• Title/Summary/Keyword: Secure Development

Search Result 1,883, Processing Time 0.025 seconds

Analysis on Development Methodology of Modern Secure boot: Focusing on Platform Environment (현대의 보안부팅 개발 방식 분석: 플랫폼 환경을 중심으로)

  • Kim, Jin-Woo;Lee, Sang-Gil;Lee, Jeong-Guk;Lee, Sang-Han;Shin, Dong-Woo;Lee, Cheol-Hoon
    • The Journal of the Korea Contents Association
    • /
    • v.20 no.2
    • /
    • pp.15-26
    • /
    • 2020
  • Secure boot is security technology that verifies the integrity of the computer system in boot stage and controls the boot process accordingly. The computer system can establish a secure execution environment from the threat of various malwares by security boot and also supports the recovery when system in emergency case. Recently, Secure boot has been adopted by various modern computer manufacturers to protect users' information from hacker attacks and to prevent abuse of their products by malicious users. In this paper, we classify security boot developed by various companies and organizations by platform, and analyze the design and development purpose of each security boot and investigate the limitation of design. It can be used as a reference for system security designers in various information of security boot development method and security design of system.

Secure OS Technical Development Trend (안전한 운영체제 기술개발 동향)

  • 김재명;이규호;김종섭;김귀남
    • Convergence Security Journal
    • /
    • v.1 no.1
    • /
    • pp.9-20
    • /
    • 2001
  • In the 3rd Wave of information revolution, technical research & development for more rapid and safe information exchange take a sudden turn currently According to a step up in importance and efficiency value of information, it's necessary to research technical development in various field altogether. Especially information security is the very core of essential technology. However most System attacks are based on the weakness of OS, it is difficult to achieve the security goal in the only application level. For the solution of this problem, so many technology researches to serve secure, trust information security in OS itself are activated. Consequently we introduce the tendency of current secure OS development projects of security kernel all over world in this report and inquire into security mechanism of the File Griffin which prevents file system forgery, modification perfectly by performing digital signature certificate on kernel level.

  • PDF

A Comparative Study on the Librarian and Users' Perception of the Specialized Library Operation

  • Noh, Younghee;Kwak, Woojung;Shin, Youngji
    • International Journal of Knowledge Content Development & Technology
    • /
    • v.9 no.4
    • /
    • pp.69-93
    • /
    • 2019
  • The purpose of this study is to investigate the status of specialized services and the overall satisfaction of the operation of the specialized services for the librarians and users of the specialized libraries, and based on the ISA method, compare the specialized theme data, specialized service place, specialized program, specialized theme area facilities and environment, and derive issues of the specialized library operation and improvement measures. Consequently, first, when developing the program, the specialized library needs to develop programs in possession of unique characteristics specific to the areas of the differentiated themes from the cultural and educational programs run by the existing libraries. Second, it is necessary to focus on the specialized theme area information services for the users, and to this end, it is necessary to improve librarians 'professionalism. Third, it is necessary to secure the budget for the specialized services and secure space. Since the scope of the services which may be provided as per the budget intended for providing specialized services may be limited, it would be necessary to secure and operate the budget systematic to this end. Fourth, the specialized library needs to proceed with activities in connection with local residents for the purposes of facilitating specialized services.

A Design and Development of Secure-Coding Check System Based on E-Government Standard Framework for Convergence E-Government Service (융복합 전자정부 서비스를 위한 전자정부 표준프레임워크 기반 시큐어코딩 점검 시스템 설계 및 개발)

  • Kim, Hyungjoo;Kang, Jungho;Kim, Kyounghun;Lee, Jaeseung;Jun, Moonseog
    • Journal of Digital Convergence
    • /
    • v.13 no.3
    • /
    • pp.201-208
    • /
    • 2015
  • Recently computer, smart phone, medical devices, etc has become used in a variety of environments as the application fields of IT products have become diversification. Attack case of abuse of software security vulnerabilities is on the increase as the application fields of software have become diversification. Accordingly, secure coding program is of a varied but history management, updating, API module to be vulnerable to attack. Thus, this paper proposed a materialization of CMS linked system to enable check the vulnerability of the source code to content unit for secure software development, configuration management system that interwork on the transmission module. Implemented an efficient coding system secure way that departmentalized by the function of the program and by analyzing and applying secure coding standards.

An Analysis of the 4G Mobile Communications Technology Development Strategy in Korea (4세대이동통신 기술개발전략 분석)

  • 노일수;엄기용;유영신;이병남
    • Proceedings of the Technology Innovation Conference
    • /
    • 2002.06a
    • /
    • pp.257-268
    • /
    • 2002
  • Korean mobile communications industry has been a main locomotive of the drastic development of Korean IT industry and became one of core industries in national economy. To secure strong competitiveness of mobile communications industry, smooth cooperation should be reconsidered among government, universities, research institutions, and private companies. Future mobile communications technology will be evolved from IMT-2000 to system upgrade, 3.5G and 4G. And the goals of technology development are provision of mobile multimedia services based on better mobility and higher data speed rates. Therefore, Korea's technology development strategies of mobile communications should be focused on intensifying bondage of international cooperation, strengthening standardization activities, and enhancing core technology development capability to secure IPR.

