• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.807-819
• /
• 2019

Greybox fuzzing is known as an effective method to discover unknown security flaws reside in software and has been actively researched today. However, most of greybox fuzzing tools require an executable file. Because of this, a library, which cannot be executed by itself requires an additional executable file for greybox fuzzing. Generating such an executable file is challengeable because it requires both understanding of the library and fuzzing. In this research, we suggest the approach to generate an executable file automatically for a library and implement this approach as a tool based on the LLVM framework. This tool shows that executable files and seed files can be generated automatically by static/dynamic analysis of a unit test in the target project. A generated executable file is compatible with various greybox fuzzers like AFL because it has a common interface for greybox fuzzers. We show the performance of this tool as code coverage and discovered unknown security bugs using generated executable files and seed files from open source projects through this tool.

• Journal of Internet Computing and Services
• /
• v.25 no.4
• /
• pp.39-46
• /
• 2024

An API gateway is a high-availability component that provides a single entry point for API clients outside the cloud to connect with services inside the cloud. It has a high risk of creating bottlenecks and requires redeployment when services change. The Java language, in which several API gateways are implemented, announced technologies called GraalVM Native Image and Virtual Thread to overcome problems with deployment and operational performance. Applying these technologies to Java applications requires changes to the source code and deployment procedures. In this study, the performance of the API gateway was measured and analyzed when it operated based on GraalVM Native Image and Java Virtual Machine(JVM) and between Virtual Thread and Reactive thread processing methods. In this study, evaluation indicators were selected to evaluate deployment performance and operational performance, and the performance of the evaluation indicators was measured and evaluated in four environments.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.11
• /
• pp.94-103
• /
• 2017

As automatic hacking tools and techniques have been improved, the number of new vulnerabilities has increased. The CVE registered from 2010 to 2015 numbered about 80,000, and it is expected that more vulnerabilities will be reported. In most cases, patching a vulnerability depends on the developers' capability, and most patching techniques are based on manual analysis, which requires nine months, on average. The techniques are composed of finding the vulnerability, conducting the analysis based on the source code, and writing new code for the patch. Zero-day is critical because the time gap between the first discovery and taking action is too long, as mentioned. To solve the problem, techniques for automatically detecting and analyzing software (SW) vulnerabilities have been proposed recently. Cyber Grand Challenge (CGC) held in 2016 was the first competition to create automatic defensive systems capable of reasoning over flaws in binary and formulating patches without experts' direct analysis. Darktrace and Cylance are similar projects for managing SW automatically with artificial intelligence and machine learning. Though many foreign commercial institutions and academies run their projects for automatic binary analysis, the domestic level of technology is much lower. This paper is to study developing automatic detection of SW vulnerabilities and defenses against them. We analyzed and compared relative works and tools as additional elements, and optimal techniques for automatic analysis are suggested.

• Journal of Korea Multimedia Society
• /
• v.1 no.2
• /
• pp.239-248
• /
• 1998

Software reengineering is making various research for solutions against problem of maintain existing system. Reengineering has a meaning of development of softwares on existing systems through the reverse-engineering and the forward-engineering. It extracts classes from existing system's softwares to increase the comprehension of the system and enhance the maintenability of softwares. Most of the important concepts used in reengineering is composition that is restructuring of the existing objects from other components. The classes and clusters in storage have structural relationship with system's main components to reuse in the higher level. These are referenced as dynamic informations through structuring an architect for each of them. The classes are created by extractor, searcher and composer through representing existing object-oriented source code. Each of classes and clusters extract refined informations through optimization. New architecture is created from the cluster based on its classes' relationship in storage. This information can be used as an executable code later on. In this paper, we propose the tools, it presented by this thesis presents a new information to users through analysing, based on reengineering, Object-Oriented informations and practicing composition methodology. These composite classes will increase reusability and produce higher comprehension information to consist maintainability for existing codes.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.4
• /
• pp.226-238
• /
• 2010

