• Journal of KIISE
• /
• v.41 no.12
• /
• pp.1007-1012
• /
• 2014

Software birthmarks are used to detect software plagiarism. For binaries, however, only a few birthmarks have been developed. In this paper, we propose a static approach to generate API sequences along major paths, which are analyzed from control flow graphs of the binaries. Since our API sequences are extracted along the most plausible paths of the binary codes, they can represent actual API sequences produced from binary executions, but in a more concise form. Our similarity measures use the Smith-Waterman algorithm that is one of the popular sequence alignment algorithms for DNA sequence analysis. We evaluate our static path-based API sequence with multiple versions of five applications. Our experiment indicates that our proposed method provides a quite reliable similarity birthmark for binaries.

• Electronics and Telecommunications Trends
• /
• v.14 no.4 s.58
• /
• pp.1-9
• /
• 1999

In this paper, we summarize the lessons learned from the applications of the software reliability engineering to a large-scale software project. The considered software is the software system of the TDX-10 ISDN switching system. The considered software consists of many components, called functional blocks. These functional blocks serve as the unit of coding and test. The software is continuing to be developed by adding new functional blocks. We are mainly concerned with the analysis of the effects of these software components to software reliability and with the analysis of the reliability evolution. We analyze the static characteristics of the software related to software reliability using failure data collected during system test. We also discussed a pattern which represents a local and global growth of the software reliability as version evolves. To find the pattern of software of the TDX-10 ISDN system, we apply the S-shaped model to a collection of failure data sets of each evolutionary version and the Goel-Okumoto (G-O) model to a grouped overall failure data set. We expect this pattern analysis will be helpful to plan and manage necessary human/resources for a new similar software project which is developed under the same developing circumstances by estimating the total software failures with respect to its size and time.

• Proceedings of the Computational Structural Engineering Institute Conference
• /
• 2006.04a
• /
• pp.971-976
• /
• 2006

This paper presents a design technique of steel structures subjected to static and dynamic loadings using practical nonlinear inelastic analysis software. The beam-column approach using the stability functions and the plastic hinge concept enables the software to suitably predict second-order effects and inelastic behavior of beam-columns. For dynamic analysis. the incremental from of the equation of motion is solved by the use of a step-by-step numerical integration procedure in which the assumption of constant acceleration over a small time step is employed. The accuracy of the analysis program is validated using the results of ABAQUS program and experimental tests. A user-friendly graphic interface of the software is developed to facilitate the modeling process and result interpretation of the problem. A design example of large span bridge is presented to detail the direct design process using the practical advanced analysis software.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.6
• /
• pp.2591-2611
• /
• 2020

Botnets have become one of the most significant threats to Internet-connected smartphones. A botnet is a combination of infected devices communicating through a command server under the control of botmaster for malicious purposes. Nowadays, the number and variety of botnets attacks have increased drastically, especially on the Android platform. Severe network disruptions through massive coordinated attacks result in large financial and ethical losses. The increase in the number of botnet attacks brings the challenges for detection of harmful software. This study proposes a smart framework for mobile botnet detection using static analysis. This technique combines permissions, activities, broadcast receivers, background services, API and uses the machine-learning algorithm to detect mobile botnets applications. The prototype was implemented and used to validate the performance, accuracy, and scalability of the proposed framework by evaluating 3000 android applications. The obtained results show the proposed framework obtained 98.20% accuracy with a low 0.1140 false-positive rate.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.17 no.2
• /
• pp.213-222
• /
• 2014

In this paper, we introduce that MAAB style guideline has effects on the codes generated from Simulink models for static and dynamic software testing, when weapon system embedded software design and implementation are performed using the model based method. As showing the effects, MAAB guideline is helpful for defect prevention related with coding rules and run time errors associated with the DAPA weapon system embedded software guide. Thus, we check related items between MAAB and DAPA software reliability testing including static and dynamic analysis. And then we propose the criterion to select proper items from MAAB for DAPA guideline and show how to verify the relationship and the effects on reliability of models in Simulink. In addition, we show the needs for clear logics in conditional block models or statements and simple complexity models for Simulink model based design.

