, it proved its superiority in detection capability and overhead ranging between 1.5 % ~ 3 % lower than other software security mechanisms.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.143-148
• /
• 2022

Component-based software development (CBD) is a methodology that has been embraced by the software industry to accelerate development, save costs and timelines, minimize testing requirements, and boost quality and output. Compared to the conventional software development approach, this led to the system's development being completed more quickly. By choosing components, identifying systems, and evaluating those systems, CBSE contributes significantly to the software development process. The objective of CBSE is to codify and standardize all disciplines that support CBD-related operations. Analysis of the comparison between component-based and scripting technologies reveals that, in terms of qualitative performance, component-based technologies scale more effectively. Further study and application of CBSE are directly related to the CBD approach's success. This paper explores the introductory concepts and comparative analysis related to component-based software engineering which have been around for a while, but proper adaption of CBSE are still lacking issues are also focused.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.193-201
• /
• 2023

Abstraction is the cornerstone of ideal software engineering (SWE). This paper discusses a problem of forming reasonable generalizations, representations and descriptions in various software development processes through the prism of poor-quality (rash, unconsidered, uncertain and harmful) abstractions. To do this, emphasis is made on an induced strategic connection between the required abstraction and its compact specific formulation based on existing research and the author's introspective experience. A software aim point and characteristic preservation of the solution integrity is the subject of the best formulation and a program module or code associated with it. Moreover, a personal attitude expressed by personal interest, motivation and creativity, is proclaimed to be a fundamental factor in successful software development.

• International Journal of Computer Science & Network Security
• /
• v.24 no.8
• /
• pp.119-124
• /
• 2024

Component-based software development (CBD) is a methodology that has been embraced by the software industry to accelerate development, save costs and timelines, minimize testing requirements, and boost quality and output. Compared to the conventional software development approach, this led to the system's development being completed more quickly. By choosing components, identifying systems, and evaluating those systems, CBSE contributes significantly to the software development process. The objective of CBSE is to codify and standardize all disciplines that support CBD-related operations. Analysis of the comparison between component-based and scripting technologies reveals that, in terms of qualitative performance, component-based technologies scale more effectively. Further study and application of CBSE are directly related to the CBD approach's success. This paper explores the introductory concepts and comparative analysis related to component-based software engineering which have been around for a while, but proper adaption of CBSE are still lacking issues are also focused.

• Journal of Korea Multimedia Society
• /
• v.17 no.6
• /
• pp.706-715
• /
• 2014

It is used to lead to serious structural vulnerability of the system security of security-critical system when we have quickly developed software system according to urgent release schedule without appropriate security planning, management, and assurance processes. The Data Set and Provider of DataSnap, which is a middleware of Delphi XE2 of the Embarcadero Technologies Co., certainly help to develop an easy and fast-paced procedure, but it is difficult to apply security program and vulnerable to control software system security when the connection structure Database-DataSnap server-SQL Connection-SQL Data set-Provider is applied. This is due to that all kinds of information of Provider are exposed on the moment when DataSnap Server Port is sure to malicious attackers. This exposure becomes a window capable of running SQL Command. Thus, it should not be used Data Set and Provider in the DataSnap Server in consideration of all aspects of security management. In this paper, we study on the verification of the security vulnerabilities for Client and Server DataSnap in Dlephi XE2, and we propose a secure coding method to improve security vulnerability in the DataSnap server system.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.55-62
• /
• 2009

Industrial Security is a management activity protecting industrial asset of enterprise by application of security elements(physical, IP, conversion security tools) and can be understood as a comprehensive term including software aspect(establishment of policy and strategy, maintenance operation, post- response act, etc.) as well as the operation of hardware elements. In this paper, after recognizing the definition and relative concept of industrial security, the role and its relative laws of the industrial security organizations, the management system and the reality, I will find some problems and submit a reform measure. Furthermore I would like to propose the policy direction to enhance the national competitiveness and to become one of the advanced nations in 21st industrial security through the effective industrial security activities of our enterprises.