• KIISE Transactions on Computing Practices
• /
• v.21 no.2
• /
• pp.148-153
• /
• 2015

In our domestic software industries, it is focused on such a high quality development/ testing process, maturity measurement, and so on. But the real industrial fields are still working on a code-centric development. Most of the existing legacy systems did not keep the design and highly increased the code complexity with more patching of the original codes. To solve this problem, we adopt a code visualization technique which is important to reduce the code complexity among modules. To do this, we suggest a tool chaining method based on the existing open source software tools, which extends NIPA's Software Visualization techniques applied to procedural languages. In addition, it should be refactored to fix bad couplings of the quality measurement indicators within the code visualization. As a result, we can apply reverse engineering to the legacy code, that is, from programming via model to architecture, and then make high quality software with this approach.

• Journal of KIISE:Software and Applications
• /
• v.35 no.7
• /
• pp.452-461
• /
• 2008

Binary diffing is a method to find differences in similar binary executables such as two different versions of security patches. Previous diffing methods using flow information can detect control flow changes, but they cannot track constant value changes. Biffing methods using assembly instructions can detect constant value changes, but they give false positives which are due to compiling methods such as instruction reordering. We present a binary diffing method and its implementation named SCV which utilizes both structure and value information. SCV summarizes structure and constant value information from disassembled code, and matches the summaries to find differences. By analyzing a Microsoft Windows security patches, we showed that SCV found necessary differences caused by constant value changes which the state-of-the-art binary diffing tool BinDiff failed to find.

• The Journal of the Korea Contents Association
• /
• v.18 no.1
• /
• pp.10-18
• /
• 2018

This paper presents a method to resynthesize logic of a programmed FPGA from a bitstream file that is a downloaded file for Xilinx FPGA (Field Programmable Gate Array). It focuses on reconfiguring the LUT (Look Up Table) logic. The bitstream data is compared and analyzed considering various situations and various input variables such as composing other logics using the same netlist or synthesizing the same logic at various positions to find a structure of the bitstream. Based on the analyzed bitstream, we construct a truth table of the LUT by implementing various logic for one LUT. The proposed algorithm extracts the logic of the LUT based on the truth table of the generated LUT and the bitstream. The algorithm determines the input and output pins used to implement the logic in the LUT. As a result, we extract a gate level logic from a bitstream file for the targeted Xillinx FPGA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1339-1350
• /
• 2019

Ransomware is a malicious software which requires money to decrypt files that were encrypted. As the number of ransomware grows, the encryption process in ransomware has been more sophisticated and the strength of security has been more stronger. As a result, analysis of ransomware becomes more difficult and the number of decryptable ransomware is getting smaller. So, research on encryption process and decryption method of ransomware is necessary. In this paper, we show encryption processes of 5 ransomwares which were revealed in 2019, and analyze whether or not those ransomwares are decryptable.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.45-55
• /
• 2019

DEX file and share objects (also known as the SO file) are important components that define the behaviors of an Android application. DEX file is implemented in Java code, whereas SO file under ELF file format is implemented in native code(C/C++). The two layers - Java and native can communicate with each other at runtime. Malicious applications have become more and more prevalent in mobile world, they are equipped with different evasion techniques to avoid being detected by anti-malware product. To avoid static analysis, some applications may perform malicious behavior in native code that is difficult to analyze. Existing researches fail to extract the call relationship which includes both Java code and native code, or can not analyze multi-DEX application. In this study, we design and implement a system that effectively extracts the call relationship between Java code and native code by analyzing DEX file and SO file of Android application.

• Journal of Information Technology Services
• /
• v.9 no.4
• /
• pp.169-185
• /
• 2010

According to software growth, also software maintenance has been continuously improving. In addition, the existing concept of software maintenance process demands operational management and improvement of service task. However, when we perform maintenance task, we have several constraints about applying service based requirement to system. Therefore, in order to solve these problems, we need a study of task of process for service based maintenance. In this paper, we propose a Service based Software Maintenance Process. Proposed process based on MaRMI-RE standard for software development and maintenance and compares it with the service based representative standards. In a related works, we study activity of ITIL and identify activities and tasks for maintenance. After this, identified activities and tasks compare with activities of MaRMI-RE. And then, we derive activities and tasks of a Service based Software Maintenance Process. Finally, we validate a result by comparing the proposed process with a general service operational process.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.12
• /
• pp.99-109
• /
• 2018

