• Journal of the Korea Institute of Military Science and Technology
• /
• v.10 no.1
• /
• pp.55-69
• /
• 2007

The paper provides the approach to apply formal methods to the development and certification criteria of defense safety/security-critical software. RTCA/DO-178B is recognized as a do facto international standard for airworthiness certification but lack of concrete activities and vagueness of verification/certification criteria have been criticized. In the case of MoD Def Stan 00-55, the guidelines based on formal methods are concrete enough and structured for the defense safety-related software. Also Common Criteria Evaluation Assurance Level includes the strict requirements of formal methods for the certification of high-level security software. By analyzing the problems of DO-178B and comparing it with MoD Def Stan 00-55 and Common Criteria, we identity the important issues In safety and security space. And considering the identified issues, we carry out merging of DO-178B and CC EAL7 on the basis of formal methods. Also the actual case studies for formal methods applications are shown with respect to the verification and reuse of software components.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.793-805
• /
• 2015

Due to the rise of automotive security problems following automotive safety and the progress of the internet technology leading to a hyper-connected society, guaranteeing the safety of automotive requires security plans in the supply chain assurance and automotive software, and risk management plans for identifying, evaluating, and controlling the risks that may occur from the supply chain since the modern automotive is a Safety Critical system. In this paper, we propose a study on Automotive Supply Chain Risk Management (A-SCRM) procedures by person interested within the automotive Life-Cycle.

• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.169-175
• /
• 2023

Ethical hackers are using different tools and techniques to encounter malicious cyber-attacks generated by bad hackers. During the software development process, development teams typically bypass or ignore the security parameters of the software. Whereas, with the advent of online web-based software, security is an essential part of the software development process for implementing secure software. Security features cannot be added as additional at the end of the software deployment process, but they need to be paid attention throughout the SDLC. In that view, this paper presents a new, Ethical Hacking - Software Development Life Cycle (EH-SDLC) introducing ethical hacking processes and phases to be followed during the SDLC. Adopting these techniques in SDLC ensures that consumers find the end-product safe, secure and stable. Having a team of penetration testers as part of the SDLC process will help you avoid incurring unnecessary costs that come up after the data breach. This research work aims to discuss different operating systems and tools in order to facilitate the secure execution of the penetration tests during SDLC. Thus, it helps to improve the confidentiality, integrity, and availability of the software products.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.61-74
• /
• 2007

In Common Criteria evaluation scheme, sponsor and evaluator should estimate evaluation cost and duration of IT security system evaluation in contracting the evaluation project. In this paper, We analyzed study result that achieve at 2003 and 2005, and utilized part of study result. And we empirically estimate relative evaluation effort ratios among evaluation assurance levels($EAL1{\sim}EAL7$) in CC v2.3 and CC v3.1. Also, we estimate the ratios from 'developer action elements', adjusted 'content and presentation of evidence elements', and 'evaluator action elements 'for each assurance component. We, especially, use ratio of amount of effort for each 'evaluator action elements', that was obtained from real evaluators in KISA in 2003. Our result will useful for TOE sponsor as well as evaluation project manager who should estimate evaluation cost and duration for a specific EAL and type of TOE, in a new CC v3.1 based evaluation schem.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.35-42
• /
• 2004

Ubiquitous Computing is gradually accepting in our real society. Already some Advanced State has studying of Ubiquitous for more convenience Ubiquitous environment. Anywhere, Anytime user can be provided information and service that he want, but it has some problem such as Rogue AP, IP spoofing, DoS attack, Warm which can causing social confusion in Ubiquitous society. In this situation we must analytics that security requirement in the Ubiquitous network environment and investigate 'Ad hoc' and RFID which is main technique for network infra construction.struction.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1049-1052
• /
• 2012

개인정보의 유출을 막기 위해서는 안전한 인증 수준을 이용해야 한다. 그러나, 인증 수단의 인증 등급은 응용 서비스의 중요성과 민감도에 비례해 선택되어야 한다. 본 논문에서는 국내 다양한 분야의 전자인증 환경을 분석하고, 국제 표준 (ITU-T X.1254 | ISO/IEC 29115) 에 근거한 4 가지 전자인증 등급과 기준을 분석한다. 또한, 국제표준방식의 인증 등급과 국내 분야의 인증 등급을 상호 비교한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.141-153
• /
• 2009

Recently, public and national institutions establish secure system with installed and operational by IT products for security. They required the Common Criteria for assurance of IT products. However, many company hard to decide when IT products release and develop investment because of cost and spend-time problem. Therefore, in this paper, we analyze domestic and international IT products evaluation services, and proposes simplification IT products evaluation service compared with previous services.

• International Journal of Computer Science & Network Security
• /
• v.21 no.2
• /
• pp.103-109
• /
• 2021

The study aimed to analyze the current situation of the electronic portal of the Northern Border University, in terms of content and components, the extent of quality of use, service assurance and integrity, linguistic coverage of objective content, in addition to assessing the efficiency of the Blackboard e-learning platform and measuring the degree of safety of the portal, in addition to measuring the extent of satisfaction, through a sample that included 135 faculty members, as the researcher was keen to apply the case study methodology with the use of the questionnaire as the main tool for measurement, and the study found that there is an average trend among faculty members in the degree of content for the components of the portal and electronic security While it rose to good use, and very good at using the Blackboard platform.

• Journal of Convergence for Information Technology
• /
• v.10 no.5
• /
• pp.16-22
• /
• 2020

In this paper, the technology and capabilities required for the job of developing security software recommended by the Cybersecurity Human Resources Development Framework of the National Initiative for Cybersecurity Education (NICE) were studied. In this paper, we describe what security skills are needed for the task of developing security software and what security capabilities should be held. The focus of this paper is to analyze the consistency between security technologies (core and specialized technologies) required for security software development tasks and the curriculum of information protection-related departments located in Seoul, Korea. The reason for this analysis is to see how the curriculum at five universities in Seoul is suitable for performing security software development tasks. In conclusion, if the five relevant departments studied are to intensively train developers of development tasks for security software, they are commonly required to train security testing and software debugging, how secure software is developed, risk management, privacy and information assurance.

• The KIPS Transactions:PartC
• /
• v.16C no.4
• /
• pp.461-476
• /
• 2009

Digital Printers that are mainly used in enterprises and public institutions are compound machinery and tools which are combined into various functions such as printing, copying, scanning, and fax so on. Digital Printers has security functionality for protecting the important data related with confidential industry technology from leaking. According to the trends, CC(Common Criteria) evaluation and assurance about digital printer is on progress in Japan and USA. Domestically CC evaluation and assurance is started recently. However, the know-how about the digital printer evaluation is not enough and the developers and the evaluators have difficulty in CC evaluation of digital printer products in the country. Therefore, the testing method of digital printer security functionality and evaluation technology is essentially needed for increasing demand for the evaluation afterwards. In this study, we analyze the security functionality and developing trends of digital printer products from internal and external major digital printer companies. Moreover, we research the characters of each security functions and propose guideline for digital printer security functionality evaluation and vulnerability testing methods.