• Title/Summary/Keyword: Secure Coding

Search Result 62, Processing Time 0.151 seconds

Analyzing Secure Coding Initiatives: An Ecosystem Approach (secure coding 제도의 생태계 차원의 분석)

  • Kim, Sung Kun;Lee, Jae-Il
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.5
    • /
    • pp.1205-1216
    • /
    • 2012
  • The Korea government has recently announced that secure coding is going to be required when building e-government systems. As its initial effort to enhance the security level of e-government applications, it should be highly valued. In its implementation, however, there are some problematic areas or issues that are expected and need to be supplemented. In this regards, we attempt to analyze the Secure Coding Initiatives and derive some problems using an ecosystem approach. Furthermore, a set of institutional suggestions are made in an effort to get over the problems.

A Study on Self Assessment of Mobile Secure Coding (모바일 시큐어코딩 자가평가(M-SCSA) 방법에 대한 연구)

  • Kim, Dong-Won;Han, Keun-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.4
    • /
    • pp.901-911
    • /
    • 2012
  • The removal of security vulnerabilities during the developmental stage is found to be much more effective and much more efficient than performing the application during the operational phase. The underlying security vulnerabilities in software have become the major cause of cyber security incidents. Thus, secure coding is drawing much attention for one of its abilities includes minimizing security vulnerabilities at the source code level. Removal of security vulnerabilities at the software's developmental stage is not only effective but can also be regarded as a fundamental solution. This thesis is a research about the methods of Mobile-Secure Coding Self Assessment in order to evaluate the security levels in accordance to the application of mobile secure coding of every individual, groups, and organizations.

Issues and Improvements of Secure Coding for Preventing Cyber Crime: Focus on the Private Company Systems (사이버범죄예방을 위한 시큐어 코딩 적용 문제점과 시사점: 민간기업 시스템을 중심으로)

  • Choi, Kwan
    • Convergence Security Journal
    • /
    • v.18 no.2
    • /
    • pp.69-76
    • /
    • 2018
  • The purpose of this study is to prevent cyber crime in private company systems by applying secure coding and identify its problems. Three experiments were conducted. In Experiment 1, a security manager was participated and gave advise to the developer to follow secure coding guidelines. In Experiment 2, a security manager did not participate, but let the developer himself committed on secure coding. In Experiment 3, a security manager provided reports on weaknesses of each package source to the developer and the developer was only focused on source development. The research results showed that the participation of a security manager on development raised secure coding compliance rate and finished the project within a given periods. Furthermore, it was better to entrust a security manager with the task of following the secure coding guide than the developer, which raised secure coding compliance rate and achieved project objectives faster. Further implications were discussed.

  • PDF

An Analysis of the Importance among the Items in the Secure Coding used by the AHP Method (AHP기법을 이용한 시큐어 코딩의 항목 간 중요도 분석)

  • Kim, Chi-Su
    • Journal of Digital Convergence
    • /
    • v.13 no.1
    • /
    • pp.257-262
    • /
    • 2015
  • The ministry of security and public administration provide the secure coding guide that can remove the vulnerability of applications and defend cyber attack from the coding step because cyber attack like the hacking about 75% abusing the vulnerability of applications. In this paper we find the oder of priority and did the criticality analysis used by AHP about 7 items in the secure coding which the ministry of security and public administration provide. The result is decided that 'exception handling' is the most important item. There is no secure coding items in software supervision currently, therefore the result of the research will make good use audit standards in the process of the software development.

Application of Machine Learning Techniques for the Classification of Source Code Vulnerability (소스코드 취약성 분류를 위한 기계학습 기법의 적용)

  • Lee, Won-Kyung;Lee, Min-Ju;Seo, DongSu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.735-743
    • /
    • 2020
  • Secure coding is a technique that detects malicious attack or unexpected errors to make software systems resilient against such circumstances. In many cases secure coding relies on static analysis tools to find vulnerable patterns and contaminated data in advance. However, secure coding has the disadvantage of being dependent on rule-sets, and accurate diagnosis is difficult as the complexity of static analysis tools increases. In order to support secure coding, we apply machine learning techniques, such as DNN, CNN and RNN to investigate into finding major weakness patterns shown in secure development coding guides and present machine learning models and experimental results. We believe that machine learning techniques can support detecting security weakness along with static analysis techniques.

