• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.803-810
• /
• 2017

Recently, social security problems have been caused by the development of the software industry, and a variety of automation techniques have been used to verify software stability. In this paper, we propose a method of automatically detecting a use-after-free vulnerability on Windows system calls using dynamic symbolic execution, one of the software testing methods. First, a static analysis based pattern search is performed to select a target point. Based on the detected pattern points, we apply an induced path search technique that blocks branching to areas outside of interest. Through this, we overcome limitations of existing dynamic symbolic performance technology and verify whether vulnerability exists at actual target point. As a result of applying the proposed method to the Windows system call, it is confirmed that the use-after-free vulnerability, which had previously to be manually analyzed, can be detected by the proposed automation technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.919-928
• /
• 2018

Out-Of-Bounds (OOB) is one of the most powerful vulnerabilities in heap memory. The OOB vulnerability allows an attacker to exploit unauthorized access to confidential information by tricking the length of the array and reading or writing memory of that length. In this paper, we propose a method to automatically detect OOB vulnerabilities in heap memory using dynamic symbol execution and shadow memory table. First, a shadow memory table is constructed by hooking heap memory allocation and release function. Then, when a memory access occurs, it is judged whether OOB can occur by referencing the shadow memory, and a test case for causing a crash is automatically generated if there is a possibility of occurrence. Using the proposed method, if a weak block search is successful, it is possible to generate a test case that induces an OOB. In addition, unlike traditional dynamic symbol execution, exploitation of vulnerabilities is possible without setting clear target points.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.437-444
• /
• 2014

In this paper, we introduce a Graph based Binary Code Execution Path Exploration Platform. In the graph, a node is defined as a conditional branch instruction, and an edge is defined as the other instructions. We implemented prototype of the proposed method and works well on real binary code. Experimental results show proposed method correctly explores execution path of target binary code. We expect our method can help Software Assurance, Secure Programming, and Malware Analysis more correct and efficient.

• Journal of KIISE
• /
• v.44 no.2
• /
• pp.171-178
• /
• 2017

In this study, we propose an automated unit test generation technique for detecting vulnerabilities of Android kernel modules. The technique automatically generates unit test drivers/stubs and unit test inputs for each function of Android kernel modules by utilizing dynamic symbolic execution. To reduce false alarms caused by function pointers and missing pre-conditions of automated unit test generation technique, we develop false alarm reduction techniques that match function pointers by utilizing static analysis and generate pre-conditions by utilizing def-use analysis. We showed that the proposed technique could detect all existing vulnerabilities in the three modules of Android kernel 3.4. Also, the false alarm reduction techniques removed 44.9% of false alarms on average.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.811-820
• /
• 2017

Software automatic technology research recently focuses not only on generating a single path test-case, but also on finding an optimized path to reach the vulnerability through various test-cases. Although Dynamic Symbolic Execution (DSE) technology is popular among these automatic technologies, most DSE technology researches apply only to Linux binaries or specific modules themselves. However, most software are vulnerable based on input files. Therefore, this paper proposes an input file based dynamic symbolic execution method for software vulnerability verification. As a result of applying it to three kinds of actual binary software, it was possible to create a test-case effectively reaching the corresponding point through the proposed method. This demonstrates that DSE technology can be used to automate the analysis of actual software.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10c
• /
• pp.292-294
• /
• 2004

향후 세상의 모습을 그려볼 때 흔히들 유비쿼터스 시대를 언급한다. 이를 위해서는 다양한 서비스 공급자들과 사용자들이 서로 네트워크로 묶여 있어야 하며, 이때의 네트워크는 선이 없는 무선 환경이고, 국소 지역을 커버하는 Ad-hoc망이 기본 네트워크 망이 될 것이다. 이러한 네트워크로 이루어진 다양한 장소, 임의의 시간에 존재하는 다수의 서비스들 중에서 원하는 서비스를 찾는 일을 service discovery라고 하며, 이를 위해서 기존의 wired 망에서는 네트워크 계층 위에서 이를 수행하는 작업이 이루어져 왔다. 본 논문에서는 service discovery 실행을 별도의 에이전트나 응용 레벨에 두지 않고, 이를 Ad-hoc 라우팅 계층에서 수행 함으로써 오버헤드 트래픽이 줄어들고, 응답 시간이 짧아지는 성능 향상이 있음을 제시하고 있다. E한 동적/부분 caching 기법에 대해서도 제시하고 있다. 아울러 다양한 사용자의 기호(User Preference)를 표현하고, 이를 바탕으로 서비스를 검색하기 위한 새로운 서비스 표현/검색 모델을 제시하였다. 실제로 이러한 service discovery 기능을 Ad-hoc 라우팅 계층에서 처리하도록 하는 Ad-hoc 라우팅 데몬을 구현하고, 테스트 베드를 구축하여 동작 시킴으로써 실제 상황에서도 얼마나 효율적인가를 구체적으로 제시하고 있다.

• Journal of KIISE
• /
• v.43 no.6
• /
• pp.692-699
• /
• 2016

C compilers for 8-bit MCUs used in washing machines and refrigerators often do not follow the C standard to improve runtime performance. Developers who are unaware of the difference between C compilers following the C standard and the C compilers for 8-bit MCU can cause bugs that do not appear in the standard C environment but appear in the embedded systems using 8-bit MCUs. It is difficult for bug detectors that assume the standard C environment to detect such bugs. In this paper, we introduce integer promotion bugs caused by the different integer promotion rules of the C compilers for 8-bit MCU from the C standard and propose 5 bug patterns where the integer promotion bugs occur. We have developed an integer promotion bug detection tool and applied it to the washing machine control software developed by the LG electronics. The integer promotion bug detection tool successfully detected 27 integer promotion bugs in the washing machine control software.