• International Journal of Safety
• /
• v.8 no.2
• /
• pp.31-36
• /
• 2009

In accordance with the development of recent computer technology, railway signaling software became more complex for the intellectualization. Therefore the importance and dependency of railway signaling system on the computer software is getting more increased further, and the testing for the safety and reliability of railway signaling system software became more important. It is started to become influential as very important issue for the reliability and safety of vital embedded software like railway signaling system. The software coding which can have an effect on the safety at the coding level of software shall not be included preferentially, for the safety of software, and must be checked. This thesis suggested an automated testing tool for coding rules on this railway signaling system software, and presented its applied result for railway signaling system software. The testing items in the implemented tool had referred to the international standards in relation to the software for railway system and MISRA-C standards. This automated testing tool for railway signaling system can be utilized at the assessment stage for railway signaling system software also, and it is anticipated that it can be utilized usefully at the software development stage also.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1179-1189
• /
• 2012

We propose an improvement on the Guideline of Secure Software Development for Korea e-Government that is under revision by the Ministry of Public Administration and Security in 2012. We adopted a rule-oriented organization instead shifting from the current weakness-oriented one. The correspondence between the weakness and coding rules is identified. Also, added is the coverage of diagnostic tools over the rules to facilitate the usage by programmers during coding period When the proposed guideline is applied to secure software development, the weakness would be controlled indirectly by enforcing coding rules. Programmers responsibility would be limited to the compliance of the rules, while the current version implies that it is programmers responsibility to guarantee being free from the weakness, which is hard to achieve at reasonable cost.

• The Transactions of the Korean Institute of Electrical Engineers P
• /
• v.62 no.1
• /
• pp.30-35
• /
• 2013

Many function of railway signalling system which is in charge of most core function in a railway system are being operated by the software according to the development of computer technology. Accordingly, the source code testing to verify the safety of the railway signalling system software becomes to be more important, and related international standards highly recommend verifications on the source code also. For this reason, several related studies on vital source code verification were executed from several years ago in Korea. This paper performed tests through the application to railway signalling system being applied to the existing actual domestic railway sites through automated testing tools for coding rules of signalling system software and another signaling system software under development in Korea recently, and analyzed their results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.243-250
• /
• 2013

We have entered into an era of smart software system where the many kinds of embedded software, especially SCADA and Automotive software not only require high reliability and safety but also high-security. Removing software weakness during the software development lifecycle is very important because hackers exploit weaknesses which are source of software vulnerabilities when attacking a system. Therefore the coding rule as like core functions of MISRA-C should expand their coding focus on security. In this paper, we used CERT-C secure coding rules for nuclear-related software being developed to demonstrate high-safety software, and proposed how to remove software weakness during development.

• Journal of KIISE
• /
• v.42 no.4
• /
• pp.487-495
• /
• 2015

Since most of information is computerized nowadays, it is extremely important to promote the security of the computerized information. However, the software itself can threaten the safety of information through many abusive methods enabled by coding mistakes. Even though the Secure Coding Guide has been proposed to promote the safety of information by fundamentally blocking the hacking methods, it is still hard to apply the techniques on other programming languages because the proposed coding guide is mainly written for C and Java programmers. In this paper, we reclassified the coding rules of the Secure Coding Guide to extend its applicability to programming languages in general. The specific coding guide adopted in this paper is the C Secure Coding Guide, announced by the Ministry of Government Administration and Home Affairs of Korea. According to the classification, we applied the rules of programming in Sprout, which is a newly proposed Korean programming language. The number of vulnerability rules that should be checked was decreased in Sprout by 52% compared to C.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.8
• /
• pp.651-662
• /
• 2013

In this study, we suggest the selecting evaluation method considering 6 major factors like Compliance system application (Development language conformance, Platform Compliance), threat evaluation (criticality of security incident, possibility of security incident), application benefit (Reliability / quality improvement, Modify Cost) for appropriate secure coding rule selecting evaluation. Using this method, we selected and make a set consist of 197 secure coding rules for Battlefield Management System Software. And calculated the application priority for each rules.

• Journal of Korea Multimedia Society
• /
• v.15 no.11
• /
• pp.1349-1357
• /
• 2012

In recent years, security accidents which are becoming the socially hot issue not only cause financial damages but also raise outflow of private information. Most of the accidents have been immediately caused by the software weakness. Moreover, it is difficult for software today to assure reliability because they exchange data across the internet. In order to solve the software weakness, developing the secure software is the most effective way than to strengthen the security system for external environments. Therefore, suggests that the coding guide has emerged as a major security issue to eliminate vulnerabilities in the coding stage for the prevention of security accidents. Developers or administrators effectively in order to use secure coding coding secure full set of security weaknesses organized structurally and must be managed. And the constant need to update new information, but the existing Secure Coding and Security weakness is organized structurally do not. In this paper, we will define and introduce the structured weakness for mobile applications by the surveys of existing secure coding and coding rules for code analysis tools in Java.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.13-24
• /
• 2016

Defense Acquisition Program Administration's weapon system software development and management guideline specifies the criteria of software reliability tests including static and dynamic tests mainly on C/C++ languages. Recently, Defense Acquisition Program Administration expanded the scope of software reliability test for the various languages including C#, java etc. but specific criteria for them are not established. This study suggests the reliability test procedures and standards on C# programming software in weapon system. For the static test, considering the nature of the C# which depends on .NET framework, this paper introduces applying coding rules recommended by Microsoft Corp. Visual Studio 2012. Block coverage provided by Visual Studio is applied on dynamic tests and the achievement objectives for block coverage according to the software levels(A, B, C) are suggested. Also, the software reliability test procedures and standards proposed by this paper are properly verified through the case study. The result of this study can be used for establishing the specific criteria of the software reliability test for C# programming software in weapon system.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.49 no.6
• /
• pp.473-480
• /
• 2021

In this paper, We analyze and present improvements to problems in software quality through Static Analysis for Open Source, which is widely used as the Flight Controller software for small unmanned aerial vehicle drones. MISRA coding rules, which are widely applied based on software quality, have been selected. Static analysis tools were used by LDRA tools certified international tools used in all industries, including automobiles, railways, nuclear power and healthcare, as well as aviation. We have identified some safety-threatening problems across the quality of the software, such as structure of open source modules, analysis of usage data, compliance with coding rules, and quality indicators (complexity and testability), and have presented improvements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1169-1178
• /
• 2012

Recently, since the most software intensive systems are using internet environment for data exchange, the software security is being treated as a big issue. And, to minimize vulnerability of software system, security ensuring steps which are applying secure coding rules, are introduced in the software development process. But, since actual attacks are using a variety of software vulnerabilities, it is hard to analyze software weakness by monotonic analysis. In this paper, it is tried to against the complex attack on the variety of software vulnerability using the coupling which is one of the important characteristic of software. Furthermore, pre-analysis of the complex attack patterns using a combination of various attack methods, is carried out to predict possible attack patterns in the relationship between software modules. And the complex attack pattern analysis method is proposed based on this result.