DOI QR코드

DOI QR Code

A Design and Development of Secure-Coding Check System Based on E-Government Standard Framework for Convergence E-Government Service

융복합 전자정부 서비스를 위한 전자정부 표준프레임워크 기반 시큐어코딩 점검 시스템 설계 및 개발

  • Kim, Hyungjoo (Department of Computer Science, Soongsil University) ;
  • Kang, Jungho (Department of Computer Science, Soongsil University) ;
  • Kim, Kyounghun (Department of Computer Information, Gangdong University) ;
  • Lee, Jaeseung (Department of Computer Science, Soongsil University) ;
  • Jun, Moonseog (Department of Computer Science, Soongsil University)
  • Received : 2015.01.16
  • Accepted : 2015.03.20
  • Published : 2015.03.28

Abstract

Recently computer, smart phone, medical devices, etc has become used in a variety of environments as the application fields of IT products have become diversification. Attack case of abuse of software security vulnerabilities is on the increase as the application fields of software have become diversification. Accordingly, secure coding program is of a varied but history management, updating, API module to be vulnerable to attack. Thus, this paper proposed a materialization of CMS linked system to enable check the vulnerability of the source code to content unit for secure software development, configuration management system that interwork on the transmission module. Implemented an efficient coding system secure way that departmentalized by the function of the program and by analyzing and applying secure coding standards.

최근 IT 제품의 활용 분야가 다양화 되면서 소프트웨어의 활용 분야가 컴퓨터, 스마트폰, 의료기기 등 다양한 환경에서 이용되고 있다. 이처럼 소프트웨어의 활용분야가 다양해짐에 따라 소프트웨어 보안 취약점을 악용하는 공격사례가 증가하고 있으며 이에 따라 다양한 시큐어코딩 프로그램이 출시되었지만 이력관리, 업데이트, API 모듈 등의 취약점이 존재하고 있다. 본 논문에서는 안전한 소프트웨어 개발을 위해 송신모듈에 형상관리를 연동하는 시스템과, 콘텐츠 단위로 소스코드의 취약점을 점검할 수 있는 CMS 연동 시스템을 구현하고, 프로그램의 기능을 세분화하여 국내외 시큐어코딩 관련 표준을 분석 및 적용함으로서 효율적인 시큐어코딩 시스템 방법을 구현하였다.

Keywords

References

  1. Small and Medium Business Administration, "Secure-Coding Check System", 2014.
  2. Jaeseung Lee, Hyungjoo Kim, Wongyu Choi, Moonseog Jun, "Secure coding configuration management system for secure application development", KAIS, 2014.
  3. Jaeseung Lee, Wongyu Choi, Sunghwan Kim, Moonseog Jun, "Secure coding system for the development of safe application design methodology", KAIS, 2014.
  4. Wongyu Choi, Jaeseung Lee, Junho Kim, Moonseog Jun, "Secure coding according to the mandate due to improved efficiency and reliability of the software development impact", KAIS, 2014.
  5. Jaehyun Kim, Yangsun Lee, "A study on Optimization Method for the Rule Checker in the Secure Coding", International Journal of Security and Its Applications Vol.8, No.1, pp.333-342, 2014. https://doi.org/10.14257/ijsia.2014.8.1.31
  6. Soo-Kyung Choi, Tae-Jun Hwang, Young B. Park, "2011 CWE/SANS Top 25 Dangerous Software Errors-based Vulnerability analysis and Secure Coding of the Hadoop's MapReduce Framework", Korea Computer Congress, 2013.
  7. Yunsik Son, Seman Oh, "A study on structured weakness classification for mobile application", Journal of korea multimedia society Vol. 15, No. 11, 2012.
  8. Jungsook Kim, "Secure Coding for Software Security", The korea contents association Vol. 11, No, 4. 2013.
  9. Ministry of Security and Public Administration, "Software Development Guide", 2012.
  10. Ministry of Security and Public Administration, "Software Security Vulnerability Check Guide", 2012.
  11. Ministry of Security and Public Administration, "Android Secure-Coding Guide", 2011.
  12. Ministry of Security and Public Administration, "JAva Secure-Coding Guide", 2012.
  13. Ministry of Security and Public Administration, "C Secure-Coding Guide", 2012.
  14. Bob Martin, Mason Brown, Alan Paller, Dennis Kirby, "2011 CWE/SANS Top 25 Most Dangerous Software Errors", 2011.
  15. OWASP, "The Open Web Application Security Project Top 10", 2013.10