• Title/Summary/Keyword: Secure Coding

Search Result 92, Processing Time 0.033 seconds

A Study on Vulnerability Analysis Techniques for Secure Weapon System Software (안전한 무기체계 소프트웨어를 위한 취약점 분석 기법에 관한 연구)

  • Kim, Jong-Bok;Jo, In-June
    • The Journal of the Korea Contents Association
    • /
    • v.18 no.8
    • /
    • pp.459-468
    • /
    • 2018
  • Cyberattacks on information systems used by applications related to weapon system and organizations associated with national defense put national security at risk. To reduce these threats, continuous efforts such as applying secure coding from the development stage or managing detected vulnerabilities systematically are being made. It also analyzes and detects vulnerabilities by using various analysis tools, eliminates at the development stage, and removes from developed applications. However, vulnerability analysis tools cause problems such as undetected, false positives, and overdetected, making accurate vulnerability detection difficult. In this paper, we propose a new vulnerability detection method to solve these problems, which can assess the risk of certain applications and create and manage secured application with this data.

Open Source Software Security Issues and Applying a Secure Coding Scheme (오픈 소스의 소프트웨어 보안 문제 및 시큐어 코딩 적용방안)

  • Kim, Byoungkuk
    • KIISE Transactions on Computing Practices
    • /
    • v.23 no.8
    • /
    • pp.487-491
    • /
    • 2017
  • Open source software allows the users to freely use, copy, distribute and modify source code without any particular limitations, and this offers the advantages of low entry cost, fast and flexible development, compatibility, reliability and safety. The emergence of many useful open source projects has the advantage of achieving high levels of output with lower costs and time commitment for software development. However, this also increases the risks caused by the security vulnerabilities of the used open source software. There is still no separate process to verify security in using open source software. In this paper, we analyze the security weakness in open source and propose a secure coding scheme in adopting open source, which is known to be highly reliable from a security point of view.

Homomorphic Subspace MAC Scheme for Secure Network Coding

  • Liu, Guangjun;Wang, Xiao
    • ETRI Journal
    • /
    • v.35 no.1
    • /
    • pp.173-176
    • /
    • 2013
  • Existing symmetric cryptography-based solutions against pollution attacks for network coding systems suffer various drawbacks, such as highly complicated key distribution and vulnerable security against collusion. This letter presents a novel homomorphic subspace message authentication code (MAC) scheme that can thwart pollution attacks in an efficient way. The basic idea is to exploit the combination of the symmetric cryptography and linear subspace properties of network coding. The proposed scheme can tolerate the compromise of up to r-1 intermediate nodes when r source keys are used. Compared to previous MAC solutions, less secret keys are needed for the source and only one secret key is distributed to each intermediate node.

Security Policy Model for Secure Transcodable Mechanism (안전한 트랜스코딩 메커니즘을 위한 보안 정책 모델)

  • Moon, Yong-Hyuk;Kwon, Hyeokchan;Seo, Dong-Il;Youn, Chan-Hyun
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2011.11a
    • /
    • pp.958-959
    • /
    • 2011
  • 본 고에서는 최근 주목 받고 있는 비디오 스트리밍 보안 기술과 관련한 ITU-T 표준화 내용에 대하여 살펴보고자 한다. 특히, SVC (Scalable Video Coding) 기술을 위해 제안된 안전한 트랜스코딩 메커니즘 (Secure Transcodable Mechanism)을 위한 보안 정책 모델에 대하여 논의한다.

Applying Secure Coding Standard And Alternatives to problems (시큐어 코명 가이드의 기준과 문제점의 대안)

  • Ryu, Seung-Min
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2018.05a
    • /
    • pp.129-130
    • /
    • 2018
  • 한국 소프트웨어 시장에 맞는 시큐어 코딩 가이드 기준을 설립하고, 이를 통하여 경제적인 비용을 절감 시키는 등 소프트웨어 개발을 효율적이고 안전성을 갖게 하는 것을 목표로 한다.

MDS Coded Caching for Device-to-Device Content Sharing Against Eavesdropping

  • Shi, Xin;Wu, Dan;Wang, Meng;Yang, Lianxin;Wu, Yan
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.9
    • /
    • pp.4484-4501
    • /
    • 2019
  • In this paper, we put forward a delay-aware secure maximum distance separable (MDS) coded caching scheme to resist the eavesdropping attacks for device-to-device (D2D) content sharing by combining MDS coding with distributed caching. In particular, we define the average system delay to show the potential coupling of delay-content awareness, and learn the secure constraints to ensure that randomly distributed eavesdroppers cannot obtain enough encoded packets to recover their desired contents. Accordingly, we model such a caching problem as an optimization problem to minimize the average system delay with secure constraints and simplify it to its convex relaxation. Then we develop a delay-aware secure MDS coded caching algorithm to obtain the optimal caching policy. Extensive numerical results are provided to demonstrate the excellent performance of our proposed algorithm. Compared with the random coded caching scheme, uniform coded caching scheme and popularity based coded caching scheme, our proposed scheme has 3.7%, 3.3% and 0.7% performance gains, respectively.