Tampering involves illegally removing technologies from a protected system through reverse engineering or developing a system without proper authorization. As tampering of a weapon system is a threat to national security, anti-tampering measures are required. Precedent studies on anti-tampering have discussed the necessity, related trends, application cases, and recent cybersecurity-based or other protection methods. In a domestic situation, the Defense Technology Protection Act focuses on how to prevent technology leakage occurring in related organizations through personnel, facilities and information systems. Anti-tampering design needs to determine which technologies are protected while considering the effects of development cost and schedule. The objective of our study is to develop methods of how to select target technologies and determine counter-measures to protect these technologies. Specifically, an evaluation matrix was derived based on the risk analysis concept to select the protection of target technologies. Also, based on the concept of risk mitigation, the classification of anti-tampering techniques was performed according to its applicability and determination of application levels. Results of the case study revealed that the methods proposed can be systematically applied for anti-tampering in weapon system development.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.6
• /
• pp.155-164
• /
• 2018

Many malicious programs have been compressed or encrypted using various commercial packers to prevent reverse engineering, So malicious code analysts must decompress or decrypt them first. The OEP (Original Entry Point) is the address of the first instruction executed after returning the encrypted or compressed executable file back to the original binary state. Several unpackers, including PinDemonium, execute the packed file and keep tracks of the addresses until the OEP appears and find the OEP among the addresses. However, instead of finding exact one OEP, unpackers provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In other words, existing unpackers have difficulty in finding the correct OEP. We have developed new tool which provides fewer OEP candidate sets by adding two methods based on the property of the OEP. In this paper, we propose two methods to provide fewer OEP candidate sets by using the property that the function call sequence and parameters are same between packed program and original program. First way is based on a function call. Programs written in the C/C++ language are compiled to translate languages into binary code. Compiler-specific system functions are added to the compiled program. After examining these functions, we have added a method that we suggest to PinDemonium to detect the unpacking work by matching the patterns of system functions that are called in packed programs and unpacked programs. Second way is based on parameters. The parameters include not only the user-entered inputs, but also the system inputs. We have added a method that we suggest to PinDemonium to find the OEP using the system parameters of a particular function in stack memory. OEP detection experiments were performed on sample programs packed by 16 commercial packers. We can reduce the OEP candidate by more than 40% on average compared to PinDemonium except 2 commercial packers which are can not be executed due to the anti-debugging technique.

• Journal of Korea Multimedia Society
• /
• v.1 no.2
• /
• pp.239-248
• /
• 1998

Software reengineering is making various research for solutions against problem of maintain existing system. Reengineering has a meaning of development of softwares on existing systems through the reverse-engineering and the forward-engineering. It extracts classes from existing system's softwares to increase the comprehension of the system and enhance the maintenability of softwares. Most of the important concepts used in reengineering is composition that is restructuring of the existing objects from other components. The classes and clusters in storage have structural relationship with system's main components to reuse in the higher level. These are referenced as dynamic informations through structuring an architect for each of them. The classes are created by extractor, searcher and composer through representing existing object-oriented source code. Each of classes and clusters extract refined informations through optimization. New architecture is created from the cluster based on its classes' relationship in storage. This information can be used as an executable code later on. In this paper, we propose the tools, it presented by this thesis presents a new information to users through analysing, based on reengineering, Object-Oriented informations and practicing composition methodology. These composite classes will increase reusability and produce higher comprehension information to consist maintainability for existing codes.

• The Journal of the Korea Contents Association
• /
• v.16 no.2
• /
• pp.652-665
• /
• 2016

National Competency Standards or NCS is an educational system that emphasizes developing job-related abilities. Therefore it will be an effective solution in training field-oriented work forces if properly applied. However, in the department of social welfare, it is not easy to apply NCS to the curriculum since most academic subjects concerning social welfare focus not on practice but on theory and in addition, most of social welfare departments in junior colleges have an accredited curriculum for the 2nd degree of the social worker qualification. This means it is preposterous if NCS is applied to the curriculum without prior changes in the existing qualification system. So, this paper proposes a draft model to apply NCS to the already-accredited curriculum for the 2nd degree social workers in the junior colleges and details are as follows. Firstly, the competency units will be customized for the existing academic subjects in the curriculum rather than developing new subjects in accordance with NCS competency units. Secondly, some client-related competency units including children, seniors, the disabled are newly developed and then applied to the curriculum, which are crucial for the career development at the junior college level. Thirdly, the competency units are categorized into three types in accordance with the degree of job relevancy - type 1, type 2, type 3. Fourthly, four out of 11 basic job abilities are selected and then developed into academic subjects. Fifthly, all competency units concerning the main job market are regarded as one virtual competency unit and then arranged in the order of type 1s, type 2s and type 3s and then the scope of their study is adjusted to the job abilities required at the main job market.