• 한국컴퓨터정보학회논문지
• /
• 제22권3호
• /
• pp.81-88
• /
• 2017

In this paper, we classified the weaknesses of C/C++ programs listed in CWE based on the diagnostic information produced at each stage of program compilation. Our classification identifies which stages should be responsible for analyzing the weaknesses. We also present algorithmic frameworks for detecting typical weaknesses belonging to the classes to demonstrate validness of our scheme. For the weaknesses that cannot be analyzed by using the diagnostic information, we separated them as a group that are often detectable by the analyses that simulate program execution, for instance, symbolic execution and abstract interpretation. We expect that classification of weaknesses, and diagnostic information accordingly, would contribute to systematic development of static analyzers that minimizes false positives and negatives.

• 농촌지도와개발
• /
• 제16권1호
• /
• pp.201-235
• /
• 2009

This study analyzed the demographic characteristics, strengths and weaknesses related to information acquisition of local innovation diffusion types. This study use ordered probit model to find strengths and weaknesses of innovation diffusion type in rural area. The individual characteristics of 'formal extension type', 'situational reaction diffusion type', 'agriculturist connection type', and 'systematic approach type', all differentiated according to innovation diffusion type, were analyzed. Following Choi & Choe(2008), immediacy, accessibility, referability, applicability, and satisfaction were the highest in the situational reaction diffusion type, systematic approach type, formal extension type, and farmers connection type, in the order. And there existed organic contexts among individual characteristics. So this study tried to analyze strengths and weaknesses of innovation diffusion type with a focus on immediacy, which emerged as the most important variable in the process of interpreting innovation diffusion. And the strengths and weaknesses of each innovation diffusion type were presented.

• 한국통신학회논문지
• /
• 제38C권10호
• /
• pp.831-840
• /
• 2013

최근 소프트웨어 보안성 강화를 위해 소프트웨어 개발단계에서 보안취약점의 원인인 보안약점을 제거하기 위한 정적분석 기반의 도구를 많이 활용하고 있다. 따라서, 보안약점 진단도구는 다양한 보안약점을 진단할 수 있는 진단규칙을 보유하는 것이 필요하다. 2011년부터 2012년까지 국내 주요 정보화사업으로 개발된 소프트웨어에서 발견된 상위 5개의 보안약점은 연도별 상위 10개 보안약점의 76%에 해당된다. 소프트웨어 개발시 상위 5개의 보안약점만 적절히 조치하여도 소프트웨어 보안성이 많이 개선될 수 있다. 본 논문은 많이 활용되고 있는 공개용 진단도구인 PMD를 대상으로 주요 보안약점에 대한 진단규칙과 이에 대한 성능시험 결과를 제시한다.

• 한국과학교육학회지
• /
• 제16권4호
• /
• pp.429-440
• /
• 1996

This study examined the effects of the ARCS model for science education and found a way of improving ARCS while finding any weaknesses. More specific research questions were as follows: 1) Does the ARCS model enhance the learners' achivement in highschool Earth Science significantly?; 2) Does the ARCS model enhance the learners' motivation in highschool Earth Science significantly?; 3) What are the weaknesses of the prescriptions of the ARCS model for designing a lesson, if any?; 4) How can the weaknesses of the prescriptions of the ARCS modeI be overcome? In order to fulfill the purpose of this study, the two major research methodologies were implemented: pretest-posttest control group design and formarive research. This study was conducted in two distinct phases: 1) designing a set of instructions for 4 weeks with the principles of the ARCS model (to find the weaknesses of the ARCS model) and 2) teaching the instructions and checking the effectiveness of the ARCS model by pretest and posttest with control and experimental groups(to find weaknesses of the underlying theory of the ARCS). After the experiment, each group took an achievement test and an attitude test on the given instruction and gathered data were analyzed with t-tests. Also, from each four classes 7$\sim$8 students were randomly sampled and individually interviewed about the instructional effectiveness and their preference on the instructions. The results of this study are summarized as follows: Significant differences between the control group and experimental group are seen in three components; Attention, relevance, and satisfaction. No significant differences are seen in the attitude of confidence. The weakness of the prescriptions of the ARCS model, are insufficient of strategy for 'confidence'. For overcoming the weaknesses of the prescriptions of the ARCS model, developmental type research is needed.

