• Title/Summary/Keyword: Executable File

Search Result 63, Processing Time 0.035 seconds

Protecting Technique for the Executable File of Virtual Machines (가상기계 실행파일을 위한 보호 기법)

  • Park, Ji-Woo;Yi, Chang-Hwan;Oh, Se-Man
    • Journal of Korea Multimedia Society
    • /
    • v.10 no.5
    • /
    • pp.668-678
    • /
    • 2007
  • The development of a wire and wireless communication technologies might permit easily accessing on various information. But, the easiness of accessing information has basically the problem of an unintended information outflow. An executable file which has key algorithms, data and resources for itself has very weak point in the security. Because the various information such as algorithms, data and resources is included in an executable file on embedded systems or virtual machines, the information outflow problem may appear more seriously. In this paper, we propose a technique which can be protecting the executable file contents for resolving the outflow problem through the encryption. Experimentally, we applied the proposed technique to EVM-the virtual machine for embedded system and verified it. Also, we tried a benchmark test for the proposed technique and obtained reasonable performance overhead.

  • PDF

Automated Applying Greybox Fuzzing to C/C++ Library Using Unit Test (유닛테스트를 활용한 c/c++ 라이브러리 그레이박스 퍼징 적용 자동화)

  • Jang, Joon Un;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.807-819
    • /
    • 2019
  • Greybox fuzzing is known as an effective method to discover unknown security flaws reside in software and has been actively researched today. However, most of greybox fuzzing tools require an executable file. Because of this, a library, which cannot be executed by itself requires an additional executable file for greybox fuzzing. Generating such an executable file is challengeable because it requires both understanding of the library and fuzzing. In this research, we suggest the approach to generate an executable file automatically for a library and implement this approach as a tool based on the LLVM framework. This tool shows that executable files and seed files can be generated automatically by static/dynamic analysis of a unit test in the target project. A generated executable file is compatible with various greybox fuzzers like AFL because it has a common interface for greybox fuzzers. We show the performance of this tool as code coverage and discovered unknown security bugs using generated executable files and seed files from open source projects through this tool.

An Executable File formal for Embedded Virtual Machine (임베디드 가상 기계를 위한 실행파일포맷)

  • Cheong, Hang-Jong;Oh, Se-Man
    • Journal of Korea Multimedia Society
    • /
    • v.8 no.5
    • /
    • pp.721-728
    • /
    • 2005
  • A virtual machine is a conceptual computer with a logical system configuration, made of software unlike physical systems made of hardware. Virtual machine technology for embedded systems is a requisite software technology for download solutions such as mobile devices, digital TVs, etc. At present, a research of virtual machines for embedded systems named EVM(Embedded Virtual Machine) is in progress. As a part of the research, we define the EFF(Executable File Format) as a file format for embedded systems. We also prove completeness of EFF by structurally mapping class file widely used to EFF.

  • PDF

An improved extraction technique of executable file from physical memory by analyzing file object (파일 오브젝트 분석 기반 개선된 물리 메모리 실행 파일 추출 방법)

  • Kang, Youngbok;Hwang, Hyunuk;Kim, Kibom;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.5
    • /
    • pp.861-870
    • /
    • 2014
  • According to the intelligence of the malicious code to extract the executable file in physical memory is emerging as an import researh issue. In previous physical memory studies on executable file extraction which is targeting running files, they are not extracted as same as original file saved in disc. Therefore, we need a method that can extract files as same as original one saved in disc and also can analyze file-information loaded in physical memory. In this paper, we provide a method that executable file extraction by analyzing information of Windows kernel file object. Also we analyze the characteristic of physical memory loaded file data from the experiment and we demonstrate superiority because the suggested method can effectively extract more of original file data than the existing method.

Program Execution Speed Improvement using Executable Compression Method on Embedded Systems (임베디드 시스템에서 실행 가능 압축 기법을 이용한 프로그램 초기 실행 속도 향상)

  • Jeon, Chang-Kyu;Lew, Kyeung-Seek;Kim, Yong-Deak
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.49 no.1
    • /
    • pp.23-28
    • /
    • 2012
  • The performance improvement of the secondary storage is very slow compared to the main memory and processor. The data is loaded from secondary storage to memory for the execution of an application. At this time, there is a bottleneck. In this paper, we propose an Executable Compression Method to speed up the initial loading time of application. and we examined the performance. So we implemented the two applications. The one is a compressor for Execution Binary File. and The other is a decoder of Executable Compressed application file on the Embedded System. Using the test binary files, we performed the speed test in the six files. At the result, one result showed that the performance was decreased. but others had a increased performance. the average increasing rate was almost 29% at the initial loading time. The level of compression had different characteristics of the file. And the performance level was dependent on the file compressed size and uncompress time. so the optimized compression algorithm will be needed to apply the execution binary file.

