• Journal of Aerospace System Engineering
• /
• v.16 no.2
• /
• pp.13-24
• /
• 2022

As the scale of airborne system software increases, the use of OOT (Object-Oriented Technology) is increasing for functional expansion, efficient development, and code reuse, but the verification method for airborne object-oriented software is conducted from the perspective of the existing procedure-oriented program. The purpose of this paper was to analyze the characteristics of OOT and the vulnerabilities derived from the functional characteristics of OOT, and present a verification method applicable to each software development process (Design, Coding and Testing) to ensure the functional safety integrity of aviation software to which OOT is applied. Additionally, we analyzed the meaning of the static analysis results among the step-by-step verification measures proposed by applying LDRA, a static analysis automation tool, to PX4, an open source used to implement flight control software.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.845-853
• /
• 2022

As the memory capacity of smartphone increases, the type and amount of privacy stored in the smartphone is also increasing. but recently there is an increasing possibility that various personal information such as photos and videos of smartphones may be leaked due to malicious apps by malicious attackers or other people such as repair technicians. This paper analyzed and studied the security and vulnerability of these vault apps by analyzing the cryptography algorithm and data protection function. We analyzed 5.3.7(June 13, 2022) and 3.3.2(December 30, 2020) versions of AppLock, the most downloaded information-hidding apps registered with Google Play, and found various vulnerabilities. In the case of access control, there was a vulnerability in that values for encrypting patterns entered by users were hardcoded into plain text in the source code, and encrypted pattern values were stored in xml files. In addition, in the case of the vault function, there was a vulnerability in that the files and log files for storing in the vault were not encrypted.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.2
• /
• pp.119-126
• /
• 2024

The IISS(Integrated Interface Storage System) software performs the function of transmitting tactical domain messages of Combat Management System for interface analysis of Naval Combat System. The source code is relatively large because the IISS software handles most messages. The modifications of source code of the IISS software occur frequently due to changes in interconnected equipment and messages. Therefore, additional effort and cost are required during the development process. In this paper, we studied standardization of the IISS software to improve reusability. Through the feature model, the components of the IISS software were divided by function and modification elements were separated. And the structure of the IISS software was improved by applying design patterns. As a result, it was possible to minimize modifications of the IISS software by changes in interconnected equipment and messages and a reduction in development costs could be expected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.437-447
• /
• 2018

Virtual Reality (VR) is becoming a new standard in the game industry. PokeMon GO is a representative example of VR technology. The day after the launch of PokeMon Go in the U.S, It has achieved the highest number of iOS App Store downloads. This is an example of the power of VR. VR comprises gyroscopes, acceleration, tactile sensors, and so on. This allow users could be immersed in the game. As new technologies emerge, new and different threats are created. So we need to research the security of VR technology and game system. In this paper, we conduct a threat analysis for information assurance of VR device (Oculus Rift) and game system (Quake). We systematically analyze the threats (STRIDE, attack library, and attack tree). We propose security measures through DREAD. In addition, we use Visual Code Grepper (VCG) tool to find out logic errors and vulnerable functions in source code, and propose a method to solve them.

• Journal of Navigation and Port Research
• /
• v.36 no.5
• /
• pp.363-370
• /
• 2012

Recently, International Maritime Organization has been developing e-navigation implementation strategy plan, which is focused on various services for vessel safety navigation. Then, different kinds of software will be developed in maritime area and with this, the quality issues are to be expected becoming more important. In this paper, we adopt software refactoring techniques to reduce the complexity of structure on source code level. It makes software program more effective to understand and modify, without any change of outward behavior. The existing AIS broadcast server program is used as an example for our trial, and calculating coupling and cohesion metric are introduced to analyze the refactoring effect, taking account of the maintainability of IEC/ISO9126 software quality standards.

• Journal of the Korean Geotechnical Society
• /
• v.37 no.9
• /
• pp.13-24
• /
• 2021

Recently, attempts have been made to detect fouling patterns in the ground using Ground Penetrating Radar (GPR) during the maintenance of gravel ballast railway tracks. However, dealing with GPR signal data obtained with a large amount of noise in a site where complex ground conditions are mixed, often depends on the experience of experts, and there are many difficulties in precise analysis. Therefore, in this study, a numerical modeling technique that can quantitatively simulate the GPR signal characteristics according to the degree of fouling of the gravel ballast material was proposed using python-based open-source code gprMax and RSA (Random sequential Absorption) algorithm. To confirm the accuracy of the simulation model, model tests were manufactured and the results were compared to each other. In addition, the identification of the fouling layer in the model test and analysis by various test conditions was evaluated and the results were analyzed.

