• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.3-10
• /
• 2012

In this paper, make a study decision problem called an optimal release policies after testing a software system in development phase and transfer it to the user. When correcting or modifying the software, finite failure non-homogeneous Poisson process model, considering learning factor, presented and propose release policies of the life distribution, log linear type model which used to an area of reliability because of various shape and scale parameter. In this paper, discuss optimal software release policies which minimize a total average software cost of development and maintenance under the constraint of satisfying a software reliability requirement. In a numerical example, the parameters estimation using maximum likelihood estimation of failure time data, make out estimating software optimal release time.

• Convergence Security Journal
• /
• v.10 no.1
• /
• pp.55-61
• /
• 2010

It is of great practical interest to deciding when to stop testing a software system in development phase and transfer it to the user. This decision problem called an optimal release policies. In this paper, because of the possibility of introducing new faults when correcting or modifying the software, we were researched release comparative policies which based on infinite failure NHPP model and types of interval failure times. The policies which minimize a total average software cost of development and maintenance under the constraint of satisfying a software reliability requirement can optimal software release times. In a numerical example, applied data which were patterns, if intensity function constant or increasing, decreasing, estimated software optimal release time.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.284-296
• /
• 2021

Quality Models are important element of the software industry to develop and implement the best quality product in the market. This type of model provides aid in describing quality measures, which directly enhance the user satisfaction and software quality. In software development, the inheritance technique is an important mechanism used in object-oriented programming that allows the developers to define new classes having all the properties of super class. This technique supports the hierarchy design for classes and makes an "is-a" association among the super and subclasses. This paper describes a standard procedure for validating the inheritance metric in Quality Model for Object-Oriented Design (QMOOD) by using a set of nine properties established by Weyuker. These properties commonly using for investigating the effectiveness of the metric. The integration of two measuring methods (i.e. QMOOD and Weyuker) will provide new way for evaluating the software quality based on the inheritance context. The output of this research shows the extent of satisfaction of the inheritance metric in QMOOD against Weyuker nine properties. Further results proved that Weyker's property number nine could not fulfilled by any inheritance metrics. This research introduces a way for measuring software that developed using object-oriented approach. The theoretical validation of the inheritance metric presented in this paper is a small step taken towards producing quality software and in providing assistance to the software industry.

• Advanced Industrial SCIence
• /
• v.1 no.1
• /
• pp.28-34
• /
• 2022

Many studies have been conducted on software quality evaluation. Recently, as artificial intelligence-related software has been developed a lot, research on methods for evaluating artificial intelligence functions in existing software is being conducted. Software evaluation has been based on eight quality characteristics: functional suitability, reliability, usability, maintainability, performance efficiency, portability, compatibility, and security. Research on the part that needs to be confirmed through evaluation of the function of the intelligence part is in progress. This study intends to introduce the contents of the evaluation method in this part. We are going to propose a quality evaluation method for artificial intelligence software by presenting the existing software quality evaluation method and the part to be considered in the AI part.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.171-182
• /
• 2014

Common Criteria is a scheme that minimize IT products's vulnerabilities in accordance with the evaluation assurance level. SSDLC(Secure Software Development Lifecycle) is a methodology that reduce the weakness that can be used to generate vulnerabilities of software development life cycle. However, Common Criteria does not consider certificated IT products's vulnerabilities after certificated it. So, it can make a problem the safety and reliability of IT products. In addition, the developer and the evaluator have the burden of duplicating evaluations of IT products that introduce into the government business due to satisfy both Common Criteria and SSDLC. Thus, we researched the relationship among the Common Criteria, the static code analysis tools, and the SSDLC. And then, we proposed how to combine SSDLC into Common Criteria.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.327-333
• /
• 2014

The rapid expansion of the software industry has brought a serious security threat and vulnerability. Many softwares are constantly attacked by exploit codes using security vulnerabilities. Smart fuzzing is automated method to find software vulnerabilities. However, Many resources are consumed in fuzzing, because the fuzzing needs to create data model for target software and to analyze a data file and software binary. Therefore, The automated method for efficient smart fuzzing is needed to develop the automated data model. In this paper, through analysing the input file format and optimizing the data structure, we propose an efficient data modeling framework for smart fuzzing and implement the framework for detect software vulnerabilities.

• The Transactions of the Korean Institute of Electrical Engineers P
• /
• v.67 no.1
• /
• pp.9-14
• /
• 2018

In this paper, we introduce an AES-based security chip for the embedded system of Internet of Things(IoT). We used Verilog HDL to implement the AES algorithm in FPGA. The designed AES module creates 128-bit cipher by encrypting 128-bit plain text and vice versa. RTL simulations are performed to verify the AES function and the theory is compared to the results. An FPGA emulation was also performed with 40 types of test sequences using two Altera DE0-Nano-SoC boards. To evaluate the performance of security algorithms, we compared them with AES implemented by software. The processing cycle per data unit of hardware implementation is 3.9 to 7.7 times faster than software implementation. However, there is a possibility that the processing speed grow slower due to the feature of the hardware design. This can be solved by using a pipelined scheme that divides the propagation delay time or by using an ASIC design method. In addition to the AES algorithm designed in this paper, various algorithms such as IPSec can be implemented in hardware. If hardware IP design is set in advance, future IoT applications will be able to improve security strength without time difficulties.

• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.251-257
• /
• 2015

Intrusion protection system is a security system that stop abnormal traffics through automatic activity by finding out attack signatures in network. Unlike firewall or intrusion detection system that defends passively, it is a solution that stop the intrusion before intrusion warning. The security performance of intrusion protection system is influenced by security auditability, user data protection, security athentication, etc., and performance is influenced by detection time, throughput, attack prevention performance, etc. In this paper, we constructed a convergence performance evaluation model about software product evaluation to construct the model for security performance evaluation of intrusion protection system based on CC(Common Criteria : ISO/IEC 15408) and ISO international standard about software product evaluation.

• Journal of Communications and Networks
• /
• v.14 no.1
• /
• pp.104-110
• /
• 2012

Group key agreement protocols allow a group of users, communicating over a public network, to establish a shared secret key to achieve a cryptographic goal. Protocols based on certificateless public key cryptography (CL-PKC) are preferred since CL-PKC does not need certificates to guarantee the authenticity of public keys and does not suffer from key escrow of identity-based cryptography. Most previous certificateless group key agreement protocols deploy signature schemes to achieve authentication and do not have constant rounds. No security model has been presented for group key agreement protocols based on CL-PKC. This paper presents a security model for a certificateless group key agreement protocol and proposes a constant-round group key agreement protocol based on CL-PKC. The proposed protocol does not involve any signature scheme, which increases the efficiency of the protocol. It is formally proven that the proposed protocol provides strong AKE-security and tolerates up to $n$-2 malicious insiders for weak MA-security. The protocol also resists key control attack under a weak corruption model.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.595-598
• /
• 2014

The cyber attacks of recent attacks that target zero-day exploit security vulnerabilities before the security patch is released (Zero Day) attack, the web site is without the Lord. These attacks, those that use the vulnerability of security that is built into the software itself is in most cases, cyber attacks that use the vulnerability of the security of the source code, in particular, has a characteristic response that are difficult to security equipment. Therefore, it is necessary to eliminate the security vulnerability from step to implement the software to prevent these attacks. In this paper, we try to design a Secure Coding Guide support tool to eliminate the threat of security from the stage of implementation.