• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.701-713
• /
• 2021

Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.

• The KIPS Transactions:PartD
• /
• v.13D no.6 s.109
• /
• pp.823-832
• /
• 2006

The Purpose of Similarity(Reproduction) Degree Appraisal is to determine the equality or similarity between two programs and it is a system that presents the technical grounds of judgment which is necessary to support the resolution of software intellectual property rights through expert eyes. The most important things in proceeding software appraisal are not to make too much of expert's own subjective judgment and to acquire the accurate-appraisal results. However, up to now standard research and development for its systematic techniques are not properly made out and as different expert as each one could approach in a thousand different ways, even the techniques for software appraisal types have not exactly been presented yet. Moreover, in the analyzing results of all the appraisal cases finished before, through a practical way, we blow that there are some damages on objectivity and accuracy in some parts of the appraisal results owing to the problems of existing appraisal procedures and techniques or lack of expert's professional knowledge. In this paper we present the model for the standardization of software-similarity-appraisal techniques and objective-evaluation methods for decreasing a tolerance that could make different results according to each expert in the same-evaluation points. Especially, it analyzes and evaluates the techniques from various points of view concerning the standard appraisal process, setting a range of appraisal, setting appraisal domains and items in detail, based on unit processes, setting the weight of each object to be appraised, and the degree of logical and physical similarity, based on effective solutions to practical problems of existing appraisal techniques and their objective and quantitative standardization. Consequently, we believe that the model for the standardization of software-similarity-appraisal techniques will minimizes the possibility of mistakes due to an expert's subjective judgment as well as it will offer a tool for improving objectivity and reliability of the appraisal results.

• Proceedings of the Korean Society for Agricultural Machinery Conference
• /
• 2017.04a
• /
• pp.159-159
• /
• 2017

스마트 시설환경은 대표적으로 원예, 축산 분야 등 여러 형태의 농업현장에 정보 통신 및 데이터 분석 기술을 도입하고 있는 시설화된 생산 환경이라 할 수 있다. 근래에 하드웨어적으로 급증한 스마트 시설환경에서 생산되는 방대한 생육/환경 데이터를 올바르고 적합하게 사용하기 위해서는 일반 산업 현장과는 차별화 된 분석기법이 요구된다고 할 수 있다. 소프트웨어 공학 분야에서 연구된 빅데이터 처리 기술을 기계적으로 농업 분야의 빅데이터에 적용하기에는 한계가 있을 수 있다. 시설환경 내/외부의 다양한 환경 변수는 시계열 데이터의 난해성, 비가역성, 불특정성, 비정형 패턴 등에 기인하여 예측 모델 연구가 매우 난해한 대상이기 때문이라 할 수 있다. 본 연구에서는 근래에 관심이 급증하고 있는 인공신경망 연구 소프트웨어인 Tensorflow (www.tensorflow.org)와 대표적인 Open source인 OpenNN (www.openn.net)을 스마트 시설환경 환경변수 상호간 상관성 분석에 응용하였다. 해당 소프트웨어 라이브러리의 운영환경을 살펴보면 Tensorflow 는 Linux(Ubuntu 16.04.4), Max OS X(EL capitan 10.11), Windows (x86 compatible)에서 활용가능하고, OpenNN은 별도의 운영환경에 대한 바이너리를 제공하지 않고 소스코드 전체를 제공하므로, 해당 운영환경에서 바이너리 컴파일 후 활용이 가능하다. 소프트웨어 개발 언어의 경우 Tensorflow는 python이 기본 언어이며 python(v2.7 or v3.N) 가상 환경 내에서 개발이 수행이 된다. 주의 깊게 살펴볼 부분은 이러한 개발 환경의 제약으로 인하여 Tensorflow의 주요한 장점 중에 하나인 고속 연산 기능 수행이 일부 운영 환경에 국한이 되어 제공이 된다는 점이다. GPU(Graphics Processing Unit)의 제공하는 하드웨어 가속기능은 Linux 운영체제에서 활용이 가능하다. 가상 개발 환경에 운영되는 한계로 인하여 실시간 정보 처리에는 한계가 따르므로 이에 대한 고려가 필요하다. 한편 근래(2017.03)에 공개된 Tensorflow API r1.0의 경우 python, C++, Java언어와 함께 Go라는 언어를 새로 지원하여 개발자의 활용 범위를 매우 높였다. OpenNN의 경우 C++ 언어를 기본으로 제공하며 C++ 컴파일러를 지원하는 임의의 개발 환경에서 모두 활용이 가능하다. 특징은 클러스터링 플랫폼과 연동을 통해 하드웨어 가속 기능의 부재를 일부 극복했다는 점이다. 상기 두 가지 패키지를 이용하여 2016년 2월부터 5월 까지 충북 음성군 소재 딸기 온실 내부에서 취득한 온도, 습도, 조도, CO2에 대하여 Large-scale linear model을 실험적(시간단위, 일단위, 주단위 분할)으로 적용하고, 인접한 세그먼트의 환경변수 예측 모델링을 수행하였다. 동일한 조건의 학습을 수행함에 있어, Tensorflow가 개발 소요 시간과 학습 실행 속도 측면에서 매우 우세하였다. OpenNN을 이용하여 대등한 성능을 보이기 위해선 병렬 클러스터링 기술을 활용해야 할 것이다. 오프라인 일괄(Offline batch)처리 방식의 한계가 있는 인공신경망 모델링 기법과 현장 보급이 불가능한 고성능 하드웨어 연산 장치에 대한 대안 마련을 위한 연구가 필요하다.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.6
• /
• pp.1-8
• /
• 2020

