• Journal of the Korea Society of Computer and Information
• /
• v.20 no.8
• /
• pp.69-75
• /
• 2015

Nowadays, software plays various roles in applications in wide areas. However, the security problems caused by software vulnerabilities increase. So, it is necessary to improve software security and safety in software execution. In this paper, we propose an approach to improve the safety of software execution by managing information used in software through static data access analysis. The approach can detect the exposures of secure data in software execution by analyzing information property and flows through static data access analysis. In this paper, we implemented and experimented the proposed approach with a base language, and verify that the proposed approach can effectively detect the exposures of secure information. The proposed approach can be applied in several areas for improving software safety by analysing vulnerabilities from information flows in software execution.

• Journal of KIISE
• /
• v.44 no.10
• /
• pp.1081-1086
• /
• 2017

A program analysis of a large-scale open-source software repository has a significant meaning in that it allows us to examine the changes and improvements of the software in repositories, and this brings more reliable results based on a large amount of programs. In this paper, we introduce a new static analysis framework WALABOA, which enables a scalable static analysis of large-scale software repositories. In addition, we show new findings from applying WALABOA, together with a module comparing the analysis results from a static analysis and a dynamic analysis, in evaluation of the field-based analysis, one of JavaScript static analysis techniques used in WALA.

• Journal of Information Technology Services
• /
• v.17 no.3
• /
• pp.171-189
• /
• 2018

To remove software defects and improve performance of software, many developers perform code inspections and use static analysis tools. A code inspection is an activity that is performed manually to detect software defects in the developed source. However, there is no clear criterion which source codes are inspected. A static analysis tool can automatically detect software defects by analyzing the source codes without running the source codes. However, it has disadvantage that analyzes only the codes in the functions without analyzing the relations among source functions. The functions in the source codes are interconnected and formed a social network. Functions that occupy critical locations in a network can be important enough to affect the overall quality. Whereas, a static analysis tool merely suggests which functions were called several times. In this study, the core functions will be elicited by using social network analysis and DEA (Data Envelopment Analysis) for CUBRID open database sources. In addition, we will suggest clear criteria for selecting the target sources for code inspection and will suggest ways to find core functions to minimize defects and improve performance.

• IE interfaces
• /
• v.25 no.4
• /
• pp.416-421
• /
• 2012

One of the activities to improve software quality in ISO 26262 is to apply the design principles for software unit design and implementation mentioned in ISO 26262-6, including the evaluation activity. Before evaluation activity, the tool is compared and selected for evaluation. Because the results of the tool a company selected might have an effect on product quality. In this paper, we suggest the method to compare industrial static analysis tools with some of "MISRA C : 2004 Exemplar Suite" and all lessons learned from comparing tools are described. The result on comparison shows that we just couldn't rely on a result of Static Analysis Tool and need to have another appropriate processes and guidelines to evaluate a software.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.4
• /
• pp.513-519
• /
• 2015

Static analysis is one of the software source code analysis tools. 9 static analysis methods of three groups are recommended by international electro-technical commission about software safety related standard in IEC 62279. In this paper we choose the proper static analysis method from IEC 62279 about the train wayside communication system, Shorten the time of railway signalling software development using LDRA tools. And it wil be useful to improve the effective development of the safety-related software.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.605-615
• /
• 2018

Due to the rapid growth of the Internet of Things market, the use of the C/C++ language, which is the most widely used language in embedded systems, is also increasing. To improve the quality of code in the C/C++ language and reduce development costs, it is better to use static analysis, a software verification technique that can be performed in the first half of the software development life cycle. Many programs use static analysis to verify software safety and many static analysis tools are being used and studied. In this paper, we use Clang static analysis tool to check security weakness detection performance of verified test code. In addition, we compared the static analysis results of the test codes applied with the source obfuscation techniques, layout obfuscation, data obfuscation, and control flow obfuscation techniques, and the static analysis results of the original test codes, Analyze the detection ability impact of the Clang static analysis tool.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.5
• /
• pp.420-427
• /
• 2013

Recently, for secure software development, static analysis tools have been used mostly to analyze the source code of the software and identify software weaknesses caused of vulnerabilities. In order to select the optimal static analysis tool, both weaknesses rules and analysis capabilities of the tool are important factors. Therefore, in this paper we propose the test codes developed for evaluating the rules and analysis capabilities of the tools. The test codes to involve 43 weaknesses such as SQL injection etc. can be used to evaluate the adequacy of the rules and analysis capabilities of the tools.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.49 no.6
• /
• pp.473-480
• /
• 2021

In this paper, We analyze and present improvements to problems in software quality through Static Analysis for Open Source, which is widely used as the Flight Controller software for small unmanned aerial vehicle drones. MISRA coding rules, which are widely applied based on software quality, have been selected. Static analysis tools were used by LDRA tools certified international tools used in all industries, including automobiles, railways, nuclear power and healthcare, as well as aviation. We have identified some safety-threatening problems across the quality of the software, such as structure of open source modules, analysis of usage data, compliance with coding rules, and quality indicators (complexity and testability), and have presented improvements.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.13 no.6
• /
• pp.305-312
• /
• 2018

Software has been used to develop many functions of the modern weapon systems which has a high mission criticality. Weapon system software must consider multi-threaded processing to satisfy growing performance requirement. However, developing multi-threaded programs are difficult because of concurrency faults, such as unintended data races. Especially, it is important to prepare analysis for debugging the data races, because the weapon system software may cause personal injury. In this paper, we present an efficient framework of analysis, called ConDeWS, which is designed to determine the scope of dynamic analysis through using the result of static analysis and fault analysis. As a result of applying the implemented framework to the target software, we have detected unintended data races that were not detected in the static analysis.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.4
• /
• pp.37-45
• /
• 2010

A system which needs timely accuracy has to design and to verify correctly about execution-time for reliability. Accordingly, it is necessary for timing analysis tools, and much previous research worked. In timing analysis tool, there are two methods. One is a static analysis, and the other is a measurement based analysis. A static analysis is able to spend time less than a measurement based analysis method, but has low reliability of analysis result caused by hard to estimate time of I/O caused by various hardware. A measurement based analysis can be close analysis to real result, but it is hard to adapt to actual application, and spend a lot of time to get result of analysis. As such, this paper present a software monitoring architecture to supply reliability of static analysis process. In a presented architecture, it can select target as needed measurement through static analysis, and reuse result of measurement exist. Therefore, The architecture can reduce overload of time and performance for measurement, and improve the reliability which is the worst problem of static analysis.