• Journal of the Korean Society of Safety
• /
• v.27 no.6
• /
• pp.192-204
• /
• 2012

For a severe accident of nuclear power plant, an approach to estimation of the radiological source term using a severe accident code(MELCOR) has been proposed. Although the MELCOR code has a capability to estimate the radiological source term, it has been hardly utilized for the radiological consequence analysis mainly due to a lack of understanding on the relevant function employed in MELCOR and severe accident phenomena. In order to estimate the severe accident source term to be linked with the radiological consequence analysis, this study proposes 4-step procedure: (1) selection of plant condition leading to a severe accident(i.e., accident sequence), (2) analysis of the relevant severe accident code, (3) investigation of the code analysis results and post-processing, and (4) generation of radiological source term information for the consequence analysis. The feasibility study of the present approach to an early containment failure sequence caused by a fast station blackout(SBO) of a reference plant (OPR-1000), showed that while the MELCOR code has an integrated capability for severe accident and source term analysis, it has a large degree of uncertainty in quantifying the radiological source term. Key insights obtained from the present study were: (1) key parameters employed in a typical code for the consequence analysis(i.e., MACCS) could be generated by MELCOR code; (2) the MELOCR code simulation for an assessment of the selected accident sequence has a large degree of uncertainty in determining the accident scenario and severe accident phenomena; and (3) the generation of source term information for the consequence analysis relies on an expert opinion in both areas of severe accident analysis and consequence analysis. Nevertheless, the MELCOR code had a great advantage in estimating the radiological source term such as reflection of the current state of art in the area of severe accident and radiological source term.

• Journal of Software Assessment and Valuation
• /
• v.17 no.1
• /
• pp.25-30
• /
• 2021

In case of evaluating the similarity of the source code analysis material in the embedded system, the provided source code must be confirmed to be executable. However, it is currently being in which compilation and interface matching with hardware are provided in an unconfirmed materials. The complainant assumes that many parts of the source code are similar because the characteristics of the operation are similar and the expression of the function is similar. As for the analysis result, the analysis result may appear different than expected due to these unidentified objects. In this study, the improvement direction is sugested through the case study by the analysis process of the source code and the similarity of the unverified source code.

• Journal of Software Assessment and Valuation
• /
• v.17 no.2
• /
• pp.31-38
• /
• 2021

In order to analyze the similarity of the source code object material, the source code on both sides must be able to be compiled and executed. In particular, in the case of hardware-integrated software, it is necessary to check whether the hardware interface matches. However, currently, the source code is provided in an incomplete state which is not original of source code used in developing steps. The complainant confirms that the executing characteristics are similar to their own in the expression and function of the output, and request an evaluation. When a source code compilation error occurs during the evaluation process, the experts draw a flowchart of the source code and applies the method of tracing the code flow for each function as indirect method. However, this method is indirect and the subjective judgment is applied, so there is concern about the contention of objectivity in the similarity evaluation result. In this paper, the problems of unverified source code similarity analysis and improvement directions are dealt with, through the analysis cases of source code disputes applied to embedded systems.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.6
• /
• pp.145-150
• /
• 2017

Software maintenance accounts for a large portion of the software life cycle cost. In the software maintenance phase, comprehending the legacy source code is inevitable, which takes most of the time. Source code readability is a metric of the extent of code readers' difficulty of code comprehension based on the source code itself. The better the code is readable, the easier it is for code readers to comprehend the source code. This paper proposes novel source code readability metric to quantitative measure the extent of current source code under development, which is more enhanced measurement method than previous research that dichotomously judges whether the source code was readable or not. As an evaluation, we carried out a survey and analyzed them with Regression Analysis to find best parameters of the metric.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.6
• /
• pp.1689-1705
• /
• 2023

To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: "white-box testing" and "black-box testing". Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.147-155
• /
• 2010

It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.

• Journal of Information Technology Services
• /
• v.17 no.3
• /
• pp.171-189
• /
• 2018

To remove software defects and improve performance of software, many developers perform code inspections and use static analysis tools. A code inspection is an activity that is performed manually to detect software defects in the developed source. However, there is no clear criterion which source codes are inspected. A static analysis tool can automatically detect software defects by analyzing the source codes without running the source codes. However, it has disadvantage that analyzes only the codes in the functions without analyzing the relations among source functions. The functions in the source codes are interconnected and formed a social network. Functions that occupy critical locations in a network can be important enough to affect the overall quality. Whereas, a static analysis tool merely suggests which functions were called several times. In this study, the core functions will be elicited by using social network analysis and DEA (Data Envelopment Analysis) for CUBRID open database sources. In addition, we will suggest clear criteria for selecting the target sources for code inspection and will suggest ways to find core functions to minimize defects and improve performance.

• Journal of the Korean Society of Safety
• /
• v.27 no.5
• /
• pp.219-223
• /
• 2012

For an off-site consequence analysis at nuclear power plant, MELCOR Accident Consequence Code System(MACCS) II code is widely used as a software tool. In this study, the algorithm of web-based off-site consequence analysis program(OSCAP) using the MACCS II code was developed for an Integrated Leak Rate Test (ILRT) interval extension and Level 3 probabilistic safety assessment(PSA), and verification and validation(V&V) of the program was performed. The main input data for the MACCS II code are meteorological, population distribution and source term information. However, it requires lots of time and efforts to generate the main input data for an off-site consequence analysis using the MACCS II code. For example, the meteorological data are collected from each nuclear power site in real time, but the formats of the raw data collected are different from each site. To reduce the efforts and time for risk assessments, the web-based OSCAP has an automatic processing module which converts the format of the raw data collected from each site to the input data format of the MACCS II code. The program also provides an automatic function of converting the latest population data from Statistics Korea, the National Statistical Office, to the population distribution input data format of the MACCS II code. For the source term data, the program includes the release fraction of each source term category resulting from modular accident analysis program(MAAP) code analysis and the core inventory data from ORIGEN. These analysis results of each plant in Korea are stored in a database module of the web-based OSCAP, so the user can select the defaulted source term data of each plant without handling source term input data.

• International Journal of Advanced Culture Technology
• /
• v.8 no.2
• /
• pp.289-296
• /
• 2020

Software copyright are written in text form of documents and stored as files, so it is easy to expose on an illegal copyright. The IOT framework configuration and service environment are also evaluated in software structure and revealed to replication environments. Illegal copyright can be easily created by intelligently modifying the program code in the framework system. This paper deals with similarity comparison to determine the suspicion of illegal copying. In general, original source code should be provided for similarity comparison on both. However, recently, the suspected developer have refused to provide the source code, and comparative evaluation are performed only with executable code. This study dealt with how to analyze the similarity with the execution code and the circuit configuration and interface state of the system without the original source code. In this paper, we propose a method of analyzing the data of the object without source code and verifying the similarity comparison result through evaluation examples.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.238-240
• /
• 2018

Recently, healthcare services have been developed and studied using various bio-signal analysis tools. Most bio-signal analysis studies utilize Matlab and R Programming. However, in order to apply the algorithm developed by Matlab and R Programming to the system, it is necessary to convert the source code. This paper proposes a smart interface that can skip source code conversion.