• 한국컴퓨터정보학회논문지
• /
• 제18권2호
• /
• pp.87-94
• /
• 2013

본 논문에서는 2011년 Khan[7] 등에 의해 제안된 사용자 익명성 제공 인증기법에 대한 취약점을 분석하고, 이러한 취약점을 개선한 새로운 사용자 익명성 제공 인증기법을 제안한다. Khan의 인증기법은 내부자 공격에 취약하고 서버에 대한 사용자 익명성을 제공하지 못한다. 또한, 패스워드 변경 단계를 제안하고 있음에도 불구하고, 여전히 패스워드 오입력시의 취약점이 존재한다. 본 논문에서는 Khan 기법이 스마트카드를 분실할 경우의 취약점과 강력한 서버/사용자 가장 공격에도 취약함을 보인다. 제안 인증기법은 이러한 취약점들을 개선하여 사용자에게 보다 안전한 프라이버시를 제공할 수 있는 향상된 사용자 익명성을 제안한다.

• 정보보호학회논문지
• /
• 제22권6호
• /
• pp.1407-1417
• /
• 2012

소프트웨어 시스템을 보안 침해로부터 보호하기 위해서는 소프트웨어의 개발 단계에서부터 생명주기 전체에 걸쳐 보안약점을 제거하는 작업이 요구된다. 이러한 작업을 수행함에 있어서 계속하여 보고되고 있는 다양한 보안약점들에 대하여 시스템 보안과 실제 활용 목적에 미치는 영향이 큰 보안약점을 선별하여 적절히 대처하는 것이 효과적이다. 본 논문에서는 소프트웨어 보안약점 및 보안취약점의 중요성에 대한 기존의 정량 평가 방법론들을 소개하고, 이를 기반으로 신뢰도가 중요시되는 소프트웨어 시스템에 대하여 보안약점의 일반적인 심각성을 객관적으로 평가할 수 있는 정량 평가 기준을 제안한다. 또한 제안된 기준을 사용하여 2011 CWE/SANS Top 25 보안약점 명세에 대한 중요도 평가를 수행하고 그 결과를 기존 점수와 비교함으로써 제안된 평가기준의 유용성을 보이고자 한다.

• 산경연구논집
• /
• 제4권2호
• /
• pp.21-30
• /
• 2013

Purpose - The objectives of this study are to find the strengths, weaknesses, opportunities, and threats related to the national innovation system of Iran (using a SWOT analysis) and to extract some strategic recommendations to modify the innovation policies of Iran. Research design, data, and methodology - This study used a literature review and field study. In the first phase, the author studied library resources and articles, and browsed through Internet information about the subject. The second phase was a field research investigation through designed questionnaires and interviews with more than 100 policymakers, officials, executives, and others related to the national innovation system in 2011. Results - In this research study, strategic recommendations were extracted through a SWOT model for improvements to the innovation policies of Iran. Conclusions - The findings of this study show the role of strengths, weaknesses, opportunities, and threats in the national innovation system of Iran and suggest strategic recommendations for its modification.

• 한국산업경영시스템학회:학술대회논문집
• /
• 한국산업경영시스템학회 2002년도 춘계학술대회
• /
• pp.397-402
• /
• 2002

Six Sigma is one of the most active subjects in quality management. This study deals with some existing weaknesses that may arise in implementing Six Sigma in real world situations. The main weaknesses discussed here include the lack of understanding of cultural aspects on the nations and industries, the poor linkage between quality, finance and accounting from the bottom line point of view, and the difficult development process of metrics for all improvement results to validate the effect of Six Sigma. Finally, the key success characteristics for a good Six Sigma project are presented.

• 산업경영시스템학회지
• /
• 제25권1호
• /
• pp.29-34
• /
• 2002

Six Sigma is one of the most active subjects in quality management. This studs deals with some existing weaknesses that may wise in implementing Six Sigma in real world situations. The main weaknesses discussed here include the lack of understanding of cultural aspects on the nations and industries, the poor linkage between quality, finance and accounting from the bottom line point of view, and the difficult development process of metrics for all improvement results to validate the effect of Six Sigma. Finally, the key success characteristics for a good Six Sigma project are presented.

• 국방과기술
• /
• 11호통권69호
• /
• pp.53-57
• /
• 1984