• The KIPS Transactions:PartD
• /
• v.15D no.6
• /
• pp.825-840
• /
• 2008

Refactoring is a kind of software modification process that improves system qualities internally but maintains system functions externally. What should be improved on the existing source codes should take precedence over the others in such a modification process using this refactoring. Martin Fowler and Kent Beck proposed a method that identifies code smells for this purpose. Also, some studies on determining what refactoring will be applied to which targets through detecting code smells in codes were presented. However, these studies have a lot of disadvantages that show a lack of precise description for such code smells and detect limited code smells only. In addition, these studies showed other disadvantages that generate ambiguity in behavior preservation due to the fact that a description method of pre-conditions for the behavior preservation is included in a refactoring process or unformalized. Thus, our study represents a precise specification of code smells using OCL and proposes a framework that performs a refactoring process through the automatic detection of code smells using an OCL interpreter. Furthermore, we perform the automatic detection in which the code smells are be specified by using OCL to the java program and verify its applicability and effectivity through applying a refactoring process.

• Review of KIISC
• /
• v.21 no.7
• /
• pp.23-29
• /
• 2011

2010년에 최초로 발견된 스턱스넷(Stuxent)은 2011년 한해 동안 보안업계 사이에서 많은 논란이 되었다. 이는 악성코드가 사이버 무기가 될 수 있다는 가능성을 현실로 만들었고, 기술적으로도 현존하는 악성코드의 모든 기술이 포함 될 정도로 정교하고 복잡한 것으로 평가받고 있다. 특히 2011년에는 스턱스넷의 소스코드 일부가 공개되어 스턱스넷의 두 번째 버전으로 알려진 변형 Duqu가 나타나기도 하여 변형에 따른 공격 우려도 높아지고 있다. 이번 논문에서는 과거 발생한 스턱스넷을 알아보고 유사한 사이버 공격에 대비하기 위한 대응 방안도 함께 살펴 볼 예정이다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1047-1050
• /
• 2004

버퍼 오버플로우 공격의 방어는 그 심각한 위험성 때문에 많은 연구가 되고 있지만 방어에 의한 오버헤드의 발생으로 인해 실제 적용되기 어려운 면이 있다. 본 논문은 이진 코드를 재작성 하여 스택의 리턴 주소 사본을 지역변수 아래 부분에 두고 함수 반환시 비교 검사를 하는 것으로써, 소스코드가 없는 경우에도 버퍼 오버플로우 공격을 막는 동시에 오버헤드를 줄일 수 있는 방법을 제안하였다.

• Journal of Convergence Society for SMB
• /
• v.6 no.4
• /
• pp.137-150
• /
• 2016

Along with the rapid development of IT technology and business services, the effort to provide new services to the customers has been increasing, and also the improvement and enhancement of legacy systems are continuously occurring for rapid service delivery. In this situation, the quality assurance of the source code for the legacy system became a key technical elements that can quickly respond to the service needs. Refactoring is an engineering technique to ensure the quality for the legacy code, and essential for the improvement and extension of the legacy system in order to provide value-added services. This paper proposes some features of refactoring techniques through surveying and analyzing the existing refactoring techniques and tools to enhance source code quality. When service developers want to refactor the source code of the legacy system to enhance code quality, our proposed features may provide with the guidance on what to use any technique and tool in their work. This can improve the source code quality with correct refactoring and without trial and error, and will also enable rapid response to new services.

