• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.437-444
• /
• 2014

In this paper, we introduce a Graph based Binary Code Execution Path Exploration Platform. In the graph, a node is defined as a conditional branch instruction, and an edge is defined as the other instructions. We implemented prototype of the proposed method and works well on real binary code. Experimental results show proposed method correctly explores execution path of target binary code. We expect our method can help Software Assurance, Secure Programming, and Malware Analysis more correct and efficient.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.377-386
• /
• 2016

As the number of malware has been increased, it is necessary to analyze malware rapidly against cyber attack. Additionally, Dynamic malware analysis has been widely studied to overcome the limitation of static analysis such as packing and obfuscation, but still has a problem of exploring multiple execution path. Previous works for exploring multiple execution path have several problems that it requires much time to analyze and resource for preparing analysis environment. In this paper, we proposed efficient exploring approach for multiple execution path in a single analysis environment by pipelining processes and showed the improvement of speed by 29% in 2-core and 70% in 4-core through experiment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1039-1048
• /
• 2019

Symbolic execution, an automatic search method for vulnerability verification, has been technically improved over the last few years. However, it is still not practical to analyze the program using only the symbolic execution itself. One of the biggest reasons is that because of the path explosion problem that occurs during program analysis, there is not enough memory, and you can not find the solution of all paths in the program using symbolic execution. Thus, it is practical for the analyst to construct a path for symbolic execution to a target with vulnerability rather than solving all paths. In this paper, we propose a static analysis - based backward CFG(Control Flow Graph) generation technique that can be used in symbolic execution for program analysis. With the creation of a backward CFG, an analyst can select potential vulnerable points, and the backward path generated from that point can be used for future symbolic execution. We conducted experiments with Linux binaries(x86), and indeed showed that potential vulnerability selection and backward CFG path generation were possible in a variety of binary situations.

• Journal of Internet Computing and Services
• /
• v.7 no.1
• /
• pp.91-99
• /
• 2006

This paper proposes a control path analysis mechanism to be used in the workflow mining framework maximizing the workflow traceability and re discoverability by analyzing the total sequences of the control path perspective of a workflow model and by rediscovering their runtime enactment history from the workflow log information. The mechanism has two components One is to generate the total sequences of the control paths from a workflow mode by transforming it to a control path decision tree, and the other is to rediscover the runtime enactment history of each control path out of the total sequences from the corresponding workflow's execution logs. Eventually, these rediscovered knowledge and execution history of a workflow model make up a control path oriented intelligence of the workflow model. which ought to be an essential ingredient for maintaining and reengineering the qualify of the workflow model. Based upon the workflow intelligence, it is possible for the workflow model to be gradually refined and finally maximize its qualify by repeatedly redesigning and reengineering during its whole life long time period.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.811-820
• /
• 2017

Software automatic technology research recently focuses not only on generating a single path test-case, but also on finding an optimized path to reach the vulnerability through various test-cases. Although Dynamic Symbolic Execution (DSE) technology is popular among these automatic technologies, most DSE technology researches apply only to Linux binaries or specific modules themselves. However, most software are vulnerable based on input files. Therefore, this paper proposes an input file based dynamic symbolic execution method for software vulnerability verification. As a result of applying it to three kinds of actual binary software, it was possible to create a test-case effectively reaching the corresponding point through the proposed method. This demonstrates that DSE technology can be used to automate the analysis of actual software.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.253-266
• /
• 2023

The Null Pointer Dereference vulnerability is a significant vulnerability that can cause severe attacks such as denial-of-service. Previous research has proposed methods for detecting vulnerabilities, but large and complex programs pose a challenge to their efficiency. In this paper, we present a lightweight tool for detecting specific functions in large binaryprograms through symbolizing variables and emulating program execution. The tool detects vulnerabilities through data dependency analysis and heuristics in each execution path. While our tool had an 8% higher false positive rate than the bap_toolkit, it detected all existing vulnerabilities in our dataset.

• Journal of KIISE:Computing Practices and Letters
• /
• v.11 no.1
• /
• pp.15-25
• /
• 2005

Embedded systems have a set of tasks to execute. These tasks can be implemented either on application specific hardware or as software running on a specific processor. The design of an embedded system involves the selection of hardware software resources, Partition of tasks into hardware and software, and performance evaluation. An accurate estimation of execution time for extreme cases (best and worst case) is important for hardware/software codesign. A tighter estimation of the execution time bound nay allow the use of a slower processor to execute the code and may help lower the system cost. In this paper, we consider an ARM-based embedded system and developed a tool to estimate the tight boundary of execution time of a task with loop bounds and any additional program path information. The tool we developed is based on an exiting timing analysis tool named 'Cinderella' which currently supports i960 and m68k architectures. We add a module to handle ARM ELF object file, which extracts control flow and debugging information, and a module to handle ARM instruction set so that the new tool can support ARM processor. We validate the tool by comparing the estimated bound of execution time with the run-time execution time measured by ARMulator for a selected bechmark programs.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.9
• /
• pp.419-424
• /
• 2015

As Internet of Things (IoT) is recently serviced in several fields, the reliability and safety issues for IoT embedded systems are emerged. During the development of embedded systems, it is not easy to build the virtual execution environment and to test the developing version. Therefore, it is difficult to ensure its reliability due to lack of unit testing. In this paper, we propose a log-based unit testing framework for embedded software, which performs on real target board by extracting information of function execution. And, according to execution paths, duplicated logs are eliminated to keep a minimal log size. As a result, during system testing, testers can efficiently decide whether the executed paths of each function are correctly performed or not.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.73-81
• /
• 2021

When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

• Journal of Distribution Science
• /
• v.15 no.1
• /
• pp.95-104
• /
• 2017

Purpose - This study focuses on long-term orientation that can lead long-term partnership. A long-term orientation needs a trust and relation commitment between company. So in this study, the researcher conducts a dependent variable as a justice recognition and brand asset value to research model to find out casual relationship among quoted factors. Research design, data, and methodology - The focus of this study was employees who work in a liquor distribution company to figure out factors that effect on long-term relationship in b2b transaction. The development of the research model is based on the literature of the preceding research analysis of justice recognition, brand asset value, trust, relation commitment and long-term orientation. This study have constructs that defined operationally by previous studies, research model design that to figuring casual relationships among the quoted factors. From 2016 Sep. 1st to Oct. 30th, a questionnaire survey was conducted targeting employees who work in liquor distribution company. 176 survey data were used for empirical analysis to prove the research hypotheses. Results - The main results of this study's empirical methodology were as follows. First, procedural justice and interactive justice has a positive significant effect on trust and relation commitment. Also brand image, brand awareness and perceived quality has a positive significant effect on trust and relation commitment. Second, trust and relation commitment has a positive significant effect on long-term orientation. Every hypothesis adopted as the researcher designed for empirical study. Conclusions - Based on empirical results, this study confirmed that trust and relation commitment has empirical relationship with long-term orientation. Based on the analysis, the researcher provided managerial implication by setting 2 way path for making long-term orientation with business company. First path is procedural justice to relation commitment. It contains that procedural justice recognised while business transaction execution, consideration intension and relation development will happen in b2b. Second path is perceived quality to trust. It contains that the perceived quality recognised while business transaction execution, trust will increase rapidly. So when a business company wants to make a partnership, they have to consider procedural justice and perceived quality to make a long-term relationship.