DOI QR코드

DOI QR Code

Evaluation Method Using Analytic Hierarchy Process for C4I SW Secure Coding Rule Selection

계층분석기법을 활용한 전장관리정보체계 소프트웨어 시큐어 코딩룰 선정 평가 방안

  • 최준성 (서울과학기술대학교 IT정책전문대학원 산업정보시스템전공) ;
  • 김우제 (서울과학기술대학교 기술경영융합대학 글로벌융합산업공학과 산업정보시스템) ;
  • 박원형 (극동대학교 공학계열 사이버안보학과) ;
  • 국광호 (서울과학기술대학교 기술경영융합대학 글로벌융합산업공학과 산업정보시스템)
  • Received : 2013.06.27
  • Accepted : 2013.07.30
  • Published : 2013.08.30

Abstract

In this study, we suggest the selecting evaluation method considering 6 major factors like Compliance system application (Development language conformance, Platform Compliance), threat evaluation (criticality of security incident, possibility of security incident), application benefit (Reliability / quality improvement, Modify Cost) for appropriate secure coding rule selecting evaluation. Using this method, we selected and make a set consist of 197 secure coding rules for Battlefield Management System Software. And calculated the application priority for each rules.

본 연구에서는 적용대상체계에 적합한 시큐어 코딩룰을 선정 평가하기 위한 방안으로, 적용대상 체계의 특성에 따른 체계적용적합성(개발언어적합성, 플랫폼적합성), 위협평가(침해의 심각성, 침해의 가능성), 적용기대효과(신뢰성/품질향상, 수정 비용) 등을 종합적으로 고려한 시큐어 코딩룰의 선정 평가 방안을 제시하였다. 이를 활용하여, 전장관리정보체계의 체계 특성에 부합하는 197개의 시큐어 코딩룰을 선정하였다. 또한 선정된 각 코딩룰 별로 대상 체계에 대한 적용을 위한 우선 순위를 산정하였다.

Keywords

References

  1. Ban gjiho, Halan, Evaluation Methodology of Diagnostic Tool for Security Weakness of e-GOV Software, THE JOURNAL OF KOREA INFORMATION AND COMMUNICATIONS SOCIETY(KICS), vol. 38, no. 4, pp 335-343, 2013 https://doi.org/10.7840/kics.2013.38C.4.335
  2. Jeong dahye, Choejin-yeong, Leesonghui, Nuclear-related Software analysis based on secure coding, Journal of Korea Institute of Information Security and Cryptology, vol. 23 no. 2, pp. 243-250, 2013 https://doi.org/10.13089/JKIISC.2013.23.2.243
  3. Hangyeongsuk, KimTaeHwan, Hagiyoung, Imjaemyeong, Pyochangwoo, An Improvement of the Guideline of Secure Software Development for Korea E-Government, Journal of Korea Institute of Information Security and Cryptology, vol. 22 no. 5, pp1179-1189, 2012
  4. Kim dongwon, Han geunhui, A Study on Self Assessment of Mobile Secure Coding, Journal of Korea Institute of Information Security and Cryptology, vol. 22 no. 4, pp. 901-911, 2012
  5. Kim seonggeun, Lee jaeil, Analyzing Secure Coding Initiatives: An Ecosystem Approach, Journal of Korea Institute of Information Security and Cryptology, vol. 22 no. 5, pp. 1205-1216, 2012
  6. Junesung choi, Wooje Kim, Wonhyung Park, Kwangho Kook, Defense SW Secure Coding Application Method for Cyberwarfare Focused on the warfare System Embedded SW Application Level, Journal of Korea Association of Defense Industry Studies, vol. 19, no. 2, pp. 91-103, 2012
  7. Junesung choi, Wooje Kim, Kwangho Kook, warfare System Embedded SW Secure Coding Application Method, 2012 KORMS Proceedings pp. 1454-1466, 2012
  8. Bongwoo Lee, JaHee Kim, wooje Kim, "ITS project manager research core competencies Using QFD and AHP", Journal of IT Service, vol. 10, no. 1, pp. 89-103, 2011
  9. JaHee Kim, Wooje Kim, hyeongi Cho, eunyoung Lee, minwoo Seo, A Study on the Development of Evaluation Model for Selecting a Standard for DITA using AHP, IE Interfaces, vol. 25, no. 1, pp. 96-105, 2012 https://doi.org/10.7232/IEIF.2012.25.1.096
  10. LeeBuyoon, Alerts on Car hacking vulnerability, Journal of Mechanics , vol. 51, no. 11, pp. 10-11, 2011
  11. Kimjungkook, Kimseyoung, Threat to weapon system in the cyberwar, Latest Technology Trends, Defense Technology and Quality, pp. 4-9, 2011
  12. MOPAS, Administrative information system notice amendment to the operating instructions, 2012
  13. MOPAS, Information System Audit Guide Line, 2012
  14. MOPAS, Software Development Secure Coding Guide, 2012
  15. MOPAS, JAVA Security Coding Guide, 2012
  16. MOPAS, Android Security Coding Guide, 2012
  17. MOPAS, Diagnostic software security weaknesses Guide, 2012
  18. Nor Harisah Zainuddin, "Secure Coding in Software Development", 2011 5th Malaysian Conference in Software Engineering, 2011
  19. Kittipong Kittichokechai, "Secure Source Coding with Action-dependent Side Information", 2011 IEEE Inetrnational Symposium on Information Theory Procdeedings
  20. Ravi Tandon, "Secure Source Coding with a Helper", IEEE TRANSACTIONS ON INFORMATION THEORY, 2011
  21. Robert C. Seacord, "Secure Coding in C and C++", Addison-Wesley Professional, 2005
  22. Fred Long, Dhruv Mohindra,Robert C. Seacord, Dean F.Sutherland, David Svoboda, "The Cert Oracle Secure Coding Standard for Java", Prentice Hall, (2008)
  23. Robert C. Seacord, "The CERT Secure Coding Standard for C", Addison-Wesley, 2008
  24. James F Dunnigan, "How to Make War : A Comprehensive Guide to Modern Warfare in the Twenty-First Century", Quill, 2003
  25. http://www.misra-c.com/Activities/MISRAC/tabid/160/Default.a, 2012.6.1