• Journal of Industrial Convergence
• /
• v.21 no.3
• /
• pp.181-188
• /
• 2023

The e-Government standard framework provides overall technologies such as reuse of common components for web environment development such as domestic government/public institutions, connection of standard modules, and resolution of dependencies. However, in a standardized development environment, there is a possibility of updating old versions according to core versions and leakage of personal and confidential information due to hacking or computer viruses. This study directly analyzes security vulnerabilities focusing on websites that operate eGovFrame in Korea. As a result of analyzing/classifying vulnerabilities at the internal programming language source code level, five items associated with representative security vulnerabilities could be extracted again. As a countermeasure against this, the security settings and functions through the 2 steps (1st and 2nd steps) and security policy will be explained. This study aims to improve the security function of the e-government framework and contribute to the vitalization of the service.

• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.10
• /
• pp.221-230
• /
• 2020

Supercomputer that shares limited resources to multiple users needs a way to optimize the execution of application. For this, it is useful for system administrators to get prior information and hint about the applications to be executed. In most high-performance computing system operations, system administrators strive to increase system productivity by receiving information about execution duration and resource requirements from users when executing tasks. They are also using profiling techniques that generates the necessary information using statistics such as system usage to increase system utilization. In a previous study, we have proposed a scheduling optimization technique by developing a hardware performance counter-based profiling technique that enables characterization of applications without further understanding of the source code. In this paper, we constructed a profiling testbed cluster to support optimal execution of the supercomputer and experimented with the scalability of the profiling method to analyze application characteristics in the built cluster environment. Also, we experimented that the profiling method can be utilized in actual scheduling optimization with scalability even if the application class is reduced or the number of nodes for profiling is minimized. Even though the number of nodes used for profiling was reduced to 1/4, the execution time of the application increased by 1.08% compared to profiling using all nodes, and the scheduling optimization performance improved by up to 37% compared to sequential execution. In addition, profiling by reducing the size of the problem resulted in a quarter of the cost of collecting profiling data and a performance improvement of up to 35%.

• The KIPS Transactions:PartD
• /
• v.13D no.6 s.109
• /
• pp.823-832
• /
• 2006

The Purpose of Similarity(Reproduction) Degree Appraisal is to determine the equality or similarity between two programs and it is a system that presents the technical grounds of judgment which is necessary to support the resolution of software intellectual property rights through expert eyes. The most important things in proceeding software appraisal are not to make too much of expert's own subjective judgment and to acquire the accurate-appraisal results. However, up to now standard research and development for its systematic techniques are not properly made out and as different expert as each one could approach in a thousand different ways, even the techniques for software appraisal types have not exactly been presented yet. Moreover, in the analyzing results of all the appraisal cases finished before, through a practical way, we blow that there are some damages on objectivity and accuracy in some parts of the appraisal results owing to the problems of existing appraisal procedures and techniques or lack of expert's professional knowledge. In this paper we present the model for the standardization of software-similarity-appraisal techniques and objective-evaluation methods for decreasing a tolerance that could make different results according to each expert in the same-evaluation points. Especially, it analyzes and evaluates the techniques from various points of view concerning the standard appraisal process, setting a range of appraisal, setting appraisal domains and items in detail, based on unit processes, setting the weight of each object to be appraised, and the degree of logical and physical similarity, based on effective solutions to practical problems of existing appraisal techniques and their objective and quantitative standardization. Consequently, we believe that the model for the standardization of software-similarity-appraisal techniques will minimizes the possibility of mistakes due to an expert's subjective judgment as well as it will offer a tool for improving objectivity and reliability of the appraisal results.

• Journal of The Korean Association of Information Education
• /
• v.15 no.3
• /
• pp.375-385
• /
• 2011

Computer education is moving its focus from skill oriented education to improving students' creativity and problem solving ability. Thus, the importance of programming education is being strengthened. However, programming education was biased to grammar oriented language that has been limits of students' interest. Robot programming is problem solving itself, and by allowing students to directly see the robot which is the output of programming, can help interest and motivate to the students. In fact, it is still observed that the students are facing difficulties due to various kinds of errors during the programming education. Therefore, this study categorizes and analyzes the errors students are facing during robot programming, and based on that, a support tool to help treat errors developed. The developed supporting system for error solving reduces the frequency of errors and provides the set of coding instruction, NXC language and error message in Korean, examples and detailed information for each stage of education, function removing major coding errors, and code sorting and indication of row number. This study also confirmed that the supporting tool is helpful in reducing and solving errors after input.