• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11b
• /
• pp.430-432
• /
• 2005

자바 언어는 객체 지향 언어이며 이식성에 좋은 언어로써 각광을 받고 있다. 하지만 자바 프로그램은 이식성은 좋지만 실행 시 인터프리터 방식으로 사용하기 때문에 실행속도가 느리다는 단점이 있다. 또한 바이트코드는 스택기반의 코드이기 때문에 코드 단편화 문제점과 스택 접근 연산들을 사용하여 프로그램 분석이 용이 하지 않고, 단순한 변환을 복잡하게 만들 수 있다는 단점이 있다. 따라서 바이트코드 자체로 분석과 최적화하기가 용이 하지 못하다. 본 논문에서는 바이트코드의 분석을 위한 트리구조 중간코드를 제안 한다. 트리구조 중간코드는 스택기반 코드의 문제점을 보완하고, 기존에 3-주소 형태의 최적화 기법들을 적용할 수 있다는 장점이 있다. 본 논문은 바이트코드와 각종 정보를 가지고 있는 클래스 파일을 입력받아 분석 후 기본블록을 나누고 BNF코드를 바탕으로 트리구조 중간코드를 생성하게 된다. 생성된 중간코드를 가지고 제어 흐름 그래프를 만들게 된다. 이러한 방식으로 트리구조 중간코드를 설계하게 된다.

• The KIPS Transactions:PartD
• /
• v.15D no.1
• /
• pp.87-98
• /
• 2008

In company with the demand of powerful processing units for embedded systems, the method to develop embedded software is also required to support the demand in new approach. In order to improve the resource utilization and system performance, software modeling techniques have to consider the features of hardware architecture. This paper proposes a partitioning technique of UML-based software models, which focus the generation of the allocatable software components into multiprocessor architecture. Our partitioning technique, at first, transforms UML models to CBCFGs(Constraint-Based Control Flow Graphs), and then slices the CBCFGs with consideration of parallelism and data dependency. We believe that our proposition gives practical applicability in the areas of platform specific modeling and performance estimation in model-driven embedded software development.

• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.3_4
• /
• pp.152-159
• /
• 2004

The Grid system is an emerging computing infrastructure that will substitute for existing distributed systems. However end users have a difficulty in using the Grid because of its complicated usage, which is an inherent characteristic from the heterogeneous mechanism of the Grid. In this paper, we present the JCML(Job Control Markup Language) and its GUI-based editor, which not only provide users with ease of use, improved working environment, but assist users to execute their jobs efficiently The JCML is a job control language that improves the RSL of Globus, which defines global services in Grid. The JCML is designed to support flexibility among various Grid services using standard XML. And it makes use of a graph representation method, GXL(Graph eXchange Language), to specify detailed job properties and dependencies among jobs using nodes and edges. The JCML editor provides users with GUI-based interface. With the JCML editor, a complicated job order can be easily completed using very simple manipulations with a mouse, such as a drag-and-drop.

• The KIPS Transactions:PartD
• /
• v.12D no.4 s.100
• /
• pp.569-582
• /
• 2005

As information and business communication via Internet are growing up, web-based software is wide spread and more important on the viewpoint of software qualify than stand-alone. Research on verification of web content links and web-based Program was tried, but has short on covering various types of web based software and making experiments to be applied in real testing practice. This paper suggests a modeling technique to be applied to dynamic and various types of web-based software. First, it identifies each elements consisting of web-based software and then construct a model of Object Control Flow Graph and Object Relationship Diagram. We can generate test cases covering all test paths of ORD or invoking key points test route. Suggested modeling method and test case selection technique are verified by applying five types of web-based software and compared with other web-based test techniques.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.181-186
• /
• 2017

The system optimization is a technique that changes the structure of the program in order to extract the duplicated modules without changing the source code, reuse of the extracted module. Structure-oriented development and object-oriented development are efficient at crosscutting concern modular, however can't be modular of crosscutting concept. To apply the crosscutting concept in an existing system, there is a need to a extracting technique for distributed system optimization module within the system. This paper proposes a method for extracting the redundant modules in the completed system. The proposed method extracts elements that overlap over a source code analysis to analyze the data dependency and control dependency. The extracted redundant element is used to program dependency analysis for the system optimization. Duplicated dependency analysis result is converted into a control flow graph, it is possible to produce a minimum crosscutting module. The element extracted by dependency analysis proposes a system optimization method which minimizes the duplicated code within system by setting the crosscutting concern module.

