• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.803-810
• /
• 2017

Recently, social security problems have been caused by the development of the software industry, and a variety of automation techniques have been used to verify software stability. In this paper, we propose a method of automatically detecting a use-after-free vulnerability on Windows system calls using dynamic symbolic execution, one of the software testing methods. First, a static analysis based pattern search is performed to select a target point. Based on the detected pattern points, we apply an induced path search technique that blocks branching to areas outside of interest. Through this, we overcome limitations of existing dynamic symbolic performance technology and verify whether vulnerability exists at actual target point. As a result of applying the proposed method to the Windows system call, it is confirmed that the use-after-free vulnerability, which had previously to be manually analyzed, can be detected by the proposed automation technique.

• The KIPS Transactions:PartD
• /
• v.14D no.2
• /
• pp.191-202
• /
• 2007

In general, test data generation techniques require the specification of an entire program path for automated test data generation. This paper presents a new way for generating test data automatically een without specifying a program path completely. For the ends, this paper presents a technique for transforming a program under test into Alloy which is the first order relational logic and then producing test data via Alloy analyzer. The proposed method reduces the burden of selecting a program path and also makes it easy to generate test data according to various test adequacy criteria. This paper illustrates the proposed method through simple, but illustrative examples.

• The KIPS Transactions:PartD
• /
• v.9D no.5
• /
• pp.897-902
• /
• 2002

Because of rapid evolution of software technique, numerous software professionals have been concerned with component based development methodologies. However, it is hard to find out a systematic technique for the selection of COTS (Commercial Off The Shelf) component in consumer position. Up to date, the major of component quality evaluation is object-oriented metric based evaluation methodology. But this paper present four step process and evaluation criteria based on MCDM (Multiple Criteria Decision Making) technique for optimal COTS component selection in consumer position. We considered funtionality, efficiency, usability based on IS0/IEC 9126 for Quality measurement and executed practical analysis about commercial EJB component in internet. This paper show that the proposed selection technique is applicable to optimal COTS component selection.

• Journal of KIISE
• /
• v.43 no.9
• /
• pp.974-982
• /
• 2016

Mutation analysis (or software mutation analysis) generates variants of a target program by injecting systematic code changes to the target program, and utilizes the variants to analyze the target program behaviors. Effective mutation analyses require adequate mutation operators that generate diverse variants for use in the analysis. However, the current mutation analysis tools for Java programs have limitations, since they support only limited types of mutation operators and do not support recent language features such as Java8. In this study, we present Mutagen4J, a new mutant generation tool for Java programs. Mutagen4J additionally supports mutation operators recently shown to generate various mutants and fully supports recent Java language features. The experimental results show that Mutagen4J generates useful mutants for analyses 2.3 times more than the existing Java mutation tools used for the study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.573-582
• /
• 2020

Fuzzing is a method of testing software by randomly generating test cases. Since its introduction, a variety of fuzzing techniques have been studied. Among them, mutation-based fuzzing is an efficient method that finds real-world bugs even though it uses a simple approach such as probabilistic bit-flipping and character substitution. However, the interpreter fuzzing has difficulty in applying general mutation techniques because the interpreter requires grammar and semantic correctness input values. In this paper, we present a novel mutation-based fuzzing on JavaScript interpreters with a dynamic data flow analysis. To this end, we implement JMFuzzer that can generate various types of mutated test cases that operate normally without runtime errors in JavaScript interpreter considering syntax and semantics. As a result, we found numerous unknown vulnerabilities in the latest JavaScript interpreters. We reported all of them to the vendors.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.319-326
• /
• 2013

There are many software reliability models that are based on the times of occurrences of errors in the debugging of software. Software error detection techniques known in advance, but influencing factors for considering the errors found automatically and learning factors, by prior experience, to find precisely the error factor setting up the testing manager are presented comparing the problem. It is shown that it is possible to do asymptotic likelihood inference for software reliability models based on infinite failure model and non-homogeneous Poisson Processes (NHPP). Statistical process control (SPC) can monitor the forecasting of software failure and thereby contribute significantly to the improvement of software reliability. Control charts are widely used for software process control in the software industry. In this paper, we proposed a control mechanism based on NHPP using mean value function of logarithmic hazard learning effects property.