OpenSSL is an open-source library implementing SSL that is a secure communication protocol. However, the library has a severe vulnerability that its security information can be easily exposed to malicious software when the library is used in a form of shared library on Linux and UNIX operating systems. We propose a scheme to attack the vulnerability of the OpenSSL library. The scheme injects codes into a running client program to execute the following attacks on the vulnerability in a SSL handshake. First, when a client sends a server a list of cryptographic algorithms that the client is willing to support, our scheme replaces all algorithms in the list with a specific algorithm. Such a replacement causes the server to select the specific algorithm. Second, the scheme steals a key for data encryption and decryption when the key is generated. Then the key is sent to an outside attacker. After that, the outside attacker decrypts encrypted data that has been transmitted between the client and the server, using the specified algorithm and the key. To show that our scheme is realizable, we perform an experiment of collecting encrypted login data that an ftp client using the OpenSSL shared library sends its server and then decrypting the login data.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.5
• /
• pp.103-112
• /
• 2007

In this paper, we implement a hypervisor that runs multiple uC/OS-II real-time kernels on one microprocessor. The hypervisor virtualizes microprocessor and memory that are main resources managed by uC/OS-II kernel. Microprocessor is virtualized by controlling interrupts that uC/OS-II real-time kernel handles and memory is virtualized by partitioning physical memory. The hypervisor consists of three components: interrupt control routines that virtualize timer interrupt and software interrupt, a startup code that initializes the hypervisor and uC/OS-II kernels, and an API that provides communication between two kernels. The original uC/OS-II kernel needs to be modified slightly in source-code level to run on the hypervisor. We performed a real-time test and an independent computation test on Jupiter 32-bit EISC microprocessor and showed that the virtualized kernels run without problem. The result of our research can reduce the hardware cost, the system space and weight, and system power consumption when the hypervisor is applied in embedded applications that require many embedded microprocessors.

• Transactions of the Korean Society of Mechanical Engineers A
• /
• v.41 no.5
• /
• pp.361-366
• /
• 2017

As the recent development of computing architecture and application software technology, real world simulation, which is the ultimate destination of computer simulation, is emerging as a practical issue in several research sectors. In this paper, metal plate motion in a square shock tube for small time interval was calculated using a supercomputing-based fluid-structure-combustion multi-physics simulation tool called Illinois Rocstar, developed in a US national R amp; D program at the University of Illinois. Afterwards, the simulation results were compared with those from experiments. The coupled solvers for unsteady compressible fluid dynamics and for structural analysis were based on the finite volume structured grid system and the large deformation linear elastic model, respectively. In addition, a strong correlation between calculation and experiment was shown, probably because of the predictor-corrector time-integration scheme framework. In the future, additional validation studies and code improvements for higher accuracy will be conducted to obtain a reliable open-source software research tool.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.163-169
• /
• 2024

