• Journal of KIISE
• /
• v.41 no.11
• /
• pp.892-899
• /
• 2014

Dynamic binary instrumentation is a code insertion technique for debugging a program without scattering its execution flow, while the program is running. Most dynamic instrumentations are implemented using dynamic binary translation techniques. Existing studies translated program codes dynamically by parsing the machine code stream to intermediate representation (IR) and then applying compilation techniques for IRs. However, they have high overhead during translation, which is a major cause of difficulty in applying the dynamic binary translation technique to the program which requires high responsiveness. In this paper, we introduce a light-weight dynamic binary instrumentation framework based on a novel dynamic binary translation technique which has low overhead while translating the program code. In order to reduce the translation overhead, our approach adopts a tabular-based address translation and exploits a translation bypassing scheme, which stores the translated address of a frequently called library function in advance. It then accesses the translated address and executes function codes without code translation when calling the function. Our experiment results demonstrated that the proposed approach outperforms the prior dynamic binary translation techniques from 2% up to 65%.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06b
• /
• pp.410-413
• /
• 2010

최근 그린 IT, 콜라우드 컴퓨팅 등이 새롭게 주목 받음에 따라 이들의 기반 기술인 가상화 기술이 더욱 활발히 연구되고 있다. 이에 따라 본 논문에서는 다양한 시스템을 손쉽게 운영할 수 있는 전가상화의 장점을 극대화하기 위해 새로운 동적 코드 변환기법에 대하여 제안한다. 이를 위해 동적 주소 변환 기법과 베이직 블록의 특성에 따라 동적 코드를 경량화하는 기법을 설계하였다. 기존의 동적 코드 변환 기법과의 성능 비교를 통해 제안한 기법의 안정성과 경량성를 확인할 수 있었다.

• The Transactions of the Korea Information Processing Society
• /
• v.3 no.5
• /
• pp.1307-1316
• /
• 1996

In this paper, we propose a vector quantization method which uses a dynamic address mapping based on exploring the high interblock correlation. In the proposed method, we reduce bit-rate by defining an address transform function, which maps a VQ address of an input block which will be encoded into a new address in the reordered codebook by using side match error. In one case that an original address can be transformed into a new transformed address which is lower than the threshold value, we encode the new address of the transformed convector, and in the other case we encode the address of the original convector which is not transformed. Experimental results indicate that the proposed scheme reduces the bit-rate by 45~50% compared with the ordi-nary VQ method forimage compression, at the same quality of the reconstructed image as that of the ordinary VQ system.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.10
• /
• pp.1131-1138
• /
• 2015

As the size of the internet market grows rapidly, the number of IPv4 addresses available is being exhausted, while transition to IPv6 is being delayed. As the best alternative solution, Network Address Translation(NAT) scheme is being used. It connects the public internet network with the private internet network in order to reduce the waste of IPv4 addresses space. The purpose of this paper is to study the effective example of network based on common virtual network using Packet Tracer with topology designed rather than usual theoretical approach in Dynamic NAT and PAT, which allows more efficient use of address space.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.10b
• /
• pp.1185-1188
• /
• 2000

NAT로 운영되는 private network에서 IP 전화 시스템을 지원하기 위해서는 caller 단말, gatekeeper 서버, callee 단말간에 교환되는 H.225.0 메시지와 H.245 메시지의 NAT 주소 변환이 동적인 방법으로 투명하게 이루어져야한다. 이를 위하여 본 논문에서는 NAT 가 탑재된 라우터와 gatekeeper 서버를 연동하는 구조를 제안한다. 제안한 방식은 gatekeeper 와 NAT 라우터 사이에 주소 변환을 위한 정보교환용의 channel 을 여는 단계, gatekeeper 가 외부 단말로 향하는 H.225.0, H245 메시지를 받았을 때 NAT 라우터에게 private 주소 정보를 알려주는 단계, NAT 라우터가 gatekeeper로부터 private 주소정보를 받았을 때 public 주소 정보를 할당하여 gatekeeper에게 알려주는 단계, gatekeeper가 할당받은 public 주소 정보를 반영하여 외부 단말로 향하는 H.225.0, H.245 메시지를 재생성하는 단계 마지막으로 호가 종료될 때 gatekeeper 가 NAT 라우터로부터 할당받은 NAT 자원을 반환하는 단계로 구성된다. 이러한 연동 구조를 사용함으로써 NAT 환경에서 H.323 개체들간의 signalling 메시지와 음성 데이터의 송수신을 보장할 수 있다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06a
• /
• pp.547-550
• /
• 2011

