• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.5
• /
• pp.199-206
• /
• 2023

The current software becomes the huge size of source codes. Therefore it is increasing the importance and necessity of static analysis for high-quality product. With static analysis of the code, it needs to identify the defect and complexity of the code. Through visualizing these problems, we make it guild for developers and stakeholders to understand these problems in the source codes. Our previous visualization research focused only on the process of storing information of the results of static analysis into the Database tables, querying the calculations for quality indicators (CK Metrics, Coupling, Number of function calls, Bad-smell), and then finally visualizing the extracted information. This approach has some limitations in that it takes a lot of time and space to analyze a code using information extracted from it through static analysis. That is since the tables are not normalized, it may occur to spend space and time when the tables(classes, functions, attributes, Etc.) are joined to extract information inside the code. To solve these problems, we propose a regularized design of the database tables, an extraction mechanism for quality metric indicators inside the code, and then a visualization with the extracted quality indicators on the code. Through this mechanism, we expect that the code visualization process will be optimized and that developers will be able to guide the modules that need refactoring. In the future, we will conduct learning of some parts of this process.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.37-41
• /
• 2019

Recently, due to the appearance of various types of malware, the existing static analysis exposes many limitations. Static analysis means analyzing the structure of a code or program with source code or object code without actually executing the (malicious) code. On the other hand, dynamic analysis in the field of information security generally refers to a form that directly executes and analyzes (malware) code, and compares and examines and analyzes the state before and after execution of (malware) code to grasp the execution flow of the program. However, dynamic analysis required analyzing huge amounts of data and logs, and it was difficult to actually store all execution flows. In this paper, we propose and implement a preprocessor architecture of a system that performs malware detection and real-time multi-dynamic analysis based on 2nd generation PT in Windows environment (Windows 10 R5 and above).

• Proceedings of the KSR Conference
• /
• 2011.10a
• /
• pp.2493-2502
• /
• 2011

For Static analysis of software code, an experienced tester prefer detecting defects with using selective static technique. Many cases of static method have been reported such as coding rules, software metrics, defect data, etc. However, many of analysis case only present effectiveness of static analysis, not enough description for how the tester judged to classify code defects used in code analysis and removed them properly for ensure high quality. Occasionally, there are materials to show the effect of through some examples through some examples. But difficult to gain trust, because of not enough detail for application process. In this paper, introduced the static technique commonly used in railway and applied to the real development challenges. And the each of results were compared and analyzed. It is hard to generalize the results of this parer. But can be used and referenced as a case of study.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.5
• /
• pp.420-427
• /
• 2013

Recently, for secure software development, static analysis tools have been used mostly to analyze the source code of the software and identify software weaknesses caused of vulnerabilities. In order to select the optimal static analysis tool, both weaknesses rules and analysis capabilities of the tool are important factors. Therefore, in this paper we propose the test codes developed for evaluating the rules and analysis capabilities of the tools. The test codes to involve 43 weaknesses such as SQL injection etc. can be used to evaluate the adequacy of the rules and analysis capabilities of the tools.

• The Journal of the Korea Contents Association
• /
• v.10 no.5
• /
• pp.70-79
• /
• 2010

We perform static program analysis for the binary code. The reason you want to analyze at the level of binary code, installed on your local computer, run the executable file without source code. And the reason we want to perform static analysis, static program analysis is to understand what actions to perform on your local computer. In this paper, execution flow graph representing information such as the execution order among functions and the flow of control is generated. Using graph, User can find execution flow of binary file and calls of insecure functions at the same time, and the graph should facilitate the analysis of binary files. In addition, program to be run is ensured the safety by providing an automated way to search the flow of execution, and program to be downloaded and installed from outside is determined whether safe before running.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.3
• /
• pp.683-688
• /
• 2015

Recently, various static analysis tools for software defect detection are becoming widely used in practice. However, there is little public information of the most frequent defects in commercial areas until now. In this paper, we analyze the defects found by CodeSonar, a static analysis tool that finds defects in C/C++, Java programs. So we report the most frequent defects by various aspects in Dongnam area, Korea.

• Proceedings of the Korea Committee for Ocean Resources and Engineering Conference
• /
• 2001.10a
• /
• pp.68-72
• /
• 2001

Two different methods of free span analysis of offshore pipelines by DnV codes were introduced and compared in order to calculate the allowable free span lengths of the offshore pipelines. The allowable span lengths of the offshore pipelines for installation, hydrotest and operation conditions by static and dynamic span analysis were determined. Static analysis was performed by ASME codes and dynamic span analysis was performed by both 1981 DnV code. Comparison of two codes were carried out. A new design procedure to calculate the allowable span lengths was developed with new DnV code.

• Earthquakes and Structures
• /
• v.14 no.6
• /
• pp.505-523
• /
• 2018

Static pushover analyses of typical existing reinforced concrete frames, designed according to the previous generations of design codes in Greece, have established these structures' inelastic characteristics, namely overstrength, global ductility capacity and available behaviour factor q, under planar response. These were compared with the corresponding demands at the collapse limit state target performance point. The building stock considered accounted for the typical variability, among different generations of constructed buildings in Greece, in the form, the seismic design code in effect and the material characteristics. These static pushover analyses are extended, in the present study, in the time history domain. Consequently, the static analysis predictions are compared with Incremental Dynamic Analysis results herein, using a large number of spectrum compatible recorded base excitations of recent destructive earthquakes in Greece and abroad, following, for comparison, similar conventional limiting failure criteria as before. It is shown that the buildings constructed in the 70s exhibit the least desirable behaviour, followed by the buildings constructed in the 60s. As the seismic codes evolved, there is a notable improvement for buildings of the 80s, when the seismic code introduced end member confinement and the requirement for a joint capacity criterion. Finally, buildings of the 90s, designed to modern codes exhibit an exceptionally good performance, as expected by the compliance of this code to currently enforced seismic provisions worldwide.

• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.51-59
• /
• 2015

JavaScript is a popular technique for activating static HTML. JavaScript has drawn more attention following the introduction of HTML5 Standard. In proportion to JavaScript's growing importance, attacks (ex. DDos, Information leak using its function) become more dangerous. Since these attacks do not create a trail, whether the JavaScript code is malicious or not must be decided. The real attack action is completed while the browser runs the JavaScript code. For these reasons, there is a need for a real-time classification and determination technique for malicious JavaScript. This paper proposes the Analysis Engine for detecting malicious JavaScript by adopting the requirements above. The analysis engine performs static analysis using signature-based detection and dynamic analysis using behavior-based detection. Static analysis can detect malicious JavaScript code, whereas dynamic analysis can detect the action of the JavaScript code.

• Transactions of the Korean Society of Mechanical Engineers A
• /
• v.33 no.11
• /
• pp.1239-1243
• /
• 2009

To evaluate the structural integrity of the nuclear seismic category penetration cooling water pump under the seismic service conditions the seismic analysis was performed in accordance with IEEE-STD-344 code. The finite element computer program, ANSYS, Version 10.0, is used to perform both a mode frequency analysis and an equivalent static seismic analysis of the pump assembly. The mode frequency analysis results show the fundamental natural frequency is greater than 33 Hz and does not exist in seismic range, thus justifying the use of the static analysis. The stresses resulted from various loadings and their combinations are within the allowable limits specified in the above mentioned IEEE code. The results of the seismic evaluation fully satisfied the structural acceptance criteria of the IEEE code. Accordingly the structural integrity on the pump assembly was proved.