• Journal of Korea Multimedia Society
• /
• v.17 no.6
• /
• pp.706-715
• /
• 2014

It is used to lead to serious structural vulnerability of the system security of security-critical system when we have quickly developed software system according to urgent release schedule without appropriate security planning, management, and assurance processes. The Data Set and Provider of DataSnap, which is a middleware of Delphi XE2 of the Embarcadero Technologies Co., certainly help to develop an easy and fast-paced procedure, but it is difficult to apply security program and vulnerable to control software system security when the connection structure Database-DataSnap server-SQL Connection-SQL Data set-Provider is applied. This is due to that all kinds of information of Provider are exposed on the moment when DataSnap Server Port is sure to malicious attackers. This exposure becomes a window capable of running SQL Command. Thus, it should not be used Data Set and Provider in the DataSnap Server in consideration of all aspects of security management. In this paper, we study on the verification of the security vulnerabilities for Client and Server DataSnap in Dlephi XE2, and we propose a secure coding method to improve security vulnerability in the DataSnap server system.

• Journal of Advanced Marine Engineering and Technology
• /
• v.35 no.5
• /
• pp.647-653
• /
• 2011

In vessels, various communication systems are now working with different vendor-specific ways, which are apt to cause the inter-operability problems. That, of course, leads to needs of standardization of communication network systems for vessels. The e-navigation system introduced by IMO also takes the standardization process as expected. In this paper, a 4S multiple media communication switching server for seamless communications among existing media for vessels is introduced, and the development of a information exchange software for the sever and its functionality verification results are presented as well.

• Journal of the Korean Society for Precision Engineering
• /
• v.23 no.12 s.189
• /
• pp.95-102
• /
• 2006

A product is designed through the collaboration among engineers in several fields such as design, analysis, and manufacturing. These series of functions are performed repeatedly during the design process. An easy access and exchange of the model data is one of the important elements that help to shorten production development time. Especially, the importance of data exchange between CAD and CAE applications is increasing in the field of verification and estimation of the products. However, information and knowledge of model which is generated by a CAD software cannot be transferred by a function of CAE software, as an exchange of product data between CAD and CAE applications. It causes a delay in design analysis and eventually discourages a designer's effort in improving his design. Therefore, we need to integrate a commercial CAD and CAE applications effectively and to use the same interface on a product model obtained in a distributed environment. This paper shows how to implement a model exchange between CAD and CAE by a web-service and how to provide a communication environment among engineers.

• ETRI Journal
• /
• v.25 no.5
• /
• pp.328-336
• /
• 2003

Bluetooth is a specification for short-range wireless communication using the 2.4 GHz ISM band. It emphasizes low complexity, low power, and low cost. This paper describes an area-efficient digital baseband module for wireless technology. For area-efficiency, we carefully consider hardware and software partitioning. We implement complex control tasks of the Bluetooth baseband layer protocols in software running on an embedded microcontroller. Hardware-efficient functions, such as low-level bitstream link control; host controller interfaces (HCIs), such as universal asynchronous receiver transmitter (UART) and universal serial bus (USB)interfaces; and audio Codec are performed by dedicated hardware blocks. Furthermore, we eliminate FIFOs for data buffering between hardware functional units. The design is done using fully synthesizable Verilog HDL to enhance the portability between process technologies so that our module can be easily integrated as an intellectual property core no system-on-a-chip (SoC) ASICs. A field programmable gate array (FPGA) prototype of this module was tested for functional verification and realtime operation of file and bitstream transfers between PCs. The module was fabricated in a $0.25-{\mu}m$ CMOS technology, the core size of which was only 2.79 $mm{\times}2.80mm$.

• ETRI Journal
• /
• v.34 no.1
• /
• pp.76-86
• /
• 2012

The block cipher ARIA has been threatened by side-channel analysis, and much research on countermeasures of this attack has also been produced. However, studies on countermeasures of ARIA are focused on software implementation, and there are no reports about hardware designs and their performance evaluation. Therefore, this article presents an advanced masking algorithm which is strong against second-order differential power analysis (SODPA) and implements a secure ARIA hardware. As there is no comparable report, the proposed masking algorithm used in our hardware module is evaluated using a comparison result of software implementations. Furthermore, we implement the proposed algorithm in three types of hardware architectures and compare them. The smallest module is 10,740 gates in size and consumes an average of 47.47 ${\mu}W$ in power consumption. Finally, we make ASIC chips with the proposed design, and then perform security verification. As a result, the proposed module is small, energy efficient, and secure against SODPA.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.8
• /
• pp.3420-3436
• /
• 2020

