Earticle

Today’s software allows data transfer with the use of internet. Therefore, there is always a threat of attack by hackers. These security weaknesses cause a critical economic loss which is a direct cause of software security invasion accidents. Recently in order to solve these security weaknesses, rather than strengthening the security system from the external environment, many have started to realize it is essential and most efficient for programmers to develop stronger software. Internationally, resolving software weakness from the coding stage to prevent security incidents by providing a coding guide is rising as a security issue. Especially, user demands of software are becoming enormous and complicated. In order to reduce weaknesses that could lie in the software have to be removed and the costs for these increases as the development process progresses. This leads to issues nowadays with removing the security weaknesses from the coding stage. This technique is called secure coding and not only is the academic and the industrial world showing interest in this technique, but also national agencies are showing great interest. Especially in Korea, the electronic government business has decided to introduce secure coding and all developed programs will apply the security coding methodology. Rule checker, the object of study of this research, is a core tool for secure coding which is used to analyze security weaknesses existing in programs using a rule base. Especially, it can be used in the developmental stage and examination stage which makes an efficient composition of rule checker very important. In this research, a maximized technique to compose a rule checker with most efficiency has been proposed.

This paper presents a new image permutation algorithm to improve permutation efficiency. Based on uniform trend theorem and ideal bias theorem, we propose two classes of extractors, which solve the critical problem of any chaotic sequence uniformity. Then, the uniform chaotic sequence is transformed into integer space and the random integers are used to perform one-dimensional data permutation algorithm, which is based on data position interchange. Based on the data vector permutation, a secure and efficient image permutation is presented. Comparing with previous approaches, the proposed scheme is secure and its efficiency is enhanced.

Recently, new development guides have been announced for building secure e-government systems by the Korean government. The guides aim to reduce significant amount of security vulnerabilities and weaknesses inside source codes using secure coding practices. In this paper, we present an overview of the new development guides from various methodological perspectives. We also provide results of comparison to major security enhanced frameworks including CLASP, SAMM, and other domestic security frameworks.

The abstract is to be aiming at the complex security situation, situation assessment through a comprehensive analysis of the conclusions drawn generalization to ease management staff awareness and response pressure. Analysis of a number of typical characteristics and lack of assessment methods, we propose a conversion to right harm, dangerous and spread overlay analysis assessment model as the core of the vector, Aims correlation within the network point of view, more thorough, more accurately reveal the security situation. Describes the data, services due authorization, depending on the association occurs, discussed attacking position, risk measure, as well as the superposition of effects coordinated attack. From the point of view of the invasion, the attacker through security breaches or theft of fake login authorization, illegal operation of various resources, directly against the data, services, confidentiality, integrity, availability, and then pass along the dependencies harm, causing wider ramifications indirect losses. From the potential risks, dynamic threats, permanent loss of three levels starting assessed value of each component of the momentum, using the overlay method and clustering method to speculate attacks intended, identify coordinated attack and guiding automatic defense. At last, using with experiments to validate and assess. This model adaptable well, and it’s able to draw more precise conclusions credible assessment.

The Model Based Testing (MBT) is an original approach where test cases are automatically generated from the specifications of the system under tests. These specifications take the form of a behavioral model allowing the test generator to determine, on the one hand, the possible and relevant execution contexts. On the other hand, to predict the effects of these executions on the system. This paper proposes new methodology to generate vulnerability test cases based on SysML model of Europay-Mastercard and Visa (EMV) specifications. Our main aim is to ensure that not only the features described by the EMV specifications are met, but also that there is no vulnerability in the system. To meet these two objectives, we automatically generated concrete tests basing on SysML models. Indeed, this paper highlights the importance of modeling EMV specifications. We opted for the choice of SysML modeling language due to its ability to model Embedded Systems through several types of diagrams. In our work we used state machine diagram to generate vulnerability test cases for a secure and robust system.

The most of the previous lossless data hiding techniques are that secret data are embedded into cover image. So, the relationship between the embedding capacity and PSNR of these techniques is always an inverse proportion. In contrast, the embedded position information of secret data are embedded into a location map in the proposed technique in order to achieve thedirectly proportional relationship. The proposed technique is based on a property of self-inverse in reversible function, it is the composite operation between reversible functions. In the embedding procedure, a stego image without distortion is generated using this property.In order to evaluate the efficiency and security of the proposed technique, the embedding capacity and PSNR are used in the experiments. In the experimental results, the embedding capacity and PSNR of the proposed technique are greater than it of the previous techniques.

Sinkhole attacks in wireless sensor networks occur when a compromised node tries to attract network traffic by advertising un-authorized/illegitimate routing updates. The victim node sends data to the compromised node rather than sending it to the node it was formerly using. Sinkhole attacks are typically used to launch other attacks on the network such as selective forwarding and wormhole attacks. Once the network is compromised it is very hard to predict the kind of attack that is to follow. For this reason, there is a need to strengthen the security of wireless sensor networks. In this paper, we first describe the challenges in detecting sinkhole attacks in wireless sensor networks, followed by an analysis of methods to prevent, detect and neutralize sinkhole attacks. The analysis will be based on discussing the advantages and limitations of the proposed solutions.

This paper proposes a novel construction of efficient certificateless aggregate signature (CLAS) scheme. On basis of the computational Diffie-Hellman (CDH) assumption, the proposed scheme can be proven existentially unforgeable against adaptive chosen-message attacks. The new scheme also requires small constant pairing computations for aggregate verification, which is independent of the number of signers. Most importantly, a certain synchronization for aggregating randomness can be avoided by the proposed scheme. All the signers don’t need to share the same synchronized clock to generate the aggregate signature, which greatly decreases the implementation complexity in many application scenarios.

We present a general idea of using formal methods in the verication of security proto- cols. In particular we show how to formally model intruders and security properties such as secrecy. We demonstrate that applying formal methods can help protocol designers and implementers to improve the quality of security protocols. We also give an example where a formal method is applied to verify of important features in the design of network protocols for vehicular security systems.