• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.397-405
• /
• 2018

Blacklist-based tools are most commonly used to effectively detect suspected malicious processes. The blacklist-based tool compares the malicious code extracted from the existing malicious code with the malicious code. Therefore, it is most effective to detect known malicious codes, but there is a limit to detecting malicious code variants. In order to solve this problem, the necessity of a white list-based tool, which is the opposite of black list, has emerged. Whitelist-based tools do not extract features of malicious code processes, but rather collect reliable processes and verify that the process that checks them is a trusted process. In other words, if malicious code is created using a new vulnerability or if variant malicious code appears, it is not in the list of trusted processes, so it can effectively detect malicious code. In this paper, we propose a method for effectively building a whitelist through research that collects reliable processes in the macOS operating system.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.102-110
• /
• 2001

대부분의 해킹 공격은 공격 대상 프로그램의 소스코드 보안취약점에 의해서 발생하지만 프로그램 개발시에 소스코드 보안성에 대해서는 고려되지 않았다. 이러한 문제점으로 인하여 해킹 공격의 근본적인 원인을 해결할 수 없었다. 본 논문에서는 취약점의 원인이 되는 코드를 컴파일시 생성된 어셈블리 코드 수준에서 탐지하는 방법을 제시하고자 한다. 취약한 코드를 컴파일러 수준에서 점검하는 것보다 어셈블리 코드 수준에서 점검하는 것은 어느 정도의 메모리 영역까지 점검할 수 있어 더 정확하다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.168-169
• /
• 2019

Trusted Execution Environment(TEE), such as Intel SGX, AMD Secure Processor and ARM TrustZone, has recently been a rising issue. Trusted Execution Environment provides a secure and independent code execution, hardware-based, environment for untrusted OS. In this paper, we show that Trusted Execution Environment's research trends on its vulnerability and attack models. We classify the previous attack models, and summarize mitigations for each TEE environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.449-452
• /
• 2021

산업제어시스템은 IT 기술의 발전에 따라 다양한 기기 환경과 네트워크를 적용해 진화하고 있다. 이러한 상황에서 사이버 보안의 위협은 가중되고 있으며, 이를 예방하는 방법의 하나로 산업제어시스템에 탑재되는 소프트웨어의 소스코드 개발 과정에서 보안 취약점을 예방하기 위해 소스코드 보안 룰을 적용하여 위반사항을 제거한다. 본 연구에서는 소스코드 보안 룰에서 적용 우선순위를 선정하기 위한 가이드를 개발한다.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.7 no.2 s.17
• /
• pp.48-56
• /
• 2004

This paper presents the GPS receiver's inherent interference effectiveness based on the receiver's internal processing gain. This research is to verify the weakness of the GPS satellite signals and evaluate the receiver's vulnerability in an interference situation. The experiment for the narrow band interference effectiveness for the L1 C/A code GPS receiver has been performed by using the Spirent GSS4765 jamming simulator. After analyzing the experimental result, it is compared with the calculated J/S value of the two different L1 C/A code GPS receivers. By the above result, the narrowband jamming effectiveness of the each jamming source and the jamming margin for the each receiver are to be analyzed in detail. Finally, we could utilize the result to analyze the jamming effectiveness on the GNSS receiver.

• Structural Engineering and Mechanics
• /
• v.32 no.2
• /
• pp.269-282
• /
• 2009

Responding to the threat of terrorist attacks around the world, numerous studies have been conducted to search for new methods of vulnerability assessment and protective technologies for critical infrastructure under extreme bomb blasts or high velocity impacts. In this paper, a two-dimensional behavioral rate dependent lattice model (RDLM) capable of analyzing reinforced concrete members subjected to blast and impact loading is presented. The model inherently takes into account several major influencing factors: the progressive cracking of concrete in tension, the inelastic response in compression, the yielding of reinforcing steel, and strain rate sensitivity of both concrete and steel. A computer code using the explicit algorithm was developed based on the proposed lattice model. The explicit code along with the proposed numerical model was validated using experimental test results from the Woomera blast trial.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.11
• /
• pp.1993-1998
• /
• 2008

Web robot engine for searching web sever vulnerability and malicious code is proposed in this paper. The main web robot function is based on searching technology which is derived from analyses of private information threat. We implemented the detecting method for phishing, pharming and malicious code on homepage under vulnerable surroundings. We proposed a novel approachm which is independent of any specific phishing implementation. Our idea is to examine the anomalies in web pages.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.5
• /
• pp.3121-3131
• /
• 2014

Vulnerabilities related to memory have been known as major threats to the security of a computer system. Actually, the number of attacks using memory vulnerability has been increased. Accordingly, various memory protection mechanisms have been studied and implemented on operating system while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as Return-Oriented Programing(ROP) and Jump-Oriented Programming(JOP) called Code Re-used attack to bypass the memory protection mechanism. Thus, in this paper, I analyzed code re-use attack techniques emerged recently among attacks related to memory, as well as analyzed various detection mechanisms proposed previously. Based on the results of the analyses, a mechanism that could detect various code re-use attacks on a binary level was proposed. In addition, it was verified through experiments that the proposed mechanism could detect code re-use attacks effectively.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.1003-1008
• /
• 2017

The Internet of Things has attracted considerable research attention in recent years. In order for the new IoT technology to be widely used, the reliability and protection of information is required. IoT systems are very vulnerable to physical security due to their easy accessibility. Along with the development of SoC technology, many operating systems have been developed and many new operating systems have been introduced. In this paper, we describe the vulnerability analysis results for operating systems running on the ARMv7 Thumb Architecture hardware platform. For the recently introduced "Windows 10 IoT Core" operating system, I implemented the Zero-Day Attack by implanting the penetration code developed through the research into a specific IoT system. The virus detection test for the resulting penetration code was validated by referral to the "virustotal" site.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.869-879
• /
• 2022

Through this study, we discovered that among three types of compressed data blocks generated through the Deflate algorithm, No-Payload Non-Compressed Block type (NPNCB) which has no literal data can be randomly generated and inserted between normal compressed blocks. In the header of the non-compressed block, there is a data area that exists only for byte alignment, and we called this area as DBA (Disposed Bit Area), where an attacker can hide various malicious codes and data. Finally we found the vulnerability that hides malicious codes or arbitrary data through inserting NPNCBs with infected DBA between normal compressed blocks according to a pre-designed attack scenario. Experiments show that even though contaminated NPNCB blocks were inserted between normal compressed blocks, commercial programs decoded normally contaminated zip file without any warning, and malicious code could be executed by the malicious decoder.