• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.87-98
• /
• 2002

Software has been developed very fast as information has become important value. Illegal software copy has been the main problem of developing software business. Recently used protecting lock system for software copy has not guaranteed perfectly from easily cracked-defense system. This paper, therefore, proposes 96-bit block cipher with 112-bit length to replace a DES(Data Encryption Standard) algorithm. Security chip by ASIC(Application Specific Integrated Circuit) security module is presented for software copy protection. Then, an auto block protecting algorithm is designed for the security chip. Finally, controlling driver and library are built for the security chip.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.2
• /
• pp.646-663
• /
• 2014

Scrum is one of the most popular and efficient agile development methods. However, like other agile methods such as Extreme Programming (XP), Feature Driven Development (FDD), and the Dynamic Systems Development Method (DSDM), Scrum has been criticized because of lack of support to develop secure software. Thus, in 2011, we published research proposing the idea of a security backlog (SB). This paper represents the continuation of our previous research, with a focus on the evaluation in industry-based case study. Our findings highlight an improved agility in Scrum after the integration of SB. Furthermore, secure software can be developed quickly, even in situations involving requirement changes of software. Based on our experimental findings, we noticed that, when integrating SB, it is quite feasible to develop secure software using an agile Scrum model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.393-399
• /
• 2019

In a situation where an unauthorized SW brought into the organization without being authorized is emerging as a threat to the network security, the security of the network based on the SDN(Software-Defined Network) can be strengthened through the development of the security application considering the organization's characteristics. Security technology of existing SDN environment has been studied to protect internal network from external networks such as firewalls and Intrusion Detection Systems, but the research for resolving insider threat was insufficient. Therefore, We propose a system that protects the internal network from unauthorized SW, which is one of the insider threats in the SDN environment.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.141-144
• /
• 2004

The Common Criteria (CC) philosophy is to provide assurance based upon an evaluation of the IT product or system that is to be trusted. Evaluation has been the traditional means of providing assurance. It is essential that not only the customer' srequirements for software functionality should be satisfied but also the security requirements imposed on the software development should be effectively analyzed and implemented in contributing to the security objectives of customer's requirements. Unless suitable requirements are established at the start of the software development process, the resulting end product, however well engineered, may not meet the objectives of its anticipated consumers. By the security evaluation, customer can sure about the quality of the products or systems they will buy and operate. In this paper, we propose a selection guide for If products by showing relationship between security engineering and security evaluation and make help user and customer select appropriate products or system.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.245-251
• /
• 2021

This work aims to focus on the current features and characteristics of Human Element and Artificial intelligence (AI), ask some questions about future information security, and whether we can avoid human errors by improving machine learning and AI or invest in human knowledge more and work them both together in the best way possible? This work represents several related research results on human behavior towards information security, specified with elements and factors like knowledge and attitude, and how much are they invested for ISA (information security awareness), then presenting some of the latest studies on AI and their contributions to further improvements, making the field more securely advanced, we aim to open a new type of thinking in the cybersecurity field and we wish our suggestions of utilizing each point of strengths in both human attributions in software security and the existence of a well-built AI are going to make better future software security.

• IE interfaces
• /
• v.9 no.3
• /
• pp.249-256
• /
• 1996

The Internet e-mail security software and standards, such as PGP (Pretty Good Privacy) and PEM (Privacy Enhanced Mail), have several limitations that should be overcome for their further applications to the Internet and network environments. In order to improve and reengineer those software, details of the As-Is software processing should be analyzed. One of the possible techniques for software analysis is IDEFO function modeling. Although IDEFO has been mainly used for BPR as one of the industrial engineering techniques, it has been rarely applied to the analysis of software processing and reengineering in computer and software engineering fields. Additionally, no sufficient details of PGP and PEM processing are analyzed in the literature. The objective of this paper is to demonstrate the application of the IDEFO to the systems analysis of the Internet e-mail security software as well as to provide software developers with the basis for software improvements.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.1
• /
• pp.43-50
• /
• 2017

Use-After-Free security problem is rapidly growing in popularity, especially for attacking web browser, operating system kernel, local software. This security weakness is difficult to detect by conventional methods. And if local system or software has this security weakness, it cause internal security problem. In this paper, we study ways to remove this security weakness in software development by summarize the cause of the Use-After-Free security weakness and suggest ways to remove them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1541-1547
• /
• 2015

In the recent IT industry, security has established itself as the factor to be considered the most in the software development. It goes without saying that security is the critical factor for the development of information security products. In the evaluation of the information security products, the security is assured by the security architecture requirement (ADV_ARC). However, the Absence of the systematic software security architecture process makes it difficult to guarantee the security quality consistently even though they are evaluated based on common criteria. In this paper, we propose a way to ensure a consistent security quality applying the software security framework in BSIMM.

• KIPS Transactions on Software and Data Engineering
• /
• v.3 no.11
• /
• pp.465-470
• /
• 2014

The SP quality assessments from national IT industry promotion agency of Korea(NIPA) assesses ability of software development process. And the SP quality assessments is getting popular over the nation. But, in the SP quality assessments, there is no concern about security attribute. In this paper new secure process base on ISO 27001 is proposed for the organization that is already passed SP quality assessments. This process can detect security threatening factors and gives chance to protect those factors. Furthermore, since detected security weaknesses can be used as a measurement, the system can be managed in aspect to security attribute.

• Journal of Korea Multimedia Society
• /
• v.18 no.11
• /
• pp.1342-1350
• /
• 2015

Due to rapid development of mobile device technologies, the mobile banking through Internet has become a major service of banking information systems as a security-critical information systems. Recently, lots of mobile banking information systems which handle personal and transaction information have been exposed to security threats in vulnerable security control and management processes, mainly software systems. Therefore, in this paper, we propose a process model for software security improvements in mobile banking information system by application of fault tree analysis(FTA) and failure modes and effects analysis(FMEA) on the most important activities such as 'user authentication' and 'access control' and 'virus detection and control' processes which security control and management of mobile banking information systems are very weak.