Seong-je Cho

Predictability of earliest deadline zero laxity algorithm for multiprocessor real-time systems

Validation methods for hard real-time jobs are usually performed based on the maximum execution time. The actual execution time of jobs are assumed to be known only when the jobs arrive or not known until they finish. A predictable algorithm must guarantee that it can generate a schedule for any set of jobs such that the finish time for the actual execution time is no later than the finish time for the maximum execution time. It is known that any job-level fixed priority algorithm (such as earliest deadline first) is predictable. However, job-level dynamic priority algorithms (such as least laxity first) may or may not. In this paper, we investigate the predictability of a job-level dynamic priority algorithm EDZL (earliest deadline zero laxity). We show that EDZL is predictable on the domain of integers regardless of the knowledge of the actual execution times. Based on this result, furthermore, we also show that EDZL can successfully schedule any periodic task set if the total utilization is not greater than (m + 1)/2, where m is the number of processors

Design and Performance Evaluation of Binary Code Packing for Protecting Embedded Software against Reverse Engineering

Packing (or executable compression) is considered as one of the most effective anti-reverse engineering methods in the Microsoft Windows environment. Even though many reversing attacks are widely conducted in the Linux-based embedded system there is no widely used secure binary code packing tools for Linux. This paper presents two secure packing methods that use AES encryption and the UPX packer to protect the intellectual property (IP) of software from reverse engineering attacks on Linux-based embedded system. We call these methods: secure UPX and AES-encryption packing. Since the original UPX system is designed not for software protection but for code compression, we present two anti-debugging methods in the unpacking module of the secure UPX to detect or abort reverse engineering attacks. Furthermore, since embedded systems are highly resource constrained, minimizing unpacking overhead is important. Therefore, we analyze the performance of the two packing methods from the perspective of: (i) code size, (ii) execution time, and (iii) power consumption. Our analysis results show that the Secure UPX performs better than AES-encryption packing in terms of the code size, execution time, and power consumption.

Efficient Identification of Bad Signatures in RSA-Type Batch Signature

As the use of electronic voting systems and e-commerce systems increases, the efficient batch verification of digital signatures becomes more and more important. In this paper, we first propose a new method to identify bad signatures in batches efficiently for the case when the batch contains one bad signature. The method can find out the bad signature using smaller number of modular multiplications than the existing method. We also propose an extension to the proposed method to find out two or more bad signatures in a batch instance. Experimental results show that our method yields better performance than the existing method in terms of the number of modular multiplications.

Classifying Malicious Web Pages by Using an Adaptive Support Vector Machine

In order to classify a web page as being benign or malicious, we designed 14 basic and 16 extended features. The basic features that we implemented were selected to represent the essential characteristics of a web page. The system heuristically combines two basic features into one extended feature in order to effectively distinguish benign and malicious pages. The support vector machine can be trained to successfully classify pages by using these features. Because more and more malicious web pages are appearing, and they change so rapidly, classifiers that are trained by old data may misclassify some new pages. To overcome this problem, we selected an adaptive support vector machine (aSVM) as a classifier. The aSVM can learn training data and can quickly learn additional training data based on the support vectors it obtained during its previous learning session. Experimental results verified that the aSVM can classify malicious web pages adaptively.

EMCEM: An Efficient Multimedia Content Encryption Scheme for Mobile Handheld Devices

Since many people consume multimedia content (music, movie etc.) on mobile devices, mobile DRM becomes important, which controls digital content usage under wireless environment. In a typical DRM model, a block cipher is usually used to encrypt multimedia content because of its reasonable security and performance. However, encrypting multimedia content using a block cipher in mobile environment requires much computation power and energy due to its huge size. It is critical problems because users want long playtime and quick responsiveness with random access. In this paper, we propose an efficient multimedia content encryption scheme for mobile handheld devices (EMCEM), which uses a block cipher to encrypt some parts of content and a stream cipher to encrypt the others. We also use different stream cipher key to improve security. EMCEM accommodates the current DRM architecture, supports random access to a media file, and has flexibility to determine easily the trade-off between performance and security. Experimental results have shown that EMCEM has much better performance than encrypting content completely using a block cipher.

