• Title/Summary/Keyword: SW보안

Search Result 119, Processing Time 0.029 seconds

The Research for Cyber Security Experts (소프트웨어 취약점의 보안성 강화를 위한 연구)

  • Kim, Seul-gi;Park, Dea-woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.10a
    • /
    • pp.347-350
    • /
    • 2016
  • Analysis of vulnerability of the software for risk. The weakness of the software material, the importance of strengthening security in accordance with financial damage occurred is emerging. There is a potential risk factor not only from the case, the manufacturing to use the software company that appropriate to use a software business and personal risk of loss to size.In this paper due to diagnose and vulnerabilities in software, diagnosis, the curriculum and to cultivate a diagnostic guide, and security vulnerabilities in software.Proposal system for increased.

  • PDF

Analysis of Memory Security Vulnerability in Autonomous Vehicles (자율주행차 메모리 보안 취약점 분석)

  • Seok-Hyun Hong;Tae-Wook Kim;Jae-Won Baek;Yeong-Pil Cho
    • Annual Conference of KIPS
    • /
    • 2023.05a
    • /
    • pp.116-118
    • /
    • 2023
  • 자율주행차가 제공하는 새로운 시장과 경쟁력, 인력 및 시간 절약, 교통 체증 문제 해결 등의 장점을 다루고, UN 사이버 보안 법률에 따른 자율주행차의 기술적인 요구사항을 준수해야 한다. 하지만 자율주행차에 대한 기술적인 요구사항을 준수하는 것으로는 모든 사이버 공격에 대해서 막을 수 없다. 자율주행차의 법적 요구사항과 사이버 보안 위협에 대처하는 방법을 다룬다. 특히 RTOS(Real Time OS)와 같은 실시간 시스템에 매우 위험할 수 있는 DRAM(Dynamic Random Access Memory)에 대한 로우해머링 공격 기법에 대해 분석하고 로우해머링에 대한 보안 방법을 제시한다. 그리고 자율 주행 시스템의 안전과 신뢰성을 보장하기 위해 하드웨어 기반 또는 소프트웨어 기반 방어 기술을 소개하고 있다.

Case Analysis of Legal System and Regulations according to the Needs of S/W Development Security (S/W 개발 보안의 필요성에 따른 법 제도 및 규정 사례 분석)

  • Shin, Seong-Yoon;Jeong, Kil-Hyun
    • Journal of the Korea Society of Computer and Information
    • /
    • v.19 no.10
    • /
    • pp.117-124
    • /
    • 2014
  • Software Development Security is defined as a sequential procedure such as deleting potential security vulnerability for secure software development, designing or implementing various functions with considering security, and so on. In this paper, we research on domestic or international hacking cases that could damage us mentally or financially. Seventy five percent of Web-site attacks abuses weak points of application programs, or software. We also research on major issues related to software development security with these demerits. And then, we propose public and private laws, regulations, or systems and give some examples with detailed descriptions.

Data Security Technology for the Desktop Virtualization Environment using the Graphic Offloading (SW 분할 실행을 이용한 데스크탑 가상화 환경에서 데이터 보안 기술)

  • Chung, Moonyoung;Choi, Won-Hyuk;Jang, Su-Min;Yang, Kyung-Ah;Kim, Won-Young;Choi, Jihoon
    • KIISE Transactions on Computing Practices
    • /
    • v.20 no.10
    • /
    • pp.555-560
    • /
    • 2014
  • This paper proposes the data security technology for the desktop virtualization environment using the separated software execution method. In the virtual environment where allocates separate VMs to the users, there is a benefit that the programs in one guest machine are isolated from the programs running in another guest machine, whereas in the separated execution environment that supports application virtualization, the isolation is not offered and it causes the data security problem because the applications are executed by the one root privilege in the server. To solve this problem, we provides the data security method using the server storage filter, the viewer filter, and the file mapping table in this paper.

Secure Coding guide support tools design for SW individual developers (SW 개인 개발자를 위한 Secure_Coding 가이드 지원 도구 설계)

  • Son, Seung-wan;Kim, Kwang-seok;Choi, Jeong-won;Lee, Gang-soo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.05a
    • /
    • pp.595-598
    • /
    • 2014
  • The cyber attacks of recent attacks that target zero-day exploit security vulnerabilities before the security patch is released (Zero Day) attack, the web site is without the Lord. These attacks, those that use the vulnerability of security that is built into the software itself is in most cases, cyber attacks that use the vulnerability of the security of the source code, in particular, has a characteristic response that are difficult to security equipment. Therefore, it is necessary to eliminate the security vulnerability from step to implement the software to prevent these attacks. In this paper, we try to design a Secure Coding Guide support tool to eliminate the threat of security from the stage of implementation.

