Information technology security evaluation using CERT c secure coding standard

Authors:
Taeseung Lee;Kwangwoo Lee;Dongho Won;Namje Park
Affiliations:
Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, Suwon, Gyeonggi-do, Korea;Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, Suwon, Gyeonggi-do, Korea;Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, Suwon, Gyeonggi-do, Korea;Department of Computer Education Teachers College, Jeju National University, Korea
Venue:
FGIT'11 Proceedings of the Third international conference on Future Generation Information Technology
Year:
2011

Citing 9
Cited 0

Enhancement of two-factor authenticated key exchange protocols in public wireless LANs

Computers and Electrical Engineering
Multilateral approaches to the mobile RFID security problem using web service

APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
Secure RFID application data management using all-or-nothing transform encryption

WASA'10 Proceedings of the 5th international conference on Wireless algorithms, systems, and applications
AONT encryption based application data management in mobile RFID environment

ICCCI'10 Proceedings of the Second international conference on Computational collective intelligence: technologies and applications - Volume Part II
Secure UHF/HF dual-band RFID: strategic framework approaches and application solutions

ICCCI'11 Proceedings of the Third international conference on Computational collective intelligence: technologies and applications - Volume Part I
Protection profile for software development site

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
Open location-based service using secure middleware infrastructure in web services

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
WIPI mobile platform with secure service for mobile RFID network environment

APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
Protection profile for secure e-voting systems

ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience

Quantified Score

Hi-index	0.00

Visualization

Abstract

IT products developed without due consideration of security issues have caused many security accidents over the last ten years. As a result, the importance of security in software development is increasing. It is important to ensure that no known vulnerabilities remain in the design, development, and test stage, in order to develop secure IT products. Even when an IT product is designed securely, various security vulnerabilities can occur, such as buffer overflow, if the general coding technique is used at the development stage. Therefore, the introduction of secure coding rules becomes most critical in developing a robust information security product. This paper proposes a method of applying a secure coding standard in the CC evaluation process. The proposed method is expected to contribute to improving the security of IT products in the CC evaluation process.