A kernel-based monitoring approach for analyzing malicious behavior on Android

This paper proposes a new technique that monitors important events at the kernel level of Android and analyzes malicious behavior systematically. The proposed technique is designed in two ways. First, in order to analyze malicious behavior that might happen inside one application, it monitors file operations by hooking the system calls to create, read from, and write to a file. Secondly, in order to analyze malicious behavior that might happen in the communication between colluding applications, it monitors IPC messages (Intents) by hooking the binder driver. Our technique can detect even the behavior of obfuscated malware using a run-time monitoring method. In addition, it can reduce the possibility of false detection by providing more specific analysis results compared to the existing methods on Android. Experimental results show that our technique is effective to analyze malicious behavior on Android and helpful to detect malware.

Implementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture

Obfuscation is one of the most effective methods to protect software against malicious reverse engineering intentionally making the code more complex and confusing. In this paper, we implement and evaluate an obfuscation tool, or obfuscatorfor protecting the intellectual property of C/C++ source code. That is, this paper presents an implementation of a code obfuscator, a tool which transforms a C/C++ source program into an equivalent one that is much harder to understand. We have used the ANTRL parser generator for parsing C/C++ programs, and applied some obfuscation algorithms. Performance analysis is conducted by executing two obfuscated programs on the XScale architecture to establish the relationship between the complexity and the performance of each program. When the obfuscated source code has been compared with the original source code, it has enough effectiveness in terms of potency and resilience though it incurs some run-time overhead.

A Static Birthmark for MS Windows Applications Using Import Address Table

A software birthmark is unique and native characteristics of software, and thus can be used to detect the theft of software. We propose a new static software birthmark for programs on Microsoft Windows which have Portable Executable (PE) format. These programs use different Dynamic Link Libraries (DLLs) and Application Program Interfaces (APIs) while they are executing. The number and names of the used DLLs and APIs are unique to each program. The proposed birthmark is based on these numbers and names. This information can be obtained from the Import Address Table (IAT), which is part of the PE file. By inspecting the proposed birthmark, we can identify certain software and detect pirated software. To evaluate the effectiveness of the proposed birthmark, we inspect and compare several applications of different kinds. The experimental results show that the proposed birthmark can identify Windows applications, leading to the prevention of an illegal distribution of copyrighted software.

Protecting data on android platform against privilege escalation attack

The users of smartphones are rapidly expanding worldwide. These devices have users security-sensitive data and are ready to communicate with the outside world. Various kinds of malware are attacking smartphones, especially Android phones, but the existing Android security measure does not work satisfactorily. One-third of the current Android malware were privilege escalation attacks, which try to obtain root-privilege to fully compromise the Android security. We propose a detection and prevention scheme that protects Android against such privilege escalation attack that tries to get full access to all data. The proposed scheme monitors important system calls from an application process. If the system call must be called by privileged Android system components in normal operation, the scheme prevent it from executing. The scheme can detect and prevent new and unknown malware as well as currently known one.

An efficient implementation of RC4 cipher for encrypting multimedia files on mobile devices

Abstract. In this paper, we implement and evaluate an efficient RC4 stream cipher, called key-pooled RC4, to transfer securely multimedia files in the wireless mobile network. In key-pooled RC4, a 1MB-sized key stream pool, which consists of 2048 or 8192, or 32768 key stream frames, is created uniquely for each client device in the registration step. When a client requests a multimedia file, the server delivers the file after encrypting it using the sequence of key stream frames which are randomly selected from the corresponding key stream pool. Our experimental results show that the proposed scheme is more time efficient than the normal RC4. Moreover, the key-pooled RC4 scheme is more secure than normal RC4.