• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.8
• /
• pp.229-234
• /
• 2020

This paper presents the design and the implementation of CRESTIVE-DX, a concolic testing tool that distribute the concolic testing process over the embedded target system and the host system for efficient test generation of a target embedded program. CRESTIVE-DX conducts the execution of a target program on the target embedded system to consider possible machine-dependent behaviors of a target program execution, and conducts machine-independent parts, such as search-strategy heuristics, constraint solving, on host systems with high-speed computation unit, and coordinates their concurrent executions. CRESTIVE-DX is implemented by extending an existing concolic testing tool for C programs CREST. We conducted experiments with a test bed that consists of an embedded target system in the Arm Cortex A54 architecture and host systems in the x86-64 architecture. The results of experiments with Unix utility programs Grep, Busybox Awk, and Busybox Ed show that test input generation of CRESTIVE-DX is 1.59 to 2.64 times faster than that of CREST.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.253-266
• /
• 2023

The Null Pointer Dereference vulnerability is a significant vulnerability that can cause severe attacks such as denial-of-service. Previous research has proposed methods for detecting vulnerabilities, but large and complex programs pose a challenge to their efficiency. In this paper, we present a lightweight tool for detecting specific functions in large binaryprograms through symbolizing variables and emulating program execution. The tool detects vulnerabilities through data dependency analysis and heuristics in each execution path. While our tool had an 8% higher false positive rate than the bap_toolkit, it detected all existing vulnerabilities in our dataset.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.429-432
• /
• 2016

전통적인 태스팅은 테스트케이스를 만드는데 많은 시간과 비용이 들기 때문에 시기적절한 출시를 해야 하는 휴대전화, TV와 같은 제품을 테스팅하는데 많은 어려움을 겪고 있다. 이러한 문제를 해결하려는 노력으로 관련 학계 및 산업체에서는 동적 심볼릭 수행을 이용한 커버리지가 높은 테스트케이스 자동생성 연구가 진행 중이다. 특히, Microsoft Research에서 만든 동적 심볼릭 수행도구인 PEX는 C#언어로 작성된 웹 또는 윈도우 프로그램의 테스트케이스를 자동 생성한다. 그러나 PEX의 사용자들로부터 테스트케이스가 부족하다는 피드백올 받았고, 그 결과로 경계 값 테스트케이스를 추가하는 연구를 진행하여 경계 값 테스트케이스를 추가하지 않았을 때 보다 더 많은 오류를 찾았다. 본 논문에서는 소프트웨어 오류가 있을 경우 엄청난 재산, 인명 피해가 발생하는 임베디드 소프트웨어 분야에서 자주 사용하는 언어인 C언어를 지원하는 동적 심볼릭 수행 도구 CREST를 수정하여 경계 값 테스트 케이스를 생생하는 연구를 진행한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.332-335
• /
• 2007

본 연구에서는 소프트웨어의 구현 코드로부터 테스트 케이스 자동에 관해 연구하며 도구를 구현한다. 이를 통해 개발자가 직접 테스트 케이스를 작성하는 데 소요되는 비용을 절감하고, 소프트웨어의 요구사항 명세가 잘 작성되어 있지 않거나 실제 구현과 차이가 있는 경우에도 영향을 받지 않고 테스트 케이스를 생성 가능하도록 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.3
• /
• pp.1-10
• /
• 2013

In this paper, we propose a method of embedded linux light-weight to improve efficiency of application running on embedded systems. Three methods including fast booting scheme applying the Hibernation technique, JFFS2 file system optimization applying the Symbolic Link and virtual address mapping, kernel light-weight that guarantees the general purpose was applied. Since then check the system dependency and generate kernel image according to the target embedded kit. And embedded system performance of existing linux and linux which the method proposed in this paper was compared. In experimental result, the kernel size was 9.6% improved and the system booting time was 18% improved. And application processing speed on target embedded kit was improved 11% in the best case, 66% in the worst case. This result show that the light-weight method proposed in this paper is guarantee fast booting time and securing resources and it is good for the application processing speed improvement.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.7
• /
• pp.451-460
• /
• 2013