Due to the increasing number of malicious software (also known as malware), methods for sharing threat information are being studied by various organizations. The Malware Attribute Enumeration and Characterization (MAEC) format of malware is created by analysts, converted to Structured Threat Information Expression (STIX), and distributed by using Trusted Automated eXchange of Indicator Information (TAXII) protocol. Currently, when sharing malware analysis results, analysts have to manually input them into MAEC. Not many analysis results are shared publicly. In this paper, we propose an automated MAEC conversion technique for sharing analysis results of malicious Android applications. Upon continuous research and study of various static and dynamic analysis techniques of Android Applications, we developed a conversion tool by classifying parts that can be converted automatically through MAEC standard analysis, and parts that can be entered manually by analysts. Also using MAEC-to-STIX conversion, we have discovered that the MAEC file can be converted into STIX. Although other researches have been conducted on automatic conversion techniques of MAEC, they were limited to Windows and Linux only. In further verification of the conversion rate, we confirmed that analysts could improve the efficiency of analysis and establish a faster sharing system to cope with various Android malware using our proposed technique.

• Proceedings of the KSR Conference
• /
• 2010.06a
• /
• pp.1669-1679
• /
• 2010

Related to the on-going "Train Control System Project of Pilot Line Construction for Urban MAGLEV Train", activities by each phase shall be conducted to achieve SIL4 level and obtain safety certification from the Independent Safety Assessment(ISA), based on the IEC standards((IEC 62278/62279 and IEC 62425) for the first time in Korea. This thesis describes the introduction of IEC standards, system assurance activities (such as plan, analysis, test, verification and validation) in compliance with requirements management and project life-cycle and relations with the safety assessment activities; and certification activities (such as document reviews and audits) through system RAMS activities, software quality assurance activities and safety assessment, for the purpose of achieving a successful safety certification at the time of completing the project as system assurance activities including software and safety certification activities in order to acquire the safety certification for train control system which does not exist at all in domestic cases. It is believed that overall system safety assurance activities in this project will contribute to develop more upgraded products of the domestic train control system on the quality and safety point of view, find overseas markets and establish a bridgehead in the future.

• Journal of Software Engineering Society
• /
• v.27 no.1
• /
• pp.1-7
• /
• 2018

The consumption of mobile device batteries which are limited resources is an important criterion when circuit designers analyze and evaluate circuits. For this reason, researchers conducted researches with different models of battery consumption to analyze power consumption of mobile devices. The battery consumption model generation techniques have various characteristics depending on availability of sensors, run-time model generation, and models for using in verification and testing. However, there is lack of comparison and analysis between varied battery consumption model generation methods. In this research, we compare and evaluate the analysis methods which have been studied so far to support the circuit investigation for circuit designers. Finally, we suggest the direction of researches in battery consumption analysis using the comparison result.

• Proceedings of the Korean Nuclear Society Conference
• /
• 1996.11a
• /
• pp.191-196
• /
• 1996

The potential value of the Application Specific Integrated Circuits(ASIC's) in safety systems of Nuclear Power Plants(NPP's) is being increasingly recognized because they are essentially hardwired circuitry on a chip, the reliability of the system can be proved more easily than that of software based systems which is difficult in point of software V&V(Verification and Validation). There are two types of ASIC, one is a full customized type, the other is a half customized type. PLD(Programmable Logic Device) used in this paper is a half customized ASIC which is a device consisting of blocks of logic connected with programmable interconnections that are customized in the package by end users. This paper describes the RPS(Reactor Protection System) composed of ASICs which provides emergency shutdown of the reactor to protect the core and the pressure boundary of RCS(Reactor Coolant System) in NPP's. The RPS is largely composed of five logic blocks, each of them was implemented in one PLD, as the followings. A). Bistable Logic B). Matrix Logic C).Initiation Logic D). MMI(Man Machine Interface) Logic E). Test Logic.

• Journal of Korea Multimedia Society
• /
• v.8 no.5
• /
• pp.715-720
• /
• 2005

In a software development process, it is necessary to have a method which verifies and satisfies users' requirements in their point of view. This allows the system developer to design a high qualify software system and have it developed and used in an effective way since users' requirements have well been shown through it. In this paper, we propose the RV-UI model system that can verify users' requirements a step ahead of system implementation step. This RV-UI model system has standardized user interface which is in practical use into functional model for each process and it is designed to satisfy users' requirements and manage configuration of them through the interface which has the Kano model.