• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.4
• /
• pp.201-209
• /
• 2012

The point-based complex event processing handled an instantaneous event by using one time stamp in each event. However, the activity period of the event plays the important role in the field which is the same as the finance, multimedia, medicine, and meteorology. The point-based event is insufficient for expressing the complex temporal relationship in this field. In the application field of the real-time world, the event has the period. The events more than two kinds can be temporally overlapped. In addition, one event can include the other event. The relation about the events of kind of these can not be successive like the point-based event. This thesis designs and implements the method detecting the patterns of the complex event by using the interval-based events. The interval-based events can express the overlapping relation between events. Furthermore, it can include the others. By using the end point of beginning and end point of the termination, the operator of interval-based events shows the interval-based events. It expresses the sequence of the interval-based events and can detect the complex event patterns. This thesis proposes the algorithm using the active instance stack in order to raise efficiency of detection of the complex event patterns. When comprising the event sequence, this thesis applies the window push down technique in order to reduce the number of intermediate results. It raises the utility factor of the running time and memory.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.2
• /
• pp.19-30
• /
• 2013

We study sub-Peres functions that are defined recursively as Peres function for random number generation. Instead of using two parameter functions as in Peres function, the sub-Peres functions uses only one parameter function. Naturally, these functions produce less random bits, hence are not asymptotically optimal. However, the sub-Peres functions runs in linear time, i.e., in O(n) time rather than O(n logn) as in Peres's case. Moreover, the implementation is even simpler than Peres function not only because they use only one parameter function but because they are tail recursive, hence run in a simple iterative manner rather than by a recursion, eliminating the usage of stack and thus further reducing the memory requirement of Peres's method. And yet, the output rate of the sub-Peres function is more than twice as much as that of von Neumann's method which is widely known linear-time method. So, these methods can be used, instead of von Neumann's method, in an environment with limited computational resources like mobile devices. We report the analyses of the sub-Peres functions regarding their running time and the exact output rates in comparison with Peres function and other known methods for random number generation. Also, we discuss how these sub-Peres function can be implemented.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.4
• /
• pp.393-409
• /
• 2003

In this paper, we present a multi-task debugging environment for Qplus-T embedded-system such as internet information appliances. We will propose the structure and functions of a remote multi-task debugging environment supporting environment effective ross-development. And, we are going enhance the communication architecture between the host and target system to provide more efficient cross-development environment. The remote development toolset called Q+Esto consists to several independent support tools: an interactive shell, a remote debugger, a resource monitor, a target manager and a debug agent. Excepting a debug agent, all these support tools reside on the host systems. Using the remote multi-task debugger on the host, the developer can spawn and debug tasks on the target run-time system. It can also be attached to already-running tasks spawned from the application or from interactive shell. Application code can be viewed as C/C++ source, or as assembly-level code. It incorporates a variety of display windows for source, registers, local/global variables, stack frame, memory, event traces and so on. The target manager implements common functions that are shared by Q+Esto tools, e.g., the host-target communication, object file loading, and management of target-resident host tool´s memory pool and target system´s symbol-table, and so on. These functions are called OPEn C APIs and they greatly improve the extensibility of the Q+Esto Toolset. The Q+Esto target manager is responsible for communicating between host and target system. Also, there exist a counterpart on the target system communicating with the host target manager, which is called debug agent. Debug agent is a daemon task on real-time operating systems in the target system. It gets debugging requests from the host tools including debugger via target manager, interprets the requests, executes them and sends the results to the host.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.6
• /
• pp.155-164
• /
• 2018

Many malicious programs have been compressed or encrypted using various commercial packers to prevent reverse engineering, So malicious code analysts must decompress or decrypt them first. The OEP (Original Entry Point) is the address of the first instruction executed after returning the encrypted or compressed executable file back to the original binary state. Several unpackers, including PinDemonium, execute the packed file and keep tracks of the addresses until the OEP appears and find the OEP among the addresses. However, instead of finding exact one OEP, unpackers provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In other words, existing unpackers have difficulty in finding the correct OEP. We have developed new tool which provides fewer OEP candidate sets by adding two methods based on the property of the OEP. In this paper, we propose two methods to provide fewer OEP candidate sets by using the property that the function call sequence and parameters are same between packed program and original program. First way is based on a function call. Programs written in the C/C++ language are compiled to translate languages into binary code. Compiler-specific system functions are added to the compiled program. After examining these functions, we have added a method that we suggest to PinDemonium to detect the unpacking work by matching the patterns of system functions that are called in packed programs and unpacked programs. Second way is based on parameters. The parameters include not only the user-entered inputs, but also the system inputs. We have added a method that we suggest to PinDemonium to find the OEP using the system parameters of a particular function in stack memory. OEP detection experiments were performed on sample programs packed by 16 commercial packers. We can reduce the OEP candidate by more than 40% on average compared to PinDemonium except 2 commercial packers which are can not be executed due to the anti-debugging technique.