• Journal of KIISE
• /
• v.42 no.7
• /
• pp.860-867
• /
• 2015

In the defense field, weapon systems are increasing in importance, as well as the weight of the weapon system embedded software development as an advanced technology. As the development of a network-centric warfare has become important to secure the reliability and quality of embedded software in modern weapons systems in battlefield situations. Also, embedded software problems are transferred to the production stage in the development phase and the problem gives rise to an enormous loss at the national level. Furthermore, development companies have not systematically constructed a software reliability test. This study suggests that approaches about a qualityverification- system establishment of embedded software, based on a variety of source code reliability test verification case analysis.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.45-52
• /
• 2020

Traditional methods of detecting security vulnerabilities in source-code require a lot of time and effort. If there is good data, the issue could be solved by using the data with machine learning. Thus, this paper proposes a source-code vulnerability detection method based on machine learning. Our method employs the code2vec model that has been used to propose the names of methods, and uses as a data set, Juliet Test Suite that is a collection of common security vulnerabilities. The evaluation shows that our method has high precision of 97.3% and recall rates of 98.6%. And the result of detecting vulnerabilities in open source project shows hopeful potential. In addition, it is expected that further progress can be made through studies covering with vulnerabilities and languages not addressed here.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.07a
• /
• pp.75-76
• /
• 2015

본 논문에서는 S/W 개발 보안 지침을 알려준다. S/W 개발 보안에서 S/W의 보안 취약점 유형에 대하여 설명한다. S/W 보안 취약점 유형인 입력 데이터 검증 및 표현, API 악용, 보안 특성, 시간 및 상태, 에러처리 코드품질, 그리고 캡슐화에 대하여 설명하도록 한다. 즉, 본 논문에서는 보안 취약점에 대한 소스코드 레벨에서의 대응조치에 대한 가이드를 제시하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.629-632
• /
• 2017

국내 대기업들은 충분한 SW테스팅으로 SW의 품질과 안정성을 점검하고 있다. 반면, 중소기업들은 부족한 인력과 비싼 상용 테스팅 도구 등으로 테스팅 환경이 어려운 실정이다. 이로 인한 테스트 부족 속에서 SW제품을 출시한다. 이 논문에서는 이런 문제의 해결방안 중 하나로 개발자가 코드 내부의 복잡도를 측정하여 잠재적인 오류를 줄이는데 초점을 둔다. 이를 위해 공개 소스프트웨어 기반의 도구 개선 제안 및 가시화 구현을 하였다. 즉, 벤처/중소 기업의 개발자들에게 각각 품질 요소들의 가시화 서비스가 가능하다. 이는 코드 내부의 결합력/응집력/복잡도/재사용 등의 가시적 모듈화로 SW품질 개선이 가능하다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.605-615
• /
• 2018

Due to the rapid growth of the Internet of Things market, the use of the C/C++ language, which is the most widely used language in embedded systems, is also increasing. To improve the quality of code in the C/C++ language and reduce development costs, it is better to use static analysis, a software verification technique that can be performed in the first half of the software development life cycle. Many programs use static analysis to verify software safety and many static analysis tools are being used and studied. In this paper, we use Clang static analysis tool to check security weakness detection performance of verified test code. In addition, we compared the static analysis results of the test codes applied with the source obfuscation techniques, layout obfuscation, data obfuscation, and control flow obfuscation techniques, and the static analysis results of the original test codes, Analyze the detection ability impact of the Clang static analysis tool.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.477-480
• /
• 2016

최근 소프트웨어 시장의 규모와 위상은 급속도로 성장하고 있다. 하지만 커지는 산업에 비해서 소프트웨어의 품질에 대한 인식은 아직 미흡하다. 국내 중소기업의 경우 인력, 비용 등의 여러 측면에서 어려움이 존재한다. 구현 중심의 개발이 이루어지면서 소프트웨어의 품질보다 빠른 개발에 초점을 두어 저 품질의 소프트웨어를 양산하고 있다. 본 논문에서는 이를 해결하기 위한 가시화를 통해 나쁜 코딩 습관을 개선하여 소프트웨어의 품질향상을 도모한다. 가시화를 통해 소스 코드에서 개선되어야 할 부분을 찾아내 소프트웨어의 품질을 향상시킬 수 있을 것으로 기대한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.203-206
• /
• 2010

임베디드 소프트웨어의 소스 코드에 대한 품질 검증은 매우 중요한 사항이다. 이에 다양한 시험을 통해 요구되는 품질 속성을 만족하기 위해 노력한다. 본 연구에서는 이러한 품질 확보 활동의 일환으로 구현 단계에서 진행하는 코드리뷰에 코딩 표준을 적용한 사례를 소개한다. 코딩 표준에 대한 다양한 연구와 도메인 내의 결함 분석을 통해 몇 가지의 코딩 표준을 제안하였으며, 이를 조직에 적용하기 위한 고려사항을 언급하였다. 마지막으로 적용 결과에 대해 분석하여 향후 진행될 방향으로 마무리 지었다.

• The KIPS Transactions:PartD
• /
• v.15D no.6
• /
• pp.825-840
• /
• 2008

Refactoring is a kind of software modification process that improves system qualities internally but maintains system functions externally. What should be improved on the existing source codes should take precedence over the others in such a modification process using this refactoring. Martin Fowler and Kent Beck proposed a method that identifies code smells for this purpose. Also, some studies on determining what refactoring will be applied to which targets through detecting code smells in codes were presented. However, these studies have a lot of disadvantages that show a lack of precise description for such code smells and detect limited code smells only. In addition, these studies showed other disadvantages that generate ambiguity in behavior preservation due to the fact that a description method of pre-conditions for the behavior preservation is included in a refactoring process or unformalized. Thus, our study represents a precise specification of code smells using OCL and proposes a framework that performs a refactoring process through the automatic detection of code smells using an OCL interpreter. Furthermore, we perform the automatic detection in which the code smells are be specified by using OCL to the java program and verify its applicability and effectivity through applying a refactoring process.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.11
• /
• pp.257-270
• /
• 2022

This paper analyzes the effect of profit incentives within the setting of bounty open source project. A simple decision-making model based on classical utility maximization is presented for open source developers that includes income effects from the bounty prize. We then simulate the decisions of multiple developers to assess the effect from the bounty prize. Our result shows that learning costs can greatly reduce the software quality improvement benefit from bounty project. It also suggests that open source projects can benefit more when they have multiple small bounty projects than a single large bounty project since it reduces the learning cost and the opportunity cost for the open source developers.

• Journal of KIISE:Software and Applications
• /
• v.29 no.8
• /
• pp.555-564
• /
• 2002

Design patterns are used to utilize well-defined design information. As using these design patterns, we can get re-use in object-oriented paradigm, decrease the time of development and improvement the quality of software. Although these design patterns are widely used among practice, most of design patterns information is manually used, inconsistent and its utilization could be very low. Because the design patterns information that a designer applies does not appear in software, it is sometimes difficult to track them. In this paper, we propose a tool support for design pattern-oriented software development. This tool supports design pattern management, software design and automatic source code generation. The design pattern management has the function for storing, managing and analyzing the existing design pattern and registering new design pattern. The software design has the function for software design with UML and automatically generate design pattern elements. By using this design information, this system can automatically generate source code. In the result to include the tracking design pattern element that is not Included In the existing CASE tools into design information, we can build the stable and efficient system that provides to analyse software, manage design pattern and automatically generate source code.