• Journal of KIISE
• /
• v.41 no.10
• /
• pp.859-869
• /
• 2014

In recent years, the obfuscation techniques are commonly exploited to protect malwares, so obfuscated malwares have become a big threat. Especially, it is extremely hard to analyze virtualization-obfuscated malwares based on unusual virtual machines, because the original program is hidden by the virtual machine as well as its semantics is mixed with the semantics of the virtual machine. To confront this threat, we suggest a framework to analyze virtualization-obfuscated programs based on the dynamic analysis. First, we extract the dynamic execution trace of the virtualization-obfuscated executables. Second, we analyze the traces by translating machine instruction sequences into the intermediate representation and extract the virtual machine architecture by constructing dynamic context flow graphs. Finally, we extract abstract semantics of the original program using the extracted virtual machine architecture. In this paper, we propose a method to extract the information of the original program from a virtualization-obfuscated program by some commercial obfuscation tools. We expect that our tool can be used to understand virtualization-obfuscated programs and integrate other program analysis techniques so that it can be applied to analysis of the semantics of original programs using the abstract semantics.

• The Journal of the Korea Contents Association
• /
• v.5 no.3
• /
• pp.73-81
• /
• 2005

CTOC(Classes To Optimized Classes) is a Java bytecode framework for optimization and analysis. Although Java bytecode has a significant amount of type information embedded in it, there are no explicit types for local variables. However, knowing types for local variables is very useful for both program optimization and analysis. This paper is a first part of CTOC framework. In this paper, we present methods for inferring static types for local variables in a 3-address, stackless, representation of Java bytecode. We use SSA Form(Single Static Assignment Form) for spliting local variables. Splited local variables will use to prepare for static type inference.

• Journal of KIISE:Software and Applications
• /
• v.30 no.1_2
• /
• pp.73-80
• /
• 2003

The Java programming language is designed for developing effective applications in a heterogeneous network environment. Major problem in Java is its performance. many attractive features of Java make the development of software easy, but also make it expensive to support ; applications written in Java are often much slower than their counterparts written in C or C++. To use Java`s attractive features without the performance penalty, sophisticated optimizations and runtime systems are required. Optimising Java bytecode has several advantages. First, the bytecode is independent of any compiler that is used to generate it. Second, the bytecode optimization can be performed as a pre=pass to Just-In-Time(JIT) compilation. Many attractive features of Java make the development of software easy, but also make it expensive to support. The goal of this work is to develop automatic construction of code optimizer for Java bytecode. We`ve designed and implemented a Bytecode Optimizer that performs the peephole optimization, bytecode-specific optimization, and method-inlining techniques. Using the Classfile optimizer, we see up to 9% improvement in speed and about 20% size reduction in Java class files, when compared to average code using the interpreter alone.

• Journal of Software Assessment and Valuation
• /
• v.16 no.1
• /
• pp.65-79
• /
• 2020

As Programmable Logic Controllers (PLCs), popular components in industrial control systems (ICS), are incorporated with the technologies such as micro-controllers, real-time operating systems, and communication capabilities. As the latest PLCs have been connected to the Internet, they are becoming a main target of cyber threats. This paper proposes two sanitizers that improve the security of uC/OS-II based firmware for a PLC. That is, we devise BU sanitizer for detecting out-of-bounds accesses to buffers and UaF sanitizer for fixing use-after-free bugs in the firmware. They can sanitize the binary firmware image generated in a desktop PC before downloading it to the PLC. The BU sanitizer can also detect the violation of control flow integrity using both call graph and symbols of functions in the firmware image. We have implemented the proposed two sanitizers as a prototype system on a PLC running uC/OS-II and demonstrated the effectiveness of them by performing experiments as well as comparing them with the existing sanitizers. These findings can be used to detect and mitigate unintended vulnerabilities during the firmware development phase.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.657-667
• /
• 2020

The Android framework allows apps to take full advantage of personal information through granting single permission, and does not determine whether the data being leaked is actual personal information. To solve these problems, we propose a tool with static/dynamic analysis. The tool analyzes the Source and Sink used by the target app, to provide users with information on what personal information it used. To achieve this, we extracted the Source and Sink through Control Flow Graph and make sure that it leaks the user's privacy when there is a Source-to-Sink flow. We also used the sensitive permission information provided by Google to obtain information from the sensitive API corresponding to Source and Sink. Finally, our dynamic analysis tool runs the app and hooks information from each sensitive API. In the hooked data, we got information about whether user's personal information is leaked through this app, and delivered to user. In this process, an automated Source/Sink classification model was applied to collect latest Source/Sink information, and the we categorized latest release version of Android(9.0) with 88.5% accuracy. We evaluated our tool on 2,802 APKs, and found 850 APKs that leak personal information.