Communication between system modules is applied using the Modbus protocol in industrial sites including smart factories, industrial drones, building energy management systems, PLCs, ships, trains, and airplanes. The existing Modbus was used for serial communication, but the recent Modbus protocol is used for TCP/IP communication.The Modbus protocol supports RTU, TCP and ASCII, and implements and uses protocols in embedded systems. However, the transmission I/O devices for RTU, TCP, and ASCII-based protocols may differ. For example, RTU and ASCII communications transmit on a serial-based communication protocol, but in some cases, Ethernet TCP/IP transmission is required. In particular, since the C language (object-oriented) is used in embedded systems, the complexity of source code related to I/O registers increases. In this study, we designed software that can logically separate I/O functions from embedded devices, and designed the execution logic of each instance requiring I/O processing through a delegate class instance with Modbus RTU, TCP, and ASCII protocol generation. We designed and experimented with software that can separate communication I/O processing and logical execution logic for each instance.

• Journal of the Institute of Convergence Signal Processing
• /
• v.19 no.4
• /
• pp.153-161
• /
• 2018

This paper describes the performance improvement of Software (SW) digital filter using GPU (Graphical Processing Unit). The previous developed SW digital filter has a problem that it operates on a CPU (Central Processing Unit) basis and has a slow speed. The GPU was introduced to filter the data of the EAVN (East Asian VLBI Network) observation to improve the operation speed and to process data with other stations through filtering, respectively. In order to enhance the computational speed of the SW digital filter, NVIDIA Titan V GPU board with built-in Tensor Core is used. The processing speed of about 0.78 (1Gbps, 16MHz BW, 16-IF) and 1.1 (2Gbps, 32MHz BW, 16-IF) times for the observing time was achieved by filtering the 95 second observation data of 2 Gbps (512 MHz BW, 1-IF), respectively. In addition, 2Gbps data is digitally filtered for the 1 and 2Gbps simultaneously observed with KVN (Korean VLBI Network), and compared with the 1Gbps, we obtained similar values such as cross power spectrum, phase, and SNR (Signal to Noise Ratio). As a result, the effectiveness of developed SW digital filter using GPU in this research was confirmed for utilizing the data processing and analysis. In the future, it is expected that the observation data will be able to be filtered in real time when the distributed processing optimization of source code for using multiple GPU boards.

