• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1225-1234
• /
• 2019

The security of the firmware is more important because embedded devices have become popular. Network devices such as routers can be attacked by attackers through web application vulnerabilities in embedded firmware. Therefore, they must be found and removed quickly. The Firmadyne framework proposes a dynamic analysis method to find vulnerabilities after emulating firmware. However, it only performs vulnerability checks according to the analysis methods defined in the tool, thus limiting the scope of vulnerabilities that can be found. In this paper, fuzzing is performed in emulation-based environment through fuzzing, one of the software security test techniques. We also propose a Fabfuzz tool for efficient emulation based fuzzing. Experiments have shown that in addition to the vulnerabilities identified in existing tools, other types of vulnerabilities have been found.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.541-548
• /
• 2017

The smartphone operates the media server daemon to handle audio service requests. Media server daemons, running with a high privilege in the background, caused many vulnerabilities to applications most frequently used in smart devices including smartphones. Fuzzing is a popularly used methodology to find software vulnerabilities. Unfortunately, fuzzing itself is not much effective in such format-strict environments as media services. In this paper, we propose a file format-aware fuzzing in order to efficiently detect vulnerabilities of media server daemon. We acquired a remote arbitrary code execution vulnerability on iOS/tvOS/MacOS/watchOS, and we verified the effectiveness by comparing our methodology with the fuzzers FileFuzz and ZZUF.

• Journal of the Korea Convergence Society
• /