플래시 메모리는 낮은 전력 소비와 높은 성능으로 인해 휴대용 기기에 널리 사용되고 있다. FTL은 플래시 내 자료를 관리하는 소프트웨어 계층으로 플래시 전체의 성능에 영향을 끼친다. 그 중 페이지 레벨 매핑 기법을 적용한 FTL은 유연성이 높고 속도가 빠르나 주소 변환 테이블의 크기가 큰 단점이 있다. 이를 해결하기 위해 자주 접근되는 영역의 매핑 주소만을 매핑 테이블 캐시에 올려놓는 Demand-based FTL(DFTL)이 제안되었다. DFTL 에서는 CMT(Cache Mapping Table)의 참조율이 떨어지는 경우 빈번한 플래시 메모리 접근 오버헤드가 발생하게 된다. 이러한 문제는 흔히 발생하는 일반적인 순차 접근에서조차 문제가 된다. 이에 본 논문에서는 저장 장치의 접근 패턴을 예측하여 CMT의 참조 엔트리를 미리 읽어오는 기법을 제안한다. 제안하는 기법은 저장 장치 접근 패턴의 순차성을 판단하여 연속된 매핑 주소를 미리 CMT에 올려놓고, 읽어오는 매핑 주소 엔트리의 양은 동적으로 관리한다. 추가적으로 CMT에서 발생하는 스래싱(thrashing) 을 파악하기 위해 쫓겨나는 희생 엔트리의 접근 여부를 분석하여 이를 활용하였다. 실험 결과에서 본 기법은 기존의 DFTL에 비해 약간의 공간 오버헤드와 함께 평균 50% 증가한 참조율을 보였다.

• The Journal of Society for e-Business Studies
• /
• v.9 no.4
• /
• pp.137-155
• /
• 2004

A video-conference system is being utilized in web based application services in various fields due to the widespread use of Internet and the progress of computer technologies. This system should use the public IP address for sharing file and white board and it is difficult to manage the internal network users of the firewall and non-public IP address users. In this paper, we propose an Application Level Gateway which transforms non-public IP address into public IP address. This mechanism is for the internal network users of the firewall or non-public IP address users over the Internet. We also propose a Control Daemon which manages video and audio media dynamically according to network bandwidth. This mechanism can start and terminate a video conference and manage the process of the video conference.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.5
• /
• pp.217-222
• /
• 2013

Return-Oriented Programming(ROP) is an advanced code-reuse attack like a return-to-libc attack. ROP attacks combine gadgets in program code area and make functions like a Turing-complete language. Some of previous defense methods against ROP attacks show high performance overhead because of dynamic execution flow analysis and can defend against only certain types of ROP attacks. In this paper, we propose Indirect Branch Target Address Verification (IBTAV). IBTAV detects ROP attacks by checking if target addresses of indirect branches are valid. IBTAV can defends against almost all ROP attacks because it verifies a target address of every indirect branch instruction. Since IBTAV does not require dynamic execution flow analysis, the performance overhead of IBTAV is relatively low. Our evaluation of IBTAV on SPEC CPU 2006 shows less than 15% performance overhead.

• Proceedings of the Korean Association of Geographic Inforamtion Studies Conference
• /
• 1997.12a
• /
• pp.51-61
• /
• 1997

웹 상에서 전자지도 서비스를 제공하기 위한 시스템으로써 클라이언트인 벡터지도 Viewer와 서버인 지도 서버, 주소-좌표 변환 서버를 개발하였으며, 또한, 웹 환경에 적합한 지도 데이터의 구축을 위해 지도 가공 및 구축 자동화 프로그램을 개발하였다. 그리고, 한국통신에서 현재 서비스 중인 전자 전화번호 서비스와의 결합을 통한 보다 진보된 형태의 서비스 제공을 위하여 연동 기능을 구현하였다. 본 시스템의 설계 및 구현은 불특정 다수를 대상으로 하는 서비스의 특성을 고려하여 웹 환경에 적합하도록 데이터의 전송 속도 문제, 동적인 사용자 인터페이스 제공, S/W 설치 부담 제거, 시스템의 효율적인 유지 보수 및 향후 시스템 확장 등에 초점을 맞췄다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.6
• /
• pp.155-164
• /
• 2018

Many malicious programs have been compressed or encrypted using various commercial packers to prevent reverse engineering, So malicious code analysts must decompress or decrypt them first. The OEP (Original Entry Point) is the address of the first instruction executed after returning the encrypted or compressed executable file back to the original binary state. Several unpackers, including PinDemonium, execute the packed file and keep tracks of the addresses until the OEP appears and find the OEP among the addresses. However, instead of finding exact one OEP, unpackers provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In other words, existing unpackers have difficulty in finding the correct OEP. We have developed new tool which provides fewer OEP candidate sets by adding two methods based on the property of the OEP. In this paper, we propose two methods to provide fewer OEP candidate sets by using the property that the function call sequence and parameters are same between packed program and original program. First way is based on a function call. Programs written in the C/C++ language are compiled to translate languages into binary code. Compiler-specific system functions are added to the compiled program. After examining these functions, we have added a method that we suggest to PinDemonium to detect the unpacking work by matching the patterns of system functions that are called in packed programs and unpacked programs. Second way is based on parameters. The parameters include not only the user-entered inputs, but also the system inputs. We have added a method that we suggest to PinDemonium to find the OEP using the system parameters of a particular function in stack memory. OEP detection experiments were performed on sample programs packed by 16 commercial packers. We can reduce the OEP candidate by more than 40% on average compared to PinDemonium except 2 commercial packers which are can not be executed due to the anti-debugging technique.