  • PDF

Security-Aware Optimized Link Routing Protocol for Mobile Ad-Hoc Networks

  • Dhir, Amandeep;Sengupta, Jyotsna
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.3 no.1
    • /
    • pp.52-83
    • /
    • 2009
  • In this technical report, we have examined the basic building blocks of mobile ad-hoc networks. The paper discusses various security requirements of ad-hoc networks, attacks in ad-hoc networks, Security Implementation and Routing Protocols. The primary purpose of the paper is to address the Optimized Link State Routing (OLSR) protocol in detail, along with the various possible attacks. Finally, algorithms for securing OLSR are proposed, via the addition of digital signatures, as well as more advanced techniques such as cross checking of advertised routing control data with the node's geographical position. The main aim of this research work is the addition of security features to the existing OLSR protocol. In order to effectively design a secure routing protocol, we present a detailed literature survey of existing protocols, along with the various attacks. Based on the information gathered from the literature survey, a secure routing protocol for OLSR is proposed. The proposed secure routing protocol involves the addition of a digital signature as well as more advanced techniques such as the reuse of previous topology information to validate the actual link state. Thus, the main objective of this work is to provide secure routing and secure data transmission.

Application of Machine Learning Techniques for the Classification of Source Code Vulnerability (소스코드 취약성 분류를 위한 기계학습 기법의 적용)

  • Lee, Won-Kyung;Lee, Min-Ju;Seo, DongSu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.735-743
    • /
    • 2020
  • Secure coding is a technique that detects malicious attack or unexpected errors to make software systems resilient against such circumstances. In many cases secure coding relies on static analysis tools to find vulnerable patterns and contaminated data in advance. However, secure coding has the disadvantage of being dependent on rule-sets, and accurate diagnosis is difficult as the complexity of static analysis tools increases. In order to support secure coding, we apply machine learning techniques, such as DNN, CNN and RNN to investigate into finding major weakness patterns shown in secure development coding guides and present machine learning models and experimental results. We believe that machine learning techniques can support detecting security weakness along with static analysis techniques.

An Analysis of the Importance among the Items in the Secure Coding used by the AHP Method (AHP기법을 이용한 시큐어 코딩의 항목 간 중요도 분석)

  • Kim, Chi-Su
    • Journal of Digital Convergence
    • /
    • v.13 no.1
    • /
    • pp.257-262
    • /
    • 2015
  • The ministry of security and public administration provide the secure coding guide that can remove the vulnerability of applications and defend cyber attack from the coding step because cyber attack like the hacking about 75% abusing the vulnerability of applications. In this paper we find the oder of priority and did the criticality analysis used by AHP about 7 items in the secure coding which the ministry of security and public administration provide. The result is decided that 'exception handling' is the most important item. There is no secure coding items in software supervision currently, therefore the result of the research will make good use audit standards in the process of the software development.

Definition of Security Metrics for Software Security-enhanced Development (소프트웨어 개발보안 활동을 위한 보안메트릭 정의)

  • Seo, Dongsu
    • Journal of Internet Computing and Services
    • /
    • v.17 no.4
    • /
    • pp.79-86
    • /
    • 2016
  • Under the influence of software security-enhanced development guidelines announced in 2012, secure coding practices become widely applicable in developing information systems aiming to enhance security capabilities. Although continuous enhancement activities for code security is important, management issues for code security have been less addressed in the guidelines. This paper analyses limitation of secure coding practices from the viewpoint of quality management. In particular this paper suggests structures and the use of software metrics from coding to maintenance phases so that it can be of help in the future by extending the use of security metrics.

Analysis on Vulnerability of ID/PW Management Solution and Proposal of the Evaluation Criteria (아이디/패스워드 통합 관리 제품의 취약성 분석 및 평가기준 제안)

  • Han, Jeong-Hoon;Lee, Byung-Hee;Hong, Su-Min;Kim, Seung-Hyun;Won, Dong-Ho;Kim, Seung-Joo
    • The KIPS Transactions:PartC
    • /
    • v.15C no.2
    • /
    • pp.125-132
    • /
    • 2008
  • As the development of Internet technology, the number of IDs managed by each individuals has been increased. And many software development institutes have developed ID/PW management solutions to facilitate secure and convenient management of ID/PW. However, these solutions also can be vulnerable in case of administrator's password exposure. Thus, we need to derive security requirements from the vulnerability analysis of these solutions, also we need evaluation criteria for secure ID/PW management solution development. In this paper, we analyze the vulnerability of ID/PW management solution and propose the evaluation criteria for secure ID/PW management solution.