  • PDF

BSIMM을 통해 살펴본 보안성숙도모델의 분석

  • Seo, Dongsu
    • Review of KIISC
    • /
    • v.26 no.1
    • /
    • pp.48-53
    • /
    • 2016
  • 최근 들어 보안사고의 대응 방식이 네트워크 보안이나 운영체제 보안과 같은 전통적인 방법에서 벋어나 개발생명주기보안이나 SW 공급망 보안으로 확대되고 있다. 이러한 흐름에서 주목받는 것이 BSIMM과 같은 소프트웨어 보안성숙도 모델이다. 보안성숙도 모델은 소프트웨어 시스템의 보안성 향상을 위해 관리자와 개발자가 중점을 두어야 할 부분을 스스로 평가할 수 있도록 하는 프레임워크이다. 본 고에서는 BSIMM을 통해 보안성숙도 모형이 갖는 특징을 소개하며, 이의 활용에 대해 살펴본다.

Technology Analysis on Automatic Detection and Defense of SW Vulnerabilities (SW 보안 취약점 자동 탐색 및 대응 기술 분석)

  • Oh, Sang-Hwan;Kim, Tae-Eun;Kim, HwanKuk
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.18 no.11
    • /
    • pp.94-103
    • /
    • 2017
  • As automatic hacking tools and techniques have been improved, the number of new vulnerabilities has increased. The CVE registered from 2010 to 2015 numbered about 80,000, and it is expected that more vulnerabilities will be reported. In most cases, patching a vulnerability depends on the developers' capability, and most patching techniques are based on manual analysis, which requires nine months, on average. The techniques are composed of finding the vulnerability, conducting the analysis based on the source code, and writing new code for the patch. Zero-day is critical because the time gap between the first discovery and taking action is too long, as mentioned. To solve the problem, techniques for automatically detecting and analyzing software (SW) vulnerabilities have been proposed recently. Cyber Grand Challenge (CGC) held in 2016 was the first competition to create automatic defensive systems capable of reasoning over flaws in binary and formulating patches without experts' direct analysis. Darktrace and Cylance are similar projects for managing SW automatically with artificial intelligence and machine learning. Though many foreign commercial institutions and academies run their projects for automatic binary analysis, the domestic level of technology is much lower. This paper is to study developing automatic detection of SW vulnerabilities and defenses against them. We analyzed and compared relative works and tools as additional elements, and optimal techniques for automatic analysis are suggested.

Development of the Wireless Sensor S/W for Wireless Traffic Intrusion Detection/Protection on a Campus N/W (캠퍼스 망에서의 무선 트래픽 침입 탐지/차단을 위한 Wireless Sensor S/W 개발)

  • Choi, Chang-Won;Lee, Hyung-Woo
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.6 s.44
    • /
    • pp.211-219
    • /
    • 2006
  • As the wireless network is popular and expanded, it is necessary to development the IDS(Intrusion Detection System)/Filtering System from the malicious wireless traffic. We propose the W-Sensor SW which detects the malicious wireless traffic and the W-TMS system which filters the malicious traffic by W-Sensor log in this paper. It is efficient to detect the malicious traffic and adaptive to change the security rules rapidly by the proposed W-Sensor SW. The designed W-Sensor by installing on a notebook supports the mobility of IDS in compare with the existed AP based Sensor.

  • PDF

A study on security of smart device for activation of block chain technology of digital contents (디지털 콘텐츠의 블록체인기술 적용 활성화를 위한 스마트디바이스의 개인 정보보안에 대한 연구)

  • Baek, Yeongtae;Min, Youna;Lee, Junghun;Chang, Taemu
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2018.01a
    • /
    • pp.151-152
    • /
    • 2018
  • 본 논문에서는 스마트 디바이스를 통하여 유통되는 디지털 콘텐츠의 합리적 유통과 보안을 위하여 블록체인기술을 적용한 거래방식을 소개하고 블록체인기술 활성화를 위한 스마트 디바이스에서의 개인정보보안 알고리즘을 연구하였다. 특히 권한상승공격을 대비한 알고리즘을 수정하여 연구함으로 스마트 디바이스 상에서의 해킹 및 위변조, 복제에 안정적인 활용이 가능하다. 구현된 알고리즘을 통하여 스마트 디바이스상에서 위변조.해킹의 위협에 대한 주기적인 점검 및 바인더노드를 통한 사전 체크가 가능하다.

  • PDF

Necessity of S/W Development Security (S/W 개발 보안의 필요성)

  • Shin, Seong-Yoon;Kim, Chang-Ho;Jang, Dai-Hyun;Lee, Hyun Chang;Rhee, Yang-Won
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.05a
    • /
    • pp.169-170
    • /
    • 2014
  • Most of the attacks will attempt to exploit the vulnerability of the application website(SW). Cases are also frequently at home and abroad, and to be hacked. In this paper, S/W Development Security sees the main issues dealt with. Security-related laws and regulations to look at the system.

  • PDF