• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.79-86
• /
• 2016

Under the influence of software security-enhanced development guidelines announced in 2012, secure coding practices become widely applicable in developing information systems aiming to enhance security capabilities. Although continuous enhancement activities for code security is important, management issues for code security have been less addressed in the guidelines. This paper analyses limitation of secure coding practices from the viewpoint of quality management. In particular this paper suggests structures and the use of software metrics from coding to maintenance phases so that it can be of help in the future by extending the use of security metrics.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.45-52
• /
• 2020

Traditional methods of detecting security vulnerabilities in source-code require a lot of time and effort. If there is good data, the issue could be solved by using the data with machine learning. Thus, this paper proposes a source-code vulnerability detection method based on machine learning. Our method employs the code2vec model that has been used to propose the names of methods, and uses as a data set, Juliet Test Suite that is a collection of common security vulnerabilities. The evaluation shows that our method has high precision of 97.3% and recall rates of 98.6%. And the result of detecting vulnerabilities in open source project shows hopeful potential. In addition, it is expected that further progress can be made through studies covering with vulnerabilities and languages not addressed here.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.11-18
• /
• 2013

In order to prevent tampering and reverse engineering of executive code, this paper propose a new tamper resistant software mechanism. This paper presents a cryptographic MAC function and a relationship which has its security level derived by the importance of code block instead of by merely getting the encryption and decryption key from the previous block. In this paper, we propose a cryptographic MAC function which generates a dynamic MAC function key instead of the hash function as written in many other papers. In addition, we also propose a relationships having high, medium and low security levels. If any block is determined to have a high security level then that block will be encrypted by the key generated by the related medium security level block. The low security block will be untouched due to efficiency considerations. The MAC function having this dynamic key and block relationship will make analyzing executive code more difficult.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.437-447
• /
• 2023

Memory protection has been researched for decades for program execution protection. ARM recently developed a newhardware security feature to protect memory that was applied to real hardware. However, there are not many hardware withhardware memory protection feature and research has not been actively conducted yet. We perform diagnostics on howandhow it works on real hardware, and on security, with a new hardware memory protection feature, named 'Pointer Authentication Code'. Through this research, it will be possible to find out the direction, use, and security of future hardware security technologies and apply to the program.

• Journal of Advanced Navigation Technology
• /
• v.12 no.5
• /
• pp.451-463
• /
• 2008

There are management and security of software source code equivalent to 10 assembly lines of important infrastructure in the early stage of information society directly. A support technology and framework to protect software source code are so poor state In this paper, the proposed model that is support protection and access control between software source code as object and subject that is not authenticated safely was named CRYPTEX model. And we propose active business model to provide delegate, mobile, and security/access control function for passive software source code in document state using CRYPTEX.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.223-226
• /
• 2013

Information security breaches caused by malicious code is arising in various forms with exponential growth. The latest information security threats on computers are increasing, especially on smartphone, which has enabled malicious code to quickly surge. As a result, the leakage of personal information, such as billing information, is under threat. Meanwhile the attack vector o smartphone malware is difficult to detect. In this paper, we propose a smartphone security system to respond to the spread of malicious code by iPhone and Android OS-based malware analysis.

• Journal of information and communication convergence engineering
• /
• v.16 no.3
• /
• pp.153-159
• /
• 2018

In this paper, we present a three-dimensional (3D) optical encryption technique for quick response (QR) code using computational synthesized integral imaging, computational volumetric reconstruction, and double random phase encryption. Two-dimensional (2D) QR code has many advantages, such as enormous storage capacity and high reading speed. However, it does not protect primary information. Therefore, we present 3D optical encryption of QR code using double random phase encryption (DRPE) and an integral imaging technique for security enhancement. We divide 2D QR code into four parts with different depths. Then, 2D elemental images for each part of 2D QR code are generated by computer synthesized integral imaging. Generated 2D elemental images are encrypted using DRPE, and our method increases the level of security. To validate our method, we report simulations of 3D optical encryption of QR code. In addition, we calculated the peak side-lobe ratio (PSR) for performance evaluation.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1998.12a
• /
• pp.537-545
• /
• 1998

This paper is the research about a joint coding system of source and channel coding using VF(Variable-to-fixed length) arithmetic code and BCH code. We propose a VF arithmetic coding method with EDC( Error Detecting Capability) and a joint coding method in that the VF arithmetic coding method with EDC is combined with BCH code. By combining both the VF arithmetic code with EDC and BCH code. the proposed joint coding method corrects a source codeword with t-errors in decoding of BCH code and carries out a improvement of the EDC of a codeword with more than (t＋1)-errors in decoding of the VF arithmetic coding with EDC. We examine the performance of the proposed method in terms of compression ratio and EDC.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.1231-1245
• /
• 2015

People have transferred their business model from traditional commerce to e-commerce in recent decades. Both shopping and payment can be completed through the Internet and bring convenience to consumers and business opportunities to industry. These trade techniques are mostly set up based on the Secure Sockets Layer (SSL). SSL provides the security for transaction information and is easy to set up, which makes it is widely accepted by individuals. Although attackers cannot obtain the real content even when the transferred information is intercepted, still there is risk for online trade. For example, it is impossible to prevent credit card information from being stolen by virtual merchant. Therefore, we propose a new mechanism to solve such security problem. We make use of the disposable dynamic security code (DSC) to replace traditional card security code. So even attackers get DSC for that round of transaction, they cannot use it for the next time. Besides, we apply visual secret sharing techniques to transfer the DSC, so that interceptors cannot retrieve the real DSC even for one round of trade. This way, we can improve security of credit card transaction and reliability of online business. The experiments results validate the applicability and efficiency of the proposed mechanism.

• International journal of advanced smart convergence
• /
• v.5 no.3
• /
• pp.66-71
• /
• 2016

Smart building gate security control system using smartphone integrated with near field communication (NFC) has become part of daily life usage these days. The technology change in replacing RF NFC device using visible light communication technology based approach growing faster in recent days. This paper propose a design and development of gate security control system using color code based user authentication ID generation as part of an intelligent access control system to control automatic door open and close. In this approach gate security access control use the recent visible light communication technology trends to transfer the user specific authentication code to door access control system using color code on smartphone screen. Using a camera in the door access control system (ACS), color codes on smartphone screens are detected and matched to the database of authenticated user to open the door automatically in gate security system. We measure the visual light communication technology efficiency as a part of the research and the experiments have revealed that more than 95% users authenticated correctly at the suggested experiment environment on gate security control system.