• Journal of KIISE
• /
• v.43 no.6
• /
• pp.692-699
• /
• 2016

C compilers for 8-bit MCUs used in washing machines and refrigerators often do not follow the C standard to improve runtime performance. Developers who are unaware of the difference between C compilers following the C standard and the C compilers for 8-bit MCU can cause bugs that do not appear in the standard C environment but appear in the embedded systems using 8-bit MCUs. It is difficult for bug detectors that assume the standard C environment to detect such bugs. In this paper, we introduce integer promotion bugs caused by the different integer promotion rules of the C compilers for 8-bit MCU from the C standard and propose 5 bug patterns where the integer promotion bugs occur. We have developed an integer promotion bug detection tool and applied it to the washing machine control software developed by the LG electronics. The integer promotion bug detection tool successfully detected 27 integer promotion bugs in the washing machine control software.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.9
• /
• pp.375-384
• /
• 2021

Deep learning techniques have been proven to have high performance in image processing and are applied in various fields. The most widely used methods for validating a deep learning model include a holdout verification method, a k-fold cross verification method, and a bootstrap method. These legacy methods consider the balance of the ratio between classes in the process of dividing the data set, but do not consider the ratio of various features that exist within the same class. If these features are not considered, verification results may be biased toward some features. Therefore, we propose a deep learning model validation method based on data feature coverage for image classification by improving the legacy methods. The proposed technique proposes a data feature coverage that can be measured numerically how much the training data set for training and validation of the deep learning model and the evaluation data set reflects the features of the entire data set. In this method, the data set can be divided by ensuring coverage to include all features of the entire data set, and the evaluation result of the model can be analyzed in units of feature clusters. As a result, by providing feature cluster information for the evaluation result of the trained model, feature information of data that affects the trained model can be provided.

• The KIPS Transactions:PartD
• /
• v.9D no.5
• /
• pp.847-858
• /
• 2002

A purpose of the object-oriented programming is to promote reuse and development time, and to improve software quality. A way for this purpose is using a design information well-defined and tested in previous time when developing software. Such design information is called design patterns. The design patterns are descriptions of abstract solution to recurse software design problems In a systematic and general way. But because the design patterns are descriptions of abstract solution, the specification and application of patterns generally rely on manual implementation and is applied to various forms. As a result, we need to spend a lot of time to develop software program not only because of difficulty in analyzing and applying to patterns consistently, but also because of the frequent programing faults. And because the applied design patterns don't express inside application visually, it is difficult to analyze and test for this design patterns. In this paper, we propose automatic source code generating technique to be able to efficiently apply the element of design patterns when developing application. And we show a way to analyze and use the applied design patterns in application. As a result, the design patterns in application provide the consistent structure and efficiency, and make analysis and using effect increased.

• Management & Information Systems Review
• /
• v.28 no.3
• /
• pp.1-23
• /
• 2009

Prior bankruptcy studies have established that bankrupt firm's pre-filing financial ratios are different from those of healthy firms or of randomly selected going concerns. However, they may not be sufficiently different from the financial ratios of other firms in financial distress to allow the development of a ratio-based model that predicts bankruptcy with reasonable accuracy. As the result, in the multiple discriminant model, independent variables divided firms into bankrupt firms and healthy firms are retained earnings to total asset, receivable turnover, net income to sales, financial expenses, inventory turnover, owner's equity to total asset, cash flow to current liability, and current asset to current liability. Moreover four variables Retained earnings to total asset, net income to sales, total asset turnover, owner's equity to total asset indicate that these valuables classify bankrupt firms and distress firms. On the other hand, Owner's Equity to borrowed capital, Ordinary income to Net Sales, Operating Income to Total Asset, Total Asset Turnover and Inventory Turnover are selected to predict bankruptcy possibility in the Logistic regression model.