• Journal of KIISE:Software and Applications
• /
• v.35 no.10
• /
• pp.636-652
• /
• 2008

In this paper, we present a modular pointer analysis algorithm based on the update history. We use the term 'module' to mean a set of mutually recursive procedures and the term 'modular analysis' to mean a program analysis that does not need the source codes of the other modules to analyze a module. Since a modular pointer analysis does not utilize any information on the callers, it is difficult to design a precise analysis that does not lose the information related to the program flow or the calling context. In this paper, we propose a modular and flow- and context-sensitive pointer analysis algorithm based on the update history that can memory states of a procedure independently of the information on the calling context and keep the information on the order of side effects performed. Such a memory representation not only enables the analysis to be formalized as a modular analysis, but also helps the analysis to effectively identify killed side effects and relevant alias contexts.

• The Journal of Society for e-Business Studies
• /
• v.12 no.4
• /
• pp.1-15
• /
• 2007

Traceability links are logical links between individual requirements and other system elements such as architecture descriptions, source code, and test cases. These are useful for requirements change impact analysis, requirements conflict analysis, and requirements consistency checking. However, establishing and maintaining traceability links places a big burden since complex systems have especially yield an enormous number of various artifacts. We propose a feature-oriented requirements tracing method to manage requirements with cost benefit analysis, including value consideration and intermediate catalysis using features. Our approach offers two contributions to the study of requirements tracing: (1)We introduce feature modeling as intermediate catalysis to generate traceability links between user requirements and implementation artifacts. (2)We provide value consideration with cost and efforts to identify traceability links based on prioritized requirements, thus assigning a granularity level to each feature. In this paper, we especially present the results of a case study which is carried out in Apartment Ubiquitous Platform to integrate and connect home services in an apartment complex in details.

• Journal of KIISE
• /
• v.44 no.11
• /
• pp.1165-1177
• /
• 2017

Many developers utilize specific APIs to develop software, and to identify the use of a particular API, a developer can refer to a website that provides the API or can retrieve the API from the web. However, the site that provides the API does not necessarily provide guidance on how to use it while it can be partially provided in many other cases. In this paper, we propose a novel system JACE (Java AST collocation-pattern extractor) as a method to reuse commonly-used code as a supplement. The JACE extracts the API call nodes, collocation patterns and analyzes the relations between the collocations to extract significant API patterns from the source code. The following experiment was performed to verify the accuracy of a defined pattern: 794 open source projects were analyzed to extract about 15M API call nodes. Then, the Eclipse plug-in test program was utilized to retrieve the pattern using the top 10 classes of API call nodes. Finally, the code search results from reference pages of the API classes and the Searchcode [1] were compared with the test program results.

• Journal of KIISE:Computing Practices and Letters
• /
• v.7 no.1
• /
• pp.38-47
• /
• 2001

PDM is an integrated solution for managing various kinds of document and information for a whole life~cycle of product management. PDM system spans a huge and complex area and requires so many efforts and budgets for development. A framework has been considered a promising way to improve productivity by reusing the software architecture, not just one part of the design or just source code. This was the reaSon why we developed PDM (Product Data Management) framework. Framework can reduce the time and efforts to develop a new PDM application. However, it also requires supporting environment since a framework is a big set of classes where their interactions are so complex. With this supporting environment, it is easy to understand the framework at a glance and easy to identify what hot spots to be refined to meet new requirements. In this paper, a new framework-supporting reuse environment based on the meta-repository was constructed for easy and convenient reuse.

• Journal of Digital Contents Society
• /
• v.8 no.1
• /
• pp.17-25
• /
• 2007

Recently, the ubiquitous computing environment being able to connect all kinds of computing elements at anytime anywhere becomes widespread in human life. In this paper, we focus on a PC remote control system using cellular phones. Especially, we design and implement an mobile e-mail transmission system using PC remote control technique. By using our remote controller, cellular phone users can login into their own PC, and then send any file to others by e-mail attachment. To show the correct running of our system, real demonstration results are presented. We are sure that by opening our source code to the public our results can play an important role to encourage development of the various mobile remote control functionalities.