A Study of Web Application Development Method for Secure Coding Approach Based on SDLC Steps (SDLC 설계절차에 기반한 웹 애플리케이션 시큐어코딩 접근방법 연구)

  • Noh, Si Choon
    • Convergence Security Journal
    • /
    • v.12 no.6
    • /
    • pp.93-99
    • /
    • 2012
  • As the most common application development of software development time, error-free quality, adaptability to frequent maintenance, such as the need for large and complex software challenges have been raised. When developing web applications to respond to software reusability, reliability, scalability, simplicity, these quality issues do not take into account such aspects traditionally. In this situation, the traditional development methodology to solve the same quality because it has limited development of new methodologies is needed. Quality of applications the application logic, data, and architecture in the entire area as a separate methodology can achieve your goals if you do not respond. In this study secure coding, the big issue, web application factors to deal with security vulnerabilities, web application architecture, design procedure is proposed. This proposal is based on a series of ISO/IEC9000, a web application architecture design process.

Android-based mobile messenger application vulnerability analysis and secure coding method (안드로이드 기반 모바일 메신저 취약점 분석 및 시큐어 코딩 적용방안)

  • Paik, Chan Ho;Sun, Jong Min;Ryu, Ki Dong;Moon, Byeong Jong;Kim, Tae wan;Kim, Woo Je
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2014.01a
    • /
    • pp.83-87
    • /
    • 2014
  • 본 논문에서는 안드로이드 스마트폰 환경에서 높은 점유율을 가진 카카오톡 모바일 메신저 앱에 대하여 행정안전부가 고시한 Android-JAVA 시큐어 코딩가이드의 입력 데이터 검증 및 표현, API악용, 보안특성, 시간 및 상태, 에러처리, 코드 품질, 캡슐화 등 18가지 보안 취약점을 분석하고, 해당 취약점에 대한 시큐어 코딩 기법을 적용한다. 먼저 현재 상용화되고 있는 카카오톡 모바일 메신저 코드를 역공학(리버스엔지니어링)방법을 이용하여 코드단에서 소스를 분석한다. 실제 코드에서 시큐어 코딩이 안드로이드 스마트폰 환경에서 행정안전부가 고시한 Android-JAVA 시큐어 코딩가이드를 기준으로 취약한 부분을 찾고, 적용이 안 되어 있는 부분에 안드로이드 환경에 맞는 시큐어 코딩 기법을 적용한다.

  • PDF

A Software Vulnerability Analysis System using Learning for Source Code Weakness History (소스코드의 취약점 이력 학습을 이용한 소프트웨어 보안 취약점 분석 시스템)

  • Lee, Kwang-Hyoung;Park, Jae-Pyo
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.18 no.11
    • /
    • pp.46-52
    • /
    • 2017
  • Along with the expansion of areas in which ICT and Internet of Things (IoT) devices are utilized, open source software has recently expanded its scope of applications to include computers, smart phones, and IoT devices. Hence, as the scope of open source software applications has varied, there have been increasing malicious attempts to attack the weaknesses of open source software. In order to address this issue, various secure coding programs have been developed. Nevertheless, numerous vulnerabilities are still left unhandled. This paper provides some methods to handle newly raised weaknesses based on the analysis of histories and patterns of previous open source vulnerabilities. Through this study, we have designed a weaknesses analysis system that utilizes weakness histories and pattern learning, and we tested the performance of the system by implementing a prototype model. For five vulnerability categories, the average vulnerability detection time was shortened by about 1.61 sec, and the average detection accuracy was improved by 44%. This paper can provide help for researchers studying the areas of weaknesses analysis and for developers utilizing secure coding for weaknesses analysis.

Method for Detecting Modification of Transmitted Message in C/C++ Based Discrete Event System Specification Simulation

  • Lee, Hae Young
    • Journal of the Korea Society of Computer and Information
    • /
    • v.26 no.1
    • /
    • pp.171-178
    • /
    • 2021
  • In this paper, the author proposes a method for detecting modification of transmitted messages in C/C++ based Discrete Event System Specification (DEVS) simulation. When a message generated by a model instance is delivered to other model instances, it may be modified by some of the recipients. Such modifications may corrupt simulation results, which may lead to wrong decision making. In the proposed method, every model instance stores a copy of every transmitted message. Before the deletion of the transmitted message, the instance compares them. Once a modification has been detected, the method interrupt the current simulation run. The procedure is automatically performed by a simulator instance. Thus, the method does not require programmers to follow secure coding or to add specific codes in their models. The performance of the method is compared with a DEVS simulator.