Communal Antecedents in the Adoption of Secure Coding Methodologies

  • Kim, Sung Kun;Kim, Ji Young
    • Asia pacific journal of information systems
    • /
    • v.26 no.2
    • /
    • pp.231-246
    • /
    • 2016
  • Technology acceptance model has demonstrated that technology adoption behavior can be explained by two user belief constructs: perceived usefulness and perceived ease of use. A number of studies have explored how these beliefs develop by utilizing primarily individual-level antecedents. However, because innovation and new techniques bear a direct relation to social concerns, non-individual antecedents may be necessary. Therefore, in this study, social and organizational supports are used to understand how software developers foster beliefs regarding secure coding practices. We compiled data from 83 software developers to evaluate the technology acceptance model. Our findings show that these collective antecedents can effectively explain user belief constructs and the intention to adopt secure coding methodologies. These findings imply that society and organizations offering more concrete support programs will experience smoother deployment of security-enhancing measures.

A Study on a Secure Coding Library for the Battlefield Management System Software Development (전장정보체계 SW 개발을 위한 시큐어 코딩 라이브러리에 관한 연구)

  • Park, Sanghyun;Kim, Kwanyoung;Choi, Junesung
    • Journal of IKEEE
    • /
    • v.22 no.2
    • /
    • pp.242-249
    • /
    • 2018
  • In this paper, we identify the code vulnerabilities that can be automatically detected through Visual Studio (VS) compiler and code analyzer based on a secure coding rule set which is optimized for development of battlefield information system. Then we describe a weak point item that can be dealt with at the implementation stage without depending on the understanding or ability of the individual programmer's secure coding through the implementation of the secure coding library. Using VS compiler and the code analyzer, the developers can detect only about 38% of security weaknesses. But with the help of the proposed secure coding library, about 48% of security weaknesses can be detected and prevented in the proactive diagnosis in the development stage.

Evaluation Method Using Analytic Hierarchy Process for C4I SW Secure Coding Rule Selection (계층분석기법을 활용한 전장관리정보체계 소프트웨어 시큐어 코딩룰 선정 평가 방안)

  • Choi, June-Sung;Kim, Woo-Je;Park, Won-Hyung;Kook, Kwang-Ho
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38C no.8
    • /
    • pp.651-662
    • /
    • 2013
  • In this study, we suggest the selecting evaluation method considering 6 major factors like Compliance system application (Development language conformance, Platform Compliance), threat evaluation (criticality of security incident, possibility of security incident), application benefit (Reliability / quality improvement, Modify Cost) for appropriate secure coding rule selecting evaluation. Using this method, we selected and make a set consist of 197 secure coding rules for Battlefield Management System Software. And calculated the application priority for each rules.

Secure Coding guide support tools design for SW individual developers (SW 개인 개발자를 위한 Secure_Coding 가이드 지원 도구 설계)

  • Son, Seung-wan;Kim, Kwang-seok;Choi, Jeong-won;Lee, Gang-soo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.05a
    • /
    • pp.595-598
    • /
    • 2014
  • The cyber attacks of recent attacks that target zero-day exploit security vulnerabilities before the security patch is released (Zero Day) attack, the web site is without the Lord. These attacks, those that use the vulnerability of security that is built into the software itself is in most cases, cyber attacks that use the vulnerability of the security of the source code, in particular, has a characteristic response that are difficult to security equipment. Therefore, it is necessary to eliminate the security vulnerability from step to implement the software to prevent these attacks. In this paper, we try to design a Secure Coding Guide support tool to eliminate the threat of security from the stage of implementation.

  • PDF

A Design of a Korean Programming Language Ensuring Run-Time Safety through Categorizing C Secure Coding Rules (C 시큐어 코딩 규칙 분류를 통한 실행 안전성을 보장하는 한글 언어 설계)

  • Kim, Yeoneo;Song, Jiwon;Woo, Gyun
    • Journal of KIISE
    • /
    • v.42 no.4
    • /
    • pp.487-495
    • /
    • 2015
  • Since most of information is computerized nowadays, it is extremely important to promote the security of the computerized information. However, the software itself can threaten the safety of information through many abusive methods enabled by coding mistakes. Even though the Secure Coding Guide has been proposed to promote the safety of information by fundamentally blocking the hacking methods, it is still hard to apply the techniques on other programming languages because the proposed coding guide is mainly written for C and Java programmers. In this paper, we reclassified the coding rules of the Secure Coding Guide to extend its applicability to programming languages in general. The specific coding guide adopted in this paper is the C Secure Coding Guide, announced by the Ministry of Government Administration and Home Affairs of Korea. According to the classification, we applied the rules of programming in Sprout, which is a newly proposed Korean programming language. The number of vulnerability rules that should be checked was decreased in Sprout by 52% compared to C.