• Journal of Korea Multimedia Society
• /
• v.10 no.5
• /
• pp.668-678
• /
• 2007

The development of a wire and wireless communication technologies might permit easily accessing on various information. But, the easiness of accessing information has basically the problem of an unintended information outflow. An executable file which has key algorithms, data and resources for itself has very weak point in the security. Because the various information such as algorithms, data and resources is included in an executable file on embedded systems or virtual machines, the information outflow problem may appear more seriously. In this paper, we propose a technique which can be protecting the executable file contents for resolving the outflow problem through the encryption. Experimentally, we applied the proposed technique to EVM-the virtual machine for embedded system and verified it. Also, we tried a benchmark test for the proposed technique and obtained reasonable performance overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.807-819
• /
• 2019

Greybox fuzzing is known as an effective method to discover unknown security flaws reside in software and has been actively researched today. However, most of greybox fuzzing tools require an executable file. Because of this, a library, which cannot be executed by itself requires an additional executable file for greybox fuzzing. Generating such an executable file is challengeable because it requires both understanding of the library and fuzzing. In this research, we suggest the approach to generate an executable file automatically for a library and implement this approach as a tool based on the LLVM framework. This tool shows that executable files and seed files can be generated automatically by static/dynamic analysis of a unit test in the target project. A generated executable file is compatible with various greybox fuzzers like AFL because it has a common interface for greybox fuzzers. We show the performance of this tool as code coverage and discovered unknown security bugs using generated executable files and seed files from open source projects through this tool.

• Journal of Korea Multimedia Society
• /
• v.8 no.5
• /
• pp.721-728
• /
• 2005

A virtual machine is a conceptual computer with a logical system configuration, made of software unlike physical systems made of hardware. Virtual machine technology for embedded systems is a requisite software technology for download solutions such as mobile devices, digital TVs, etc. At present, a research of virtual machines for embedded systems named EVM(Embedded Virtual Machine) is in progress. As a part of the research, we define the EFF(Executable File Format) as a file format for embedded systems. We also prove completeness of EFF by structurally mapping class file widely used to EFF.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.861-870
• /
• 2014

According to the intelligence of the malicious code to extract the executable file in physical memory is emerging as an import researh issue. In previous physical memory studies on executable file extraction which is targeting running files, they are not extracted as same as original file saved in disc. Therefore, we need a method that can extract files as same as original one saved in disc and also can analyze file-information loaded in physical memory. In this paper, we provide a method that executable file extraction by analyzing information of Windows kernel file object. Also we analyze the characteristic of physical memory loaded file data from the experiment and we demonstrate superiority because the suggested method can effectively extract more of original file data than the existing method.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.1
• /
• pp.23-28
• /
• 2012

The performance improvement of the secondary storage is very slow compared to the main memory and processor. The data is loaded from secondary storage to memory for the execution of an application. At this time, there is a bottleneck. In this paper, we propose an Executable Compression Method to speed up the initial loading time of application. and we examined the performance. So we implemented the two applications. The one is a compressor for Execution Binary File. and The other is a decoder of Executable Compressed application file on the Embedded System. Using the test binary files, we performed the speed test in the six files. At the result, one result showed that the performance was decreased. but others had a increased performance. the average increasing rate was almost 29% at the initial loading time. The level of compression had different characteristics of the file. And the performance level was dependent on the file compressed size and uncompress time. so the optimized compression algorithm will be needed to apply the execution binary file.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.1
• /
• pp.43-50
• /
• 2013

File identification and analysis is an important process of computer forensics, since the process determines which subjects are necessary to be collected and analyzed as digital evidence. An efficient file classification aids in the file identification, especially in case of copyright infringement where we often have huge amounts of files. A lot of file classification methods have been proposed by far, but they have mostly focused on classifying malicious behaviors based on known information. In copyright infringement cases, we need a different approach since our subject includes not only malicious codes, but also vast number of normal files. In this paper, we propose an efficient file classification method that relies on undocumented information in the header of the PE format files. Out method is useful in copyright infringement cases, being applied to any sort of PE format executable file whether the file is malicious, packed, mutated, transformed, virtualized, obfuscated, or not.

• Journal of Korea Multimedia Society
• /
• v.13 no.2
• /
• pp.161-170
• /
• 2010

ELF, an abbreviation for Executable and Linkable Format, is the basic file format for shared libraries and executable files used in the Linux system, whereas 'Linker' copies the symbol information of static shared libraries into the symbol table in the target file generated by way of static linking. At this time, the symbol table keeps various pieces of debugging-related information including function names provided by the shared libraries, and it can be deleted to avoid debugging for security reasons by utilizing the fact that it does not directly affect the program execution. This paper proposes a method for restoring the symbol information of static shared libraries from the ELF object file in which the symbol table is deleted, and confirms that the symbol information is restored by conducting practical experiments.

• IE interfaces
• /
• v.11 no.2
• /
• pp.79-92
• /
• 1998

For the PCB inspection by computer vision, in some cases, the MRLC file should prepared. The MRLC file contains a RLC(Run Length Code) and a direction flag. In this paper, a generating method of MRLC is described. It is composed of two procedure as followings; (i) rasterizing Gerber file which is a vectorized image of PCB panel, and (ii) calculating a MRLC that is useful for the inspection as a template image. The suggested procedures are written in C-language and executable on Windows 95 and Windows NT.

• Journal of Software Assessment and Valuation
• /
• v.10 no.1
• /
• pp.19-26
• /
• 2014

In this paper, we propose a method for protecting Android applications against reverse engineering attacks. In this method, the server encrypts the original executable code (DEX) included in an APK file, inserts into the APK file a stub code that decrypts the encrypted DEX later at run-time, and distributes the modified APK file. The stub code includes an integrity validation code to detect attacks on itself. When a user installs and executes the APK file, the stub code verifies the integrity of itself, decrypts the encrypted DEX, and loads it dynamically to execute. Since the original DEX is distributed as an encrypted one, we can effectively protect the intellectual property. Further, by verifying the integrity of the stub code, we can prevent malicious users from bypassing our method. We applied the method to 15 Android apps, and evaluated its effectiveness. We confirmed that 13 out of them operates normally.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.3
• /
• pp.15-25
• /
• 2017

As the value and importance of softwares are growing up, software theft and piracy become a much larger problem. To tackle this problem, it is highly required to provide an accurate method for detecting software theft and piracy. Especially, while software theft is relatively easy in the case of Android applications (apps), screening illegal apps has not been properly performed in Android markets. In this paper, we propose a method to effectively measure the similarity between Android apps for detecting software theft at the executable file level. Our proposed method extracts method reference frequency and manifest information through static analysis of executable Android apps as the main features for similarity measurement. Each app is represented as an n-dimensional vectors with the features, and then cosine similarity is utilized as the similarity measure. We demonstrate the effectiveness of our proposed method by evaluating its accuracy in comparison with typical source code-based similarity measurement methods. As a result of the experiments for the Android apps whose source file and executable file are available side by side, we found that our similarity degree measured at the executable file level is almost equivalent to the existing well-known similarity degree measured at the source file level.