• Journal of KIISE:Software and Applications
• /
• v.30 no.7_8
• /
• pp.696-702
• /
• 2003

This paper presents a static analysis based on set-based framework which estimates exception propagation paths of Java programs, and a visualization tool which visualizes propagation paths of exceptions using the static analysis information. We have implemented the exception propagation analysis and a visualization tool, which can guide programmers to handle exceptions more effectively.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.6
• /
• pp.2354-2376
• /
• 2020

SmartThings is one of the most popular open platforms for home automation IoT solutions that allows users to create their own applications called SmartApps for personal use or for public distribution. The nature of openness demands high standards on the quality of SmartApps, but there have been few studies that have evaluated this thoroughly yet. As part of software quality practice, code reviews are responsible for detecting violations of coding standards and ensuring that best practices are followed. The purpose of this research is to propose systematically designed quality metrics under the well-known Goal/Question/Metric methodology and to evaluate the quality of SmartApps through automatic code reviews using a static analysis. We first organize our static analysis rules by following the GQM methodology, and then we apply the rules to real-world SmartApps to analyze and evaluate them. A study of 105 officially published and 74 community-created real-world SmartApps found a high ratio of violations in both types of SmartApps, and of all violations, security violations were most common. Our static analysis tool can effectively inspect reliability, maintainability, and security violations. The results of the automatic code review indicate the common violations among SmartApps.

• Journal of Software Engineering Society
• /
• v.28 no.1
• /
• pp.13-22
• /
• 2019

To enhance effective and efficient applications of automated security vulnerability checkers in highly competitive and fast-evolving IT industry, this paper studies a comprehensive set of security bug checkers in open-source static analysis frameworks and how they can be utilized for source code inspections according to the security vulnerability inspection guidelines by MOIS. This paper clarifies the relationship be tween all 42 inspection criteria in the MOIS guideline and total 323 security bug checkers in 4 popular open-source static analysis frameworks for Java web applications. Based on the result, this paper also discuss the current challenges and issues in the MOIS guideline, the comparison among the four security bug checker frameworks, and also the ideas to improve the security inspection methodologies using the MOIS guideline and open-source static security bug checkers.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.4A
• /
• pp.399-414
• /
• 2004

In this paper, an evolution of software reliability engineering in a large-scale software project is summarized. The considered software consists of many components, called functional blocks in software of switching system. These functional blocks are served as the unit of coding and test, and the software is continuously updated by adding new functional blocks. We are mainly concerned with the analysis of the effects of these software components in software reliability and reliability evolution. We analyze the static characteristics of the software related to software reliability using collected failure data during system test. We also discussed a pattern which represents a local and global growth of the software reliability as version evolves. To find the pattern of system software, we apply the S-shaped model to a collection of failure data sets of each evolutionary version and the Goel-Okumoto(G-O) model to a grouped overall failure data set. We expect this pattern analysis will be helpful to plan and manage necessary human/resources fur a new similar software project which is developed under the same developing circumstances by estimating the total software failures with respect to its size and time.

• KIISE Transactions on Computing Practices
• /
• v.22 no.8
• /
• pp.351-356
• /
• 2016

In recent years, as smartphones with Android platforms expand, the number of Android applications increases. Android applications implement Java and XML to compose the user interface, among other things. Between Java and XML, various problems may occur. Nonetheless, static analysis research and tools are not sufficient. In this paper we will list the problems which may occur between Java and XML. Subsequently, we will propose a detection method for them. Using the proposed technique, we found 172 Android-specific problems and 35 performance drop issues in 150 Android applications in the Google Play Store. We would like to contribute to research into static analysis and software quality improvement.