• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.961-974
• /
• 2015

With the advancement of SIEM from ESM, it allows deep correlated analysis using huge amount of data. By collecting software's vulnerabilities from assessment with certain classification measures (e.g., CWE), it can improve detection rate effectively, and respond to software's vulnerabilities by analyzing big data. In the phase of monitoring and vulnerability diagnosis Process, it not only detects predefined threats, but also vulnerabilities of software in each resources could promptly be applied by sharing CCE, CPE, CVE and CVSS information. This abstract proposes a model for effective detection and response of software vulnerabilities and describes effective outcomes of the model application.

• KIISE Transactions on Computing Practices
• /
• v.23 no.8
• /
• pp.487-491
• /
• 2017

Open source software allows the users to freely use, copy, distribute and modify source code without any particular limitations, and this offers the advantages of low entry cost, fast and flexible development, compatibility, reliability and safety. The emergence of many useful open source projects has the advantage of achieving high levels of output with lower costs and time commitment for software development. However, this also increases the risks caused by the security vulnerabilities of the used open source software. There is still no separate process to verify security in using open source software. In this paper, we analyze the security weakness in open source and propose a secure coding scheme in adopting open source, which is known to be highly reliable from a security point of view.

• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.79-86
• /
• 2016

Under the influence of software security-enhanced development guidelines announced in 2012, secure coding practices become widely applicable in developing information systems aiming to enhance security capabilities. Although continuous enhancement activities for code security is important, management issues for code security have been less addressed in the guidelines. This paper analyses limitation of secure coding practices from the viewpoint of quality management. In particular this paper suggests structures and the use of software metrics from coding to maintenance phases so that it can be of help in the future by extending the use of security metrics.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.8
• /
• pp.69-75
• /
• 2015

Nowadays, software plays various roles in applications in wide areas. However, the security problems caused by software vulnerabilities increase. So, it is necessary to improve software security and safety in software execution. In this paper, we propose an approach to improve the safety of software execution by managing information used in software through static data access analysis. The approach can detect the exposures of secure data in software execution by analyzing information property and flows through static data access analysis. In this paper, we implemented and experimented the proposed approach with a base language, and verify that the proposed approach can effectively detect the exposures of secure information. The proposed approach can be applied in several areas for improving software safety by analysing vulnerabilities from information flows in software execution.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.811-820
• /
• 2017

Software automatic technology research recently focuses not only on generating a single path test-case, but also on finding an optimized path to reach the vulnerability through various test-cases. Although Dynamic Symbolic Execution (DSE) technology is popular among these automatic technologies, most DSE technology researches apply only to Linux binaries or specific modules themselves. However, most software are vulnerable based on input files. Therefore, this paper proposes an input file based dynamic symbolic execution method for software vulnerability verification. As a result of applying it to three kinds of actual binary software, it was possible to create a test-case effectively reaching the corresponding point through the proposed method. This demonstrates that DSE technology can be used to automate the analysis of actual software.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.5
• /
• pp.463-474
• /
• 2023

Advances in technology have made it easier for organizations to share information and collaborate. However, collaboration systems where multiple entities share and access information are vulnerable to security. The concept of Software Bill Of Materials (SBOM) has emerged as a way to strengthen information security by identifying and transparently managing the components of software programs. To promote the adoption of SBOM in Korea, this study investigated the intention to use of collaboration system managers. This study was based on the theory of planned behavior and the integrated technology acceptance theory. The results of this study confirmed that performance expectations from SBOM adoption were an important variable for intention to use, and positive attitudes toward security also had an indirect effect through performance expectations. We found that SBOM adoption has an important causal relationship with performance due to the fact that it is targeted at enterprises, and that positive attitudes toward security and social climate can have a strong effect on intention to use.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.319-324
• /
• 2012

The application software, which is developed on smart phone environment, is applied to according to system development methodology. This paper presents security consideration, that is required to major application program, which is developed in smart phone environment. First it reviews security issues in application program, and the next it considered to security policy for secure application program.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.63 no.6
• /
• pp.804-809
• /
• 2014

Recently, the prevention of crime using CCTV draws special in accordance with the higher crime incidence rate. Therefore security systems like a CCTV with audio capability are developing for giving an instant alarm. This paper proposes an analysis on screams and ambient noises for security systems with audio capability. This analysis result will be helpful for security systems to detect screams well with various ambient noises in real environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.1965-1968
• /
• 2003

The importance of Security measures by means of Physical Security, Network Security and Online/Internet Security. Lack of security is one of the primary obstacles in fielding many technologies in both commercial and DoD networks. Moreover, Internet censorship may be growing and is becoming increasingly sophisticated. In this paper, we will evaluate the Practice to Policy to Theory Approach for survivability by means of software rejuvenation models. These models would be assessed the effectiveness of proactive fault management in operational software systems and determined optimal times to perform rejuvenation.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.67-73
• /
• 2005

Security requirements must be defined well to reduce software vulnerabilities in requirement specification phase. In this paper, we show how to specify security requirements in structured manner for object-oriented development methodology. Our method specifies security requirements through four phases: defining security objectives, identifying the threat, construct attack tree, and specifying security function. This method would help developers to specify security requirements and functions which software have to possess clearly and systematically.