A Classification Method for Executable Files based on Comparison of Undocumented Information in the PE Header (실행파일 헤더내 문서화되지 않은 정보의 비교를 통한 실행파일 분류 방법)

  • Kim, Jung-Sun;Kang, Jung-Min;Kim, Kang-San;Shin, Wook
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.1
    • /
    • pp.43-50
    • /
    • 2013
  • File identification and analysis is an important process of computer forensics, since the process determines which subjects are necessary to be collected and analyzed as digital evidence. An efficient file classification aids in the file identification, especially in case of copyright infringement where we often have huge amounts of files. A lot of file classification methods have been proposed by far, but they have mostly focused on classifying malicious behaviors based on known information. In copyright infringement cases, we need a different approach since our subject includes not only malicious codes, but also vast number of normal files. In this paper, we propose an efficient file classification method that relies on undocumented information in the header of the PE format files. Out method is useful in copyright infringement cases, being applied to any sort of PE format executable file whether the file is malicious, packed, mutated, transformed, virtualized, obfuscated, or not.

A Recovery Method of External Symbol Information in Statically-Linked ELF Files (정적 링크된 ELF 파일에서의 외부 심볼 정보 복구 기법)

  • Kim, Jung-In
    • Journal of Korea Multimedia Society
    • /
    • v.13 no.2
    • /
    • pp.161-170
    • /
    • 2010
  • ELF, an abbreviation for Executable and Linkable Format, is the basic file format for shared libraries and executable files used in the Linux system, whereas 'Linker' copies the symbol information of static shared libraries into the symbol table in the target file generated by way of static linking. At this time, the symbol table keeps various pieces of debugging-related information including function names provided by the shared libraries, and it can be deleted to avoid debugging for security reasons by utilizing the fact that it does not directly affect the program execution. This paper proposes a method for restoring the symbol information of static shared libraries from the ELF object file in which the symbol table is deleted, and confirms that the symbol information is restored by conducting practical experiments.

Generating a Modified RLC(MRLC) from Gerber File for the PCB Inspection (컴퓨터 비젼에 의한 PCB 검사를 위한 검사 정보 생성 시스템 개발)

  • Lee, Cheol-Soo;Go, Eun-Hee
    • IE interfaces
    • /
    • v.11 no.2
    • /
    • pp.79-92
    • /
    • 1998
  • For the PCB inspection by computer vision, in some cases, the MRLC file should prepared. The MRLC file contains a RLC(Run Length Code) and a direction flag. In this paper, a generating method of MRLC is described. It is composed of two procedure as followings; (i) rasterizing Gerber file which is a vectorized image of PCB panel, and (ii) calculating a MRLC that is useful for the inspection as a template image. The suggested procedures are written in C-language and executable on Windows 95 and Windows NT.

  • PDF

A Technique for Protecting Android Applications using Executable Code Encryption and Integrity Verification (실행코드 암호화 및 무결성 검증을 적용한 안드로이드앱 보호 기법)

  • Shim, HyungJoon;Cho, Sangwook;Jeong, Younsik;Lee, Chanhee;Han, Sangchul;Cho, Seong-je
    • Journal of Software Assessment and Valuation
    • /
    • v.10 no.1
    • /
    • pp.19-26
    • /
    • 2014
  • In this paper, we propose a method for protecting Android applications against reverse engineering attacks. In this method, the server encrypts the original executable code (DEX) included in an APK file, inserts into the APK file a stub code that decrypts the encrypted DEX later at run-time, and distributes the modified APK file. The stub code includes an integrity validation code to detect attacks on itself. When a user installs and executes the APK file, the stub code verifies the integrity of itself, decrypts the encrypted DEX, and loads it dynamically to execute. Since the original DEX is distributed as an encrypted one, we can effectively protect the intellectual property. Further, by verifying the integrity of the stub code, we can prevent malicious users from bypassing our method. We applied the method to 15 Android apps, and evaluated its effectiveness. We confirmed that 13 out of them operates normally.

Measuring Similarity of Android Applications Using Method Reference Frequency and Manifest Information (메소드 참조 빈도와 매니페스트 정보를 이용한 안드로이드 애플리케이션들의 유사도 측정)

  • Kim, Gyoosik;Hamedani, Masoud Reyhani;Cho, Seong-je;Kim, Seong Baeg
    • The Journal of Korean Institute of Next Generation Computing
    • /
    • v.13 no.3
    • /
    • pp.15-25
    • /
    • 2017
  • As the value and importance of softwares are growing up, software theft and piracy become a much larger problem. To tackle this problem, it is highly required to provide an accurate method for detecting software theft and piracy. Especially, while software theft is relatively easy in the case of Android applications (apps), screening illegal apps has not been properly performed in Android markets. In this paper, we propose a method to effectively measure the similarity between Android apps for detecting software theft at the executable file level. Our proposed method extracts method reference frequency and manifest information through static analysis of executable Android apps as the main features for similarity measurement. Each app is represented as an n-dimensional vectors with the features, and then cosine similarity is utilized as the similarity measure. We demonstrate the effectiveness of our proposed method by evaluating its accuracy in comparison with typical source code-based similarity measurement methods. As a result of the experiments for the Android apps whose source file and executable file are available side by side, we found that our similarity degree measured at the executable file level is almost equivalent to the existing well-known similarity degree measured at the source file level.