• Journal of KIISE
• /
• v.41 no.12
• /
• pp.1007-1012
• /
• 2014

Software birthmarks are used to detect software plagiarism. For binaries, however, only a few birthmarks have been developed. In this paper, we propose a static approach to generate API sequences along major paths, which are analyzed from control flow graphs of the binaries. Since our API sequences are extracted along the most plausible paths of the binary codes, they can represent actual API sequences produced from binary executions, but in a more concise form. Our similarity measures use the Smith-Waterman algorithm that is one of the popular sequence alignment algorithms for DNA sequence analysis. We evaluate our static path-based API sequence with multiple versions of five applications. Our experiment indicates that our proposed method provides a quite reliable similarity birthmark for binaries.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.1
• /
• pp.114-124
• /
• 2004

In this paper, we present an automatic C source code generation system for DirectShow based multimedia application programming. In this system, C source code is automatically synthesized from the filter connection graph edited with GraphEdit, a utility tool provided with DirectShow SDK package from Microsoft. In traditional DirectShow programming environments, program design and brief testing steps are usually done with GraphEdit tool just by inserting filters and connecting them properly, while actual implementation of the program should be done separately. The filter connection graph information from GraphEdit is used just as a reference in such the implementation step. Therefore, our system which automatically generates C source code directly from the filter connection graph of GraphEdit seems very useful and many programmers can develop DirectShow based multimedia application programs more effectively and quickly using our system. In addition, our system supports more various media stream control functions for the generated application programs than the existing system such as Wizard which supports limited and fixed number of media control functions only. This feature allows more flexibility in the user interface of the generated source program and makes our system more practical for DirectShow based programming.

• The KIPS Transactions:PartD
• /
• v.8D no.6
• /
• pp.753-760
• /
• 2001

Design Patterns are design knowledge for solving issues related to extensibility and maintainability which are independent from problems concerned by application, but despite vast interest in design pattern, the specification and application of patterns is generally assumed to rely on manual implementation. As a result, we need to spend a lot of time to develop software program not only because of being difficult to analyze and apply to a consistent pattern, but also because of happening the frequent programing faults. In this paper, we propose a notation using XML for describing design pattern and a framework using design pattern. We will also suggest a source code generation support system, and show a example of the application through this notation and the application framework. We may construct more stable system and be generated a compact source code to a user based on the application of structured documentations with XML.

• The Journal of the Convergence on Culture Technology
• /
• v.8 no.1
• /
• pp.577-582
• /
• 2022

For developing a new embedded system, an application program/an emulator and a compiler are developed simultaneously. In order to provide the optimal performance of all system components, local optimization should be carried out for the developing process. For this purpose, if a source-level performance analyzer is developed, it is possible to optimize the application program's source code by the performance evaluation. In general, the performance of an application program is determined in the loop iterations. The Intermediate Representation (IR) code generator generates IR code from the source code, and evaluates the execution time with the instructions in the intermediate representation code. If the source code is improved based on the evaluated result, better results can be obtained in the final application code. This study describes the source-level performance analyzer that can be used during the simultaneous development of the new embedded system and its application programs. The performance analyzer makes it possible to more quickly optimize the performance of the new embedded system.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.45-52
• /
• 2020

Traditional methods of detecting security vulnerabilities in source-code require a lot of time and effort. If there is good data, the issue could be solved by using the data with machine learning. Thus, this paper proposes a source-code vulnerability detection method based on machine learning. Our method employs the code2vec model that has been used to propose the names of methods, and uses as a data set, Juliet Test Suite that is a collection of common security vulnerabilities. The evaluation shows that our method has high precision of 97.3% and recall rates of 98.6%. And the result of detecting vulnerabilities in open source project shows hopeful potential. In addition, it is expected that further progress can be made through studies covering with vulnerabilities and languages not addressed here.

• Journal of Software Assessment and Valuation
• /
• v.15 no.1
• /
• pp.55-62
• /
• 2019

The needs for small size and low power consumption of information devices is being implemented with SOC technology that implements the program on a single chip in Internet of Thing. Copyright disputes due to piracy are increasing in semiconductor chips as well, arising from disputes in the chip implementation of the design house and chip implementation by the illegal use of the source code. However, since the final chip implementation is made in the design house, it is difficult to protect the copyright. In this paper, we deal with the analysis method for extracting similarity and the criteria for setting similarity judgment in the dispute of source code written in HDL language. Especially, the chip which is manufactured based on the same specification will be divided into the same configuration and the code type.