• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.8
• /
• pp.229-234
• /
• 2020

This paper presents the design and the implementation of CRESTIVE-DX, a concolic testing tool that distribute the concolic testing process over the embedded target system and the host system for efficient test generation of a target embedded program. CRESTIVE-DX conducts the execution of a target program on the target embedded system to consider possible machine-dependent behaviors of a target program execution, and conducts machine-independent parts, such as search-strategy heuristics, constraint solving, on host systems with high-speed computation unit, and coordinates their concurrent executions. CRESTIVE-DX is implemented by extending an existing concolic testing tool for C programs CREST. We conducted experiments with a test bed that consists of an embedded target system in the Arm Cortex A54 architecture and host systems in the x86-64 architecture. The results of experiments with Unix utility programs Grep, Busybox Awk, and Busybox Ed show that test input generation of CRESTIVE-DX is 1.59 to 2.64 times faster than that of CREST.

• Journal of Internet Computing and Services
• /
• v.10 no.4
• /
• pp.105-113
• /
• 2009

The feature models are widely used to model the commonalities and variabilities among the products in the domain engineering phase of software product line developments. The findings and corrections of the errors or consistencies in the feature models are essential to the successful software product line engineering. The aids of the automated tools are needed to perform the validation of the feature models effectively. This paper describes the approach based on JESS rule-base system to validate the feature models and proposes the feature model validation tool using this approach. The tool of this paper validates the feature models in real-time when modeling the feature models. Then it provides the information on existence of errors and the explanations on causes of those errors, which allows the feature modeler to create the error-free feature models. This attempt to validate the feature model using the rule-based system is supposed to be the first time in this research field.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• v.1
• /
• pp.151-156
• /
• 2006

Accurate vessel traffic observation is indispensable to carry out vessel traffic management, design of vessel traffic route, planning of port construction, etc. In order to observe the vessel traffic accurately without many efforts such as the use of a ship or car equipped with special radar observation system and the preparation of observation staff, the authors have been developing completely automated remote radar/AIS network system covering the main traffic area in Tokyo Bay. The composite radar image observed at Yokosuka and Kawasaki radar stations with AIS information can be seen on web site of Internet. In addition to the development of radar/AIS observation system, the software to analyze observed vessel traffic flow has been developed. This software has various functions such as automatic tracking of ship's positions, automatic estimation of ship's size, automatic integration of radar image and AIS data, animation of ships' movements, extraction of dangerous ship encounters, etc. The configuration and functions of the developed remote radar/AIS network system are shown first in this paper. Then various functions of the software to analyze vessel traffic are introduced, and some analyzed results on the vessel traffic in Tokyo Bay are described demonstrating the effectiveness of the developed system.

• The KIPS Transactions:PartD
• /
• v.16D no.2
• /
• pp.201-212
• /
• 2009

There are various methods to trace output in software development to verify the consistency and completeness of requirements. Existing studies do present the trace meta-model or automated tools, but fail to list specifically traced output or traced items. Also, in regards to trace tables, which contain traced items, existing studies don‘t consider the whole software development process but merely its sub-process. Given this, the present study suggests an extended requirements tracetable that tracks output from the inception of the project through the architectural design phase to the application delivery, following up on the researcher’s previous study on a tracetable that considered only a sub-process of the whole development process. In addition, in order to address the problem of the tracking process becoming complicated with increased tracefields due to an extended trace table, the researcher suggests a method for normalizing a requirements tracetable that can integrate and separate by development process phase. Apply it to theH system development project of a D company, and this study caseverified application possibility of study, confirmed an effect of a chase to easily find out an error of requirements. Improve precision of a traceto verify consistency of requirements and completeness through this study, and will minimize failure of a software development.

• Journal of Software Engineering Society
• /
• v.28 no.1
• /
• pp.13-22
• /
• 2019

To enhance effective and efficient applications of automated security vulnerability checkers in highly competitive and fast-evolving IT industry, this paper studies a comprehensive set of security bug checkers in open-source static analysis frameworks and how they can be utilized for source code inspections according to the security vulnerability inspection guidelines by MOIS. This paper clarifies the relationship be tween all 42 inspection criteria in the MOIS guideline and total 323 security bug checkers in 4 popular open-source static analysis frameworks for Java web applications. Based on the result, this paper also discuss the current challenges and issues in the MOIS guideline, the comparison among the four security bug checker frameworks, and also the ideas to improve the security inspection methodologies using the MOIS guideline and open-source static security bug checkers.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.5
• /
• pp.95-101
• /
• 2021

In this study, we present how to improve the current seismic disaster information service by utilizing Shake, which can express the effects of earthquakes in the form of isolines. Using ShakeMap software provided by the U.S. Geological Survey, an automated rapid ShakeMap generation system was implemented, and based on this, an earthquake disaster information service improvement model was presented to identify earthquake risk in the form of intensity or peak ground acceleration. In order to verify the feasibility and effectiveness of the improved model, the seismic disaster information service app. was developed and operated on a trial basis in Pohang, Gyeongsangbuk-do. As a result of the operation, it was found that more detailed seismic risk information could be provided by providing information using rapid ShakeMap to induce users' safety behavior more effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1225-1236
• /
• 2020

Fuzzing is an automated software testing methodology that dynamically tests the security of software by inputting randomly generated input values outside of the expected range. KISA is releasing open source for standard cryptographic algorithms, and many crypto module developers are developing crypto modules using this source code. If there is a vulnerability in the open source code, the cryptographic library referring to it has a potential vulnerability, which may lead to a security accident that causes enormous losses in the future. Therefore, in this study, an appropriate security policy was established to verify the safety of block cipher source codes such as SEED, HIGHT, and ARIA, and the safety was verified using differential fuzzing. Finally, a total of 45 vulnerabilities were found in the memory bug items and error handling items, and a vulnerability improvement plan to solve them is proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.215-219
• /
• 2014

C programming language has undefined behaviors, which cause unintended execution of a program. When a programmer adds sanity checks without caring about undefined behaviors, compilers may misunderstand and invalidate the sanity checks. Thus, we propose an automated system to detect invalidated sanity checks by marking sanity checks in source code and checking the marks in binary code.

• Proceedings of the IEEK Conference
• /
• 2003.07c
• /
• pp.2537-2540
• /
• 2003

In this paper, an integrated monitoring system is implemented for industrial equipments which use different types of network protocols to communicate with other equipments. Dedicated gateway systems mate it difficult to modify or to add contents of network systems for communication with other systems. We suggest an integration method of effectively utilizing the general purpose gateway system (ETOS-l00A) which converts various types of protocols into TCP/IP protocol. To demonstrate the validity of the proposed integrated monitoring system, PLC-based automated inspection system is considered and the monitoring system is implemented using Visual Basic and HMI software.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.1133-1136
• /
• 2005

The proposed high-speed backup and recovery system is a high performance backup software based on multi streaming I/O and high speed/high compression technology, and can realize an increase efficiency of backup volume without any increase of backup H/W equipments since it provides a high performance in data backup of a user and executes high compression very fast. Particularly, it minimizes consumption of network band width through a development of algorism for high compression in connection with backup equipments in a large-scaled system environment, is automated when it is recovered due to danger and troubles, and allows users to conveniently access in various ways since GUI and CLI for execution and management are all provided.