• Title/Summary/Keyword: Secure Coding

Search Result 92, Processing Time 0.033 seconds

Analyzing Secure Coding Initiatives: An Ecosystem Approach (secure coding 제도의 생태계 차원의 분석)

  • Kim, Sung Kun;Lee, Jae-Il
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.5
    • /
    • pp.1205-1216
    • /
    • 2012
  • The Korea government has recently announced that secure coding is going to be required when building e-government systems. As its initial effort to enhance the security level of e-government applications, it should be highly valued. In its implementation, however, there are some problematic areas or issues that are expected and need to be supplemented. In this regards, we attempt to analyze the Secure Coding Initiatives and derive some problems using an ecosystem approach. Furthermore, a set of institutional suggestions are made in an effort to get over the problems.

A Study on Self Assessment of Mobile Secure Coding (모바일 시큐어코딩 자가평가(M-SCSA) 방법에 대한 연구)

  • Kim, Dong-Won;Han, Keun-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.4
    • /
    • pp.901-911
    • /
    • 2012
  • The removal of security vulnerabilities during the developmental stage is found to be much more effective and much more efficient than performing the application during the operational phase. The underlying security vulnerabilities in software have become the major cause of cyber security incidents. Thus, secure coding is drawing much attention for one of its abilities includes minimizing security vulnerabilities at the source code level. Removal of security vulnerabilities at the software's developmental stage is not only effective but can also be regarded as a fundamental solution. This thesis is a research about the methods of Mobile-Secure Coding Self Assessment in order to evaluate the security levels in accordance to the application of mobile secure coding of every individual, groups, and organizations.

New Secure Network Coding Scheme with Low Complexity (낮은 복잡도의 보안 네트워크 부호화)

  • Kim, Young-Sik
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38A no.4
    • /
    • pp.295-302
    • /
    • 2013
  • In the network coding, throughput can be increased by allowing the transformation of the received data at the intermediate nodes. However, the adversary can obtain more information at the intermediate nodes and make troubles for decoding of transmitted data at the sink nodes by modifying transmitted data at the compromised nodes. In order to resist the adversary activities, various information theoretic or cryptographic secure network coding schemes are proposed. Recently, a secure network coding based on the cryptographic hash function can be used at the random network coding. However, because of the computational resource requirement for cryptographic hash functions, networks with limited computational resources such as sensor nodes have difficulties to use the cryptographic solution. In this paper, we propose a new secure network coding scheme which uses linear transformations and table lookup and safely transmits n-1 packets at the random network coding under the assumption that the adversary can eavesdrop at most n-1 nodes. It is shown that the proposed scheme is an all-or-nothing transform (AONT) and weakly secure network coding in the information theory.

An Analysis of the Importance among the Items in the Secure Coding used by the AHP Method (AHP기법을 이용한 시큐어 코딩의 항목 간 중요도 분석)

  • Kim, Chi-Su
    • Journal of Digital Convergence
    • /
    • v.13 no.1
    • /
    • pp.257-262
    • /
    • 2015
  • The ministry of security and public administration provide the secure coding guide that can remove the vulnerability of applications and defend cyber attack from the coding step because cyber attack like the hacking about 75% abusing the vulnerability of applications. In this paper we find the oder of priority and did the criticality analysis used by AHP about 7 items in the secure coding which the ministry of security and public administration provide. The result is decided that 'exception handling' is the most important item. There is no secure coding items in software supervision currently, therefore the result of the research will make good use audit standards in the process of the software development.

Issues and Improvements of Secure Coding for Preventing Cyber Crime: Focus on the Private Company Systems (사이버범죄예방을 위한 시큐어 코딩 적용 문제점과 시사점: 민간기업 시스템을 중심으로)

  • Choi, Kwan
    • Convergence Security Journal
    • /
    • v.18 no.2
    • /
    • pp.69-76
    • /
    • 2018
  • The purpose of this study is to prevent cyber crime in private company systems by applying secure coding and identify its problems. Three experiments were conducted. In Experiment 1, a security manager was participated and gave advise to the developer to follow secure coding guidelines. In Experiment 2, a security manager did not participate, but let the developer himself committed on secure coding. In Experiment 3, a security manager provided reports on weaknesses of each package source to the developer and the developer was only focused on source development. The research results showed that the participation of a security manager on development raised secure coding compliance rate and finished the project within a given periods. Furthermore, it was better to entrust a security manager with the task of following the secure coding guide than the developer, which raised secure coding compliance rate and achieved project objectives faster. Further implications were discussed.

