• Title/Summary/Keyword: code security

Search Result 982, Processing Time 0.024 seconds

Design of Command Security Mechanism for the Satellite Using Message Authentication Code (메세지 인증 코드 기법을 이용한 위성명령 보안 메카니즘 설계)

  • Hong, K.Y.;Park, W.S.;Lee, H.J.;Kim, D.K.
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 1994.11a
    • /
    • pp.99-107
    • /
    • 1994
  • For the secure control of the communication satellite, security mechanisms should be employed on the ground station as well as on the spacecraft. In this paper, we present a security architecture fur the spacecraft command security of the communication satellite. An authentication mechanism is also proposed using message authentication code (MAC) based on the Data Encryption Standard (DES) cryptosystem.

  • PDF

Analysis of Developing Methodology on the Security Software by Comparing Function for Security Protocol Code Generation Tools (정형명세 기법을 이용한 보안 프로토콜 코드 생성 도구의 보안 소프트웨어 개발 분석)

  • Jang Seung-Ju;Ryu Dae-hyun;Lee Chul-Sool;Park Il-Hwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.6
    • /
    • pp.47-56
    • /
    • 2004
  • Automatic code generating function for security protocol of SPEAR II and IFAD VDM-SL Toolbox supporting formal specification is presented in this paper. Among the functions of these tools we compare and analyze the aspects of functions, users, operation and code generation. And we suggest direction to the developing of safe security S/W. The automatic code generating function for security protocol gives the direction for developing of the safe secure software in formal specification method.

Research on Applying Code Signing Technology to National PKI (코드 서명 기술의 국내 PKI 적용 방안 비교 연구)

  • Lee, Rae;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.3
    • /
    • pp.27-40
    • /
    • 2004
  • Nowadays most web rages provide various services by downloading the applications program such as ActiveX Control or Java Applet. To provide code integrity and publisher authentication of downloaded software in internet, we need code signing technology. In this paper, Authenticode technology of Microsoft is lust analyzed. Based on the analysis, we propose code signing certificate profile and applying method for National Public Key Infrastructure.

Buffer Overflow Malicious Code Detection by Tracing Executable Area of Memory (메모리 실행영력 추적을 사용한 버퍼오버플로 악성코드 탐지기법)

  • Choi, Sung-Woon;Cho, Jae-Ik;Moon, Jong-Sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.5
    • /
    • pp.189-194
    • /
    • 2009
  • Most of anti-virus programs detect and compare the signature of the malicious code to detect buffer overflow malicious code. Therefore most of anti-virus programs can't detect new or unknown malicious code. This paper introduces a new way to detect malicious code traces memory executable of essentials APIs by malicious code. To prove the usefulness of the technology, 7 sample codes were chosen for compared with other methods of 8 anti-virus programs. Through the simulation, It turns out that other anti-virus programs could detect only a limited portion of the code, because they were implemented just for detecting not heap areas but stack areas. But in other hand, I was able to confirm that the proposed technology is capable to detect the malicious code.

A study on neutralization malicious code using Windows Crypto API and an implementation of Crypto API hooking tool (윈도우즈 Crypto API를 이용한 악성코드 무력화 방안 연구 및 도구 구현)

  • Song, Jung-Hwan;Hwang, In-Tae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.2
    • /
    • pp.111-117
    • /
    • 2011
  • Advances in encryption technology to secret communication and information security has been strengthened. Cryptovirus is the advent of encryption technology to exploit. Also, anyone can build and deploy malicious code using windows CAPI. Cryptovirus and malicious code using windows CAPI use the normal windows API. So vaccine software and security system are difficult to detect and analyze them. This paper examines and make hooking tool against Crytovirus and malicious code using windows CAPI.

Cloud-based malware QR Code detection system (클라우드 기반 악성 QR Code 탐지 시스템)

  • Kim, Dae-Woon;Jo, Young-Tae;Kim, Jong-Min
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.25 no.9
    • /
    • pp.1227-1233
    • /
    • 2021
  • QR Code has been used in various forms such as simple business cards and URLs. Recently, the influence of Corona 19 Fundemik has led to the use of QR Codes to track travel routes through visits and entry / exit records, and QR Code usage has skyrocketed. In this way, most people have come to use it in the masses and are constantly under threat. In the case of QR Code, you do not know what you are doing until you execute it. Therefore, if you undoubtedly execute a QR Code with a malicious URL inserted, you will be directly exposed to security threats. Therefore, this paper provides a cloud-based malware QR Code detection system that can make a normal connection only when there is no abnormality after determining whether it is a malicious QR Code when scanning the QR Code.