India is a developing nation and has come with comprehensive way in modernizing its reducing poverty, economy and rising living standards for an outsized fragment of its residents. The STEM (Science, Technology, Engineering, and Mathematics) education plays an important role in it. STEM is an educational curriculum that emphasis on the subjects of "science, technology, engineering, and mathematics". In traditional education scenario, these subjects are taught independently, but according to the educational philosophy of STEM that teaches these subjects together in project-based lessons. STEM helps the students in his holistic development. Youth unemployment is the biggest concern due to lack of adequate skills. There is a huge skill gap behind jobless engineers and the question arises how we can prepare engineers for a better tomorrow? Now a day's Industry 4.0 is a new fourth industrial revolution which is an intelligent networking of machines and processes for industry through ICT. It is based upon the usage of cyber-physical systems and Internet of Things (IoT). Industrial revolution does not influence only production but also educational system as well. IoT in academics is a new revolution to the Internet technology, which introduced "Smartness" in the entire IT infrastructure. To improve socio-economic status of the India students must equipped with 21st century digital skills and Universities, colleges must provide individual learning kits to their students which can help them in enhancing their productivity and learning outcomes. The major goal of this paper is to present a low cost, effective learning mechanism for STEM implementation using Raspberry Pi 3+ model (Single board computer) and Node Red open source visual programming tool which is developed by IBM for wiring hardware devices together. These tools are broadly used to provide hands on experience on IoT fundamentals during teaching and learning. This paper elaborates the appropriateness and the practicality of these concepts via an example by implementing a user interface (UI) and Dashboard in Node-RED where dashboard palette is used for demonstration with switch, slider, gauge and Raspberry pi palette is used to connect with GPIO pins present on Raspberry pi board. An LED light is connected with a GPIO pin as an output pin. In this experiment, it is shown that the Node-Red dashboard is accessing on Raspberry pi and via Smartphone as well. In the final step results are shown in an elaborate manner. Conversely, inadequate Programming skills in students are the biggest challenge because without good programming skills there would be no pioneers in engineering, robotics and other areas. Coding plays an important role to increase the level of knowledge on a wide scale and to encourage the interest of students in coding. Today Python language which is Open source and most demanding languages in the industry in order to know data science and algorithms, understanding computer science would not be possible without science, technology, engineering and math. In this paper a small experiment is also done with an LED light via writing source code in python. These tiny experiments are really helpful to encourage the students and give play way to learn these advance technologies. The cost estimation is presented in tabular form for per learning kit provided to the students for Hands on experiments. Some Popular In addition, some Open source tools for experimenting with IoT Technology are described. Students can enrich their knowledge by doing lots of experiments with these freely available software's and this low cost hardware in labs or learning kits provided to them.

• Journal of KIISE:Computing Practices and Letters
• /
• v.7 no.3
• /
• pp.240-247
• /
• 2001

Java is a promising runtime environment for embedded systems because it has many advantages such as platform independence, high security and support for multi-threading. One of the most famous Java run-time environments, Sun's ($PersonalJave^{TM}$) is based on Truffle architecture, which enables programmers to design various GUIs easily. For this reason, it has been ported to various embedded systems such as set-top boxes and personal digital assistants(PDA's). Basically, Truffle uses heavy-weight window managers such as Microsoft vVin32 API and X-Window. However, those window managers are not adequate for embedded systems because they require a large amount of memory and disk space. To come up with the requirements of embedded systems, we adopt Microwindows as the platform graphic system for Personal] ava A WT onto Embedded Linux. Although Microwindows is a light-weight window manager, it provides as powerful API as traditional window managers. Because Microwindows does not require any support from other graphics systems, it can be easily ported to various platforms. In addition, it is an open source code software. Therefore, we can easily modify and extend it as needed. In this paper, we implement Personal]ava A WT using Microwindows on embedded Linux and prove the efficiency of our approach.

• Journal of KIISE
• /
• v.44 no.2
• /
• pp.115-123
• /
• 2017

A message processor is server software that receives non-realtime messages as well as realtime messages from clients that need to be processed within a deadline. With the recent advances of micro-processor technologies and Linux, the message processor is often implemented in Linux-based multi-core servers and it is important to use cores efficiently to maximize the performance of system in multi-core environments. Numerous research efforts on a real-time scheduler for the efficient utilization of the multi-core environments have been conducted. Typically, though, they have been conducted theoretically or via simulation, making a subsequent real-system application difficult. Moreover, many Linux-based real-time schedulers can only be used in a specific Linux version, or the Linux source code needs to be modified. This paper presents the design of a Linux-based message processor for multi-core environments that maps the threads to the cores at user level. The message processor is implemented through a modification of the traditional RM algorithm that consolidates the real-time messages into certain cores using a first-fit-based bin-packing algorithm; this minimizes the response-time delay of the non-real-time messages, while guaranteeing the violation rate of the real-time messages. To compare the performances, the message processor was implemented using the two multi-core-scheduling algorithms GSN-EDF and P-FP, which are provided by the LITMUS framework. The benchmarking results show that the response-time delay of non-real-time messages in the proposed system was improved up to a maximum of 17% to 18%.