Á¤º¸°úÇÐȸ³í¹®Áö (Journal of KIISE)
| ÇѱÛÁ¦¸ñ(Korean Title) |
ÇÔ¼ö ¼öÁØ Æ¯Â¡Á¤º¸ ±â¹ÝÀÇ ¿ÀǼҽº ¼ÒÇÁÆ®¿þ¾î ¸ðµâ ŽÁö |
| ¿µ¹®Á¦¸ñ(English Title) |
Detection of an Open-Source Software Module based on Function-level Features |
| ÀúÀÚ(Author) |
±èµ¿Áø
Á¶¼ºÁ¦
Dongjin Kim
Seong-je Cho
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 42 NO. 06 PP. 0713 ~ 0722 (2015. 06) |
Çѱ۳»¿ë
(Korean Abstract) |
OSS(Open-Source Software)ÀÇ »ç¿ë Áõ°¡¿Í ÇÔ²² ¶óÀ̼±½º À§¹Ý, Ãë¾àÇÑ ¼Ò½ºÄÚµå Àç»ç¿ë µî¿¡ ÀÇÇÑ ºÐÀï ¹× ÇÇÇØ°¡ ºó¹øÇØÁö°í ÀÖ´Ù. ÀÌ¿¡, ½ÇÇàÆÄÀÏ(¹ÙÀ̳ʸ®) ¼öÁØ¿¡¼ ÇÁ·Î±×·¥¿¡ OSS ¸ðµâÀÌ Æ÷ÇԵǾú´ÂÁö ¿©ºÎ¸¦ È®ÀÎÇÏ´Â ±â¼úÀÌ ÇÊ¿äÇØÁ³´Ù. º» ³í¹®¿¡¼´Â ¹ÙÀ̳ʸ®¿¡¼ ÇÔ¼ö ¼öÁØÀÇ Æ¯Â¡Á¤º¸¸¦ »ç¿ëÇÏ¿© OSS ¸ðµâÀ» ŽÁöÇÏ´Â ±â¹ýÀ» Á¦¾ÈÇÑ´Ù. ±âÁ¸ ¼ÒÇÁÆ®¿þ¾î Ư¡Á¤º¸(¹ö½º¸¶Å©) ±â¹Ý µµ¿ë ŽÁö ±â¹ýµéÀº ÇÁ·Î±×·¥ Àüü °£ À¯»ç¼ºÀ» ºñ±³Çϱ⠶§¹®¿¡ ÇÁ·Î±×·¥ÀÇ ÀϺηΠÆ÷ÇÔµÈ OSS ¸ðµâµéÀ» ŽÁöÇϴµ¥ ºÎÀûÇÕÇÏ´Ù. º» ³í¹®¿¡¼´Â, ÇÔ¼ö ¼öÁØÀÇ ½ÇÇà¸í·É¾î, Á¦¾î È帧 ±×·¡ÇÁ(Control Flow Graph)¿Í °³¼±µÈ ÇÔ¼ö ¼öÁØ ±¸Á¶Àû Ư¡Á¤º¸¸¦ ÃßÃâÇÏ°í À¯»ç¼ºÀ» ºñ±³ÇÏ¿© OSS ¸ðµâÀÇ ÀÓÀÇ »ç¿ë ¿©ºÎ¸¦ ŽÁöÇÑ´Ù. Á¦¾È ±â¹ýÀÇ È¿À²¼º°ú °¢ Ư¡Á¤º¸µéÀÇ OSS ŽÁö ¼º´ÉÀ» Æò°¡Çϱâ À§ÇØ, Ư¡Á¤º¸·®, OSS ¸ðµâ ŽÁö ½Ã°£ ¹× Á¤È®µµ, ÄÄÆÄÀÏ·¯ ÃÖÀûÈ¿¡ ´ëÇÑ °ÀμºÀ» ½ÇÇèÇÏ¿´´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
As open-source software (OSS) becomes more widely used, many users breach the terms in the license agreement of OSS, or reuse a vulnerable OSS module. Therefore, a technique needs to be developed for investigating if a binary program includes an OSS module. In this paper, we propose an efficient technique to detect a particular OSS module in an executable program using its function-level features. The conventional methods are inappropriate for determining whether a module is contained in a specific program because they usually measure the similarity between whole programs. Our technique determines whether an executable program contains a certain OSS module by extracting features such as its function-level instructions, control flow graph, and the structural attributes of a function from both the program and the module, and comparing the similarity of features. In order to demonstrate the efficiency of the proposed technique, we evaluate it in terms of the size of features, detection accuracy, execution overhead, and resilience to compiler optimizations.
|
| Å°¿öµå(Keyword) |
¿ÀǼҽº ¼ÒÇÁÆ®¿þ¾î
ÇÔ¼ö¼öÁØ Æ¯Â¡Á¤º¸
Á¦¾îÈ帧 ±×·¡ÇÁ
¹ÙÀ̳ʸ® ÇÁ·Î±×·¥
¸ðµâ ŽÁö
open-source software
function-level features
control flow graph
binary program
module detection
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