  • PDF

Application of Machine Learning Techniques for the Classification of Source Code Vulnerability (소스코드 취약성 분류를 위한 기계학습 기법의 적용)

  • Lee, Won-Kyung;Lee, Min-Ju;Seo, DongSu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.735-743
    • /
    • 2020
  • Secure coding is a technique that detects malicious attack or unexpected errors to make software systems resilient against such circumstances. In many cases secure coding relies on static analysis tools to find vulnerable patterns and contaminated data in advance. However, secure coding has the disadvantage of being dependent on rule-sets, and accurate diagnosis is difficult as the complexity of static analysis tools increases. In order to support secure coding, we apply machine learning techniques, such as DNN, CNN and RNN to investigate into finding major weakness patterns shown in secure development coding guides and present machine learning models and experimental results. We believe that machine learning techniques can support detecting security weakness along with static analysis techniques.

A Study on the Structured Weakness Classification for Mobile Applications (모바일 애플리케이션을 위한 보안약점 구조화 기법에 대한 연구)

  • Son, Yunsik;Oh, Se-Man
    • Journal of Korea Multimedia Society
    • /
    • v.15 no.11
    • /
    • pp.1349-1357
    • /
    • 2012
  • In recent years, security accidents which are becoming the socially hot issue not only cause financial damages but also raise outflow of private information. Most of the accidents have been immediately caused by the software weakness. Moreover, it is difficult for software today to assure reliability because they exchange data across the internet. In order to solve the software weakness, developing the secure software is the most effective way than to strengthen the security system for external environments. Therefore, suggests that the coding guide has emerged as a major security issue to eliminate vulnerabilities in the coding stage for the prevention of security accidents. Developers or administrators effectively in order to use secure coding coding secure full set of security weaknesses organized structurally and must be managed. And the constant need to update new information, but the existing Secure Coding and Security weakness is organized structurally do not. In this paper, we will define and introduce the structured weakness for mobile applications by the surveys of existing secure coding and coding rules for code analysis tools in Java.

A Design of a Korean Programming Language Ensuring Run-Time Safety through Categorizing C Secure Coding Rules (C 시큐어 코딩 규칙 분류를 통한 실행 안전성을 보장하는 한글 언어 설계)

  • Kim, Yeoneo;Song, Jiwon;Woo, Gyun
    • Journal of KIISE
    • /
    • v.42 no.4
    • /
    • pp.487-495
    • /
    • 2015
  • Since most of information is computerized nowadays, it is extremely important to promote the security of the computerized information. However, the software itself can threaten the safety of information through many abusive methods enabled by coding mistakes. Even though the Secure Coding Guide has been proposed to promote the safety of information by fundamentally blocking the hacking methods, it is still hard to apply the techniques on other programming languages because the proposed coding guide is mainly written for C and Java programmers. In this paper, we reclassified the coding rules of the Secure Coding Guide to extend its applicability to programming languages in general. The specific coding guide adopted in this paper is the C Secure Coding Guide, announced by the Ministry of Government Administration and Home Affairs of Korea. According to the classification, we applied the rules of programming in Sprout, which is a newly proposed Korean programming language. The number of vulnerability rules that should be checked was decreased in Sprout by 52% compared to C.

Communal Antecedents in the Adoption of Secure Coding Methodologies

  • Kim, Sung Kun;Kim, Ji Young
    • Asia pacific journal of information systems
    • /
    • v.26 no.2
    • /
    • pp.231-246
    • /
    • 2016
  • Technology acceptance model has demonstrated that technology adoption behavior can be explained by two user belief constructs: perceived usefulness and perceived ease of use. A number of studies have explored how these beliefs develop by utilizing primarily individual-level antecedents. However, because innovation and new techniques bear a direct relation to social concerns, non-individual antecedents may be necessary. Therefore, in this study, social and organizational supports are used to understand how software developers foster beliefs regarding secure coding practices. We compiled data from 83 software developers to evaluate the technology acceptance model. Our findings show that these collective antecedents can effectively explain user belief constructs and the intention to adopt secure coding methodologies. These findings imply that society and organizations offering more concrete support programs will experience smoother deployment of security-enhancing measures.

A Study on a Secure Coding Library for the Battlefield Management System Software Development (전장정보체계 SW 개발을 위한 시큐어 코딩 라이브러리에 관한 연구)

  • Park, Sanghyun;Kim, Kwanyoung;Choi, Junesung
    • Journal of IKEEE
    • /
    • v.22 no.2
    • /
    • pp.242-249
    • /
    • 2018
  • In this paper, we identify the code vulnerabilities that can be automatically detected through Visual Studio (VS) compiler and code analyzer based on a secure coding rule set which is optimized for development of battlefield information system. Then we describe a weak point item that can be dealt with at the implementation stage without depending on the understanding or ability of the individual programmer's secure coding through the implementation of the secure coding library. Using VS compiler and the code analyzer, the developers can detect only about 38% of security weaknesses. But with the help of the proposed secure coding library, about 48% of security weaknesses can be detected and prevented in the proactive diagnosis in the development stage.