Legal Issues in Application of the ISPS Code under Marine Cargo Insurance (해상적하보험에서 국제선박 및 항만시설 보안규칙의 적용상 법률적 쟁점)

  • Lee, Won-Jeong;Yoo, Byung-Ryong
    • Journal of the Korea Safety Management & Science
    • /
    • v.16 no.3
    • /
    • pp.307-316
    • /
    • 2014
  • In view of the increased threat arising terrorism, the International Maritime Organization(IMO) adopted the International Ship and Port Facility Security Code (ISPS Code) which attached to the SOLAS Convention. The ISPS Code requires a comprehensive set of measures to enhance the security of ships and port facilities. For example, a shipowner must obtain the International Ship Security Certificate(ISSC). If the carrying vessel has not ISSC, the ship may be detained by the contracting governments. The Joint Cargo Committee(JCC) in London adopted the Cargo ISPS Endorsement, in which the assured who knowingly ships the cargoes on a non-ISPS Code compliant vessel will have no cover. However, where there is no the Cargo ISPS Endorsement in a Marine Cargo Insurance Policy and the cargo is carried by a non-ISPS Code certified vessel, the legal problem is whether or not it would constitute a breach of an implied warranty of seaworthiness and/or an implied warranty of legality. The purpose of this article is to analyze the potential legal issue on the relations between non-ISPS Code compliant vessel and two implied warranties under Marine Insurance Act(1906) in U.K.

Design and Implementation of Preprocessing Part for Dynamic Code Analysis (동적 코드 분석을 위한 전처리부 설계 및 구현)

  • Kim, Hyuncheol
    • Convergence Security Journal
    • /
    • v.19 no.3
    • /
    • pp.37-41
    • /
    • 2019
  • Recently, due to the appearance of various types of malware, the existing static analysis exposes many limitations. Static analysis means analyzing the structure of a code or program with source code or object code without actually executing the (malicious) code. On the other hand, dynamic analysis in the field of information security generally refers to a form that directly executes and analyzes (malware) code, and compares and examines and analyzes the state before and after execution of (malware) code to grasp the execution flow of the program. However, dynamic analysis required analyzing huge amounts of data and logs, and it was difficult to actually store all execution flows. In this paper, we propose and implement a preprocessor architecture of a system that performs malware detection and real-time multi-dynamic analysis based on 2nd generation PT in Windows environment (Windows 10 R5 and above).

Application Consideration of Machine Learning Techniques in Satellite Systems

  • Jin-keun Hong
    • International journal of advanced smart convergence
    • /
    • v.13 no.2
    • /
    • pp.48-60
    • /
    • 2024
  • With the exponential growth of satellite data utilization, machine learning has become pivotal in enhancing innovation and cybersecurity in satellite systems. This paper investigates the role of machine learning techniques in identifying and mitigating vulnerabilities and code smells within satellite software. We explore satellite system architecture and survey applications like vulnerability analysis, source code refactoring, and security flaw detection, emphasizing feature extraction methodologies such as Abstract Syntax Trees (AST) and Control Flow Graphs (CFG). We present practical examples of feature extraction and training models using machine learning techniques like Random Forests, Support Vector Machines, and Gradient Boosting. Additionally, we review open-access satellite datasets and address prevalent code smells through systematic refactoring solutions. By integrating continuous code review and refactoring into satellite software development, this research aims to improve maintainability, scalability, and cybersecurity, providing novel insights for the advancement of satellite software development and security. The value of this paper lies in its focus on addressing the identification of vulnerabilities and resolution of code smells in satellite software. In terms of the authors' contributions, we detail methods for applying machine learning to identify potential vulnerabilities and code smells in satellite software. Furthermore, the study presents techniques for feature extraction and model training, utilizing Abstract Syntax Trees (AST) and Control Flow Graphs (CFG) to extract relevant features for machine learning training. Regarding the results, we discuss the analysis of vulnerabilities, the identification of code smells, maintenance, and security enhancement through practical examples. This underscores the significant improvement in the maintainability and scalability of satellite software through continuous code review and refactoring.