• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.275-285
• /
• 2019

Web-assemblies are a new binary standard designed to improve the performance of Web browser JavaScript. Web-assemblies are becoming a new web standard that can run at near native speed with efficient execution, concise representation, and code written in multiple languages. However, current Web-assembly vulnerability verification is limited to the Web assembly interpreter language, and vulnerability verification of Web-assembly binary itself is insufficient. Therefore, it is necessary to verify the safety of the web assembly itself. In this paper, we analyze how to operate the web assembly and verify the safety of the current web-assembly. In addition, we examine vulnerability of existing web -assembly and analyze limitations according to existing safety verification method. Finally, we introduce web-assembly API based fuzzing method to overcome limitation of web-assembly safety verification method. This verifies the effectiveness of the proposed Fuzzing by detecting crashes that could not be detected by existing safety verification tools.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.753-762
• /
• 2021

WebAssembly(WASM) is a low-level instruction format that can be run in a web environment. Since WASM has a excellent performance, various web applications use webassembly. However, according to our security analysis WASM has a security pitfall related to control flow integrity (CFI) for indirect calls. To address the problem in this paper we propose a new code instrumentation scheme to protect indirect calls, named WACFI. Specifically WACFI enhances a CFI technique for indirect call in WASM based on source code anlysis and binary instrumentation. To test the feasibility of WACFI, we applied WACFI to a sound-encoding application. According to our experimental results WACFI only adds 2.75% overhead on the execution time while protecting indirect calls safely.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.337-344
• /
• 2023

Modern OSs, including Linux, show high scalability by adopting a monolithic kernel design, but have weak security because they share all memory space. This study presents a kernel module that are isolated inside the kernel using WebAssembly. WebAssembly provides a high-performance virtual machine by defining a low-level instruction set while guaranteeing memory safety. In this paper, the WebAssembly execution environment is implemented inside the kernel, allowing developers to control the operation of kernel modules and achieving higher security.

• Journal of Advanced Navigation Technology
• /
• v.23 no.4
• /
• pp.328-332
• /
• 2019

Advances in web technology have enabled technical convergence in various system environments to be carried out through the web interface. The Web can be categorized from the Web 1.0 to the 4.0, depending on its role, it has the characteristics of connects information, connects people, connects knowledge, and connects intelligence. In addition, various technological needs occurred through the mobile app during the 4th Industrial Revolution, and functions such as 3D, virtual reality, augmented reality, video/audio processing were enabled on the web, which was a simple means of providing information. Technical standards have been studied to support these period needs. In this paper, I would like to mention one of the Web assembly. We will explore ways to link and fuse Web assembly with existing web systems (or platforms) and analyze their technical implications through a variety of examples. In addition, we will conduct a study on the architecture that can fuse the existing javascript with the web assembly, and discuss the future direction of the study.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.5
• /
• pp.731-742
• /
• 2022

PIPO is the latest domestic lightweight block cipher announced in ICISC'20, which is characterized by being lightweight to facilitate implementation on IoT with limited resources. In this paper, PIPO 64/128-bit and 64/256-bit were implemented using web-based languages such as Javascript and WebAsembly. Two methods of performance evaluation were conducted by implementing bitsice and TLU, and the performance was compared by implementing Looped written using for statements and Unrolled written for statements. It performs performance evaluations in various web browsers such as Google Chrome, Mozilla Firefox, Opera, and Microsoft Edge, as well as OS-specific environments such as Windows, Linux, Mac, iOS, and Android. In addition, a performance comparison was performed with PIPO implemented in C language. This can be used as an indicator for applying PIPO block cipher on the web.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.35-36
• /
• 2024

WebAssembly(WASM)는 웹브라우저용 바이트코드로, 다양한 언어로 작성한 코드를 손쉽게 한번에 실행할 수 있고, 기존 고수준 언어를 사용하여 웹 애플리케이션을 개발할 수 있다. WASM 은 사용자와의 실시간 소통을 필요로 하는 웹용으로 개발되었기 때문에 성능이 중요한 요소로 꼽힌다. 이 논문에서는 대표적인 WASM 컴파일러인 emscripten 과 cheerp 에 대해 각각 생성된 코드의 성능을 측정하여 최적화 정도를 비교한다. 실험 결과 emscripten 의 최적화 수준이 더욱 높았으나, 두 컴파일러의 성능 간 상충 관계가 발견되었다.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2004.05a
• /
• pp.741-744
• /
• 2004

원격 교육시스템의 구현은 인터넷의 기술의 급격한 발전과 함께 활발하게 연구가 진행 되고 있다. 공학 분야에서 원격 교육시스템을 구현하는데 가장 큰 제약사항은 하드웨어의 제어이다. 본 연구에서는 8051 원격 컴파일 시스템을 구현하였으며, 시스템의 구성은 학습자가 웹에서 8051실습 키트를 직접 제어해보며 학습하도록 할 것이다. 학습자는 C언어와 어셈블리어로 8051제어 소스를 작성하고 작성된 소스 파일을 서버에 업로드 하여 컴파일 및 링크할 수 있다 이 과정을 통해 생성된 실행파일을 서버에 연결되어있는 8051 실습키트에 다운로드하여 실행하도록 구현하였다. 또한, 실링 결과의 확인은 웹 카메라를 통해 학습자의 PC에 영상데이터를 전송하여 8051키트의 동작을 학습자들이 확인하게 된다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.154-155
• /
• 2023

WebAssembly(Wasm)은 웹에서 네이티브에 가까운 속도로 실행 가능하고, 고성능 어플리케이션의 구현도 가능하기 때문에 브라우저 및 기타 플랫폼에서 활발히 사용되고 있다. 이로 인해 Wasm에 대한 보안성이 대두되고 있는데, 이때 취약점을 탐지하는 Fuzzing 기법을 적용한 연구들이 있다. Fuzzing 기법에 대한 분류 및 대표적인 도구를 소개하고 각 기법 간 차이점 및 한계점과 향후 연구 방향을 제시한다.

• The KIPS Transactions:PartD
• /
• v.18D no.1
• /
• pp.35-44
• /
• 2011

Memory errors can cause not only program malfunctions but also even unexpected system halt. Though a programmer checks memory errors, some memory errors with low occurrence frequency are missed to detect. In this paper, we propose a method for effectively detecting such memory errors using instruction transition diagrams through analyzing assembly codes obtained by disassembling an executable file. Out of various memory errors, local memory return errors, null pointer access errors and uninitialized pointer access errors are targeted for detection. When applying the proposed method to various programs including well-known open source programs such as Apache web server and PHP script interpreter, some potential memory errors are detected.

• Journal of Advanced Navigation Technology
• /
• v.23 no.1
• /
• pp.55-60
• /
• 2019

The web is one of the most intimate technologies in people's daily lives, and most of the time, people are sharing data on the web. Simple messenger, news, video, as well as various data are now spreading through the web. In addition, with the emergence of Web assembly technology, the programs that run in the existing native environment start to enter the domain of the Web, and the data shared by the Web is now getting wider and larger in terms of VR / AR contents and big data. Therefore, in this paper, we have studied how to effectively deliver web contentsto users who use Web service by using service worker that can operate independently without being dependent on browser and cache API that can effectively store data in web browser.