In order to achieve high test coverage, it is usual to generate test data using various techniques including symbolic execution, data flow analysis or constraints solving. Recently, a technique for automated test data generation that fulfills high coverage effectively without those sophisticated means has been proposed. However, the technique shows its weakness in the generation of test data that leads to high coverage for programs having branch conditions where different memory locations are binded during execution. For certain programs with flag conditions, in particular, high coverage can not be achieved because specific branches are not executed. To address the problem, this paper presents dynamic branch coverage criteria and a test data generation technique based on the notion of dynamic branch. It is shown that the proposed technique compared to the previous approach is more effective by conducting experiments involving programs with flag conditions.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.3
• /
• pp.17-25
• /
• 2017

In this paper, we compared four analyzers Clang, CppCheck, Compass, and a commercial one from a domestic startup using the NIST's Juliet test suit and STONESOUP that is introduced recently. Tools showed detection efficacy in the order of Clang, CppCheck, the domestic one, and Compass under Juliet tests; and Clang, the domestic one, Compass, and CppCheck under STONESOUP tests. We expect it would be desirable to utilize symbolic execution for vulnerability analysis in the future. On the other hand, the results of tool evaluation also testifies that Juliet and STONESOUP as a benchmark for static analysis tools can reveal differences among tools. Finally, each analyzer has different CWEs that it can detect all given test programs. This result can be used for selection of proper tools with respect to specific CWEs.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.11
• /
• pp.94-103
• /
• 2017

As automatic hacking tools and techniques have been improved, the number of new vulnerabilities has increased. The CVE registered from 2010 to 2015 numbered about 80,000, and it is expected that more vulnerabilities will be reported. In most cases, patching a vulnerability depends on the developers' capability, and most patching techniques are based on manual analysis, which requires nine months, on average. The techniques are composed of finding the vulnerability, conducting the analysis based on the source code, and writing new code for the patch. Zero-day is critical because the time gap between the first discovery and taking action is too long, as mentioned. To solve the problem, techniques for automatically detecting and analyzing software (SW) vulnerabilities have been proposed recently. Cyber Grand Challenge (CGC) held in 2016 was the first competition to create automatic defensive systems capable of reasoning over flaws in binary and formulating patches without experts' direct analysis. Darktrace and Cylance are similar projects for managing SW automatically with artificial intelligence and machine learning. Though many foreign commercial institutions and academies run their projects for automatic binary analysis, the domestic level of technology is much lower. This paper is to study developing automatic detection of SW vulnerabilities and defenses against them. We analyzed and compared relative works and tools as additional elements, and optimal techniques for automatic analysis are suggested.

• Journal of KIISE
• /
• v.43 no.6
• /
• pp.692-699
• /
• 2016

C compilers for 8-bit MCUs used in washing machines and refrigerators often do not follow the C standard to improve runtime performance. Developers who are unaware of the difference between C compilers following the C standard and the C compilers for 8-bit MCU can cause bugs that do not appear in the standard C environment but appear in the embedded systems using 8-bit MCUs. It is difficult for bug detectors that assume the standard C environment to detect such bugs. In this paper, we introduce integer promotion bugs caused by the different integer promotion rules of the C compilers for 8-bit MCU from the C standard and propose 5 bug patterns where the integer promotion bugs occur. We have developed an integer promotion bug detection tool and applied it to the washing machine control software developed by the LG electronics. The integer promotion bug detection tool successfully detected 27 integer promotion bugs in the washing machine control software.

• Journal of KIISE:Software and Applications
• /
• v.36 no.1
• /
• pp.10-20
• /
• 2009

As unit testing should be performed repeatedly and continuously, it is a high-cost software development activity. Although there are many studies on unit test automation, there are less studies on automated test case generation which are worthy of note. In this paper, we discuss a study on automated test data generation from source codes and indicate algorithms for each stage. We also show some issues of test data generation and introduce an automated test data generating tool: CUTIG. As CUTIG generates test data not from require specifications but from source codes, software developers could generate test data when specifications are insufficient or discord with real implementation. Moreover we hope that the tool could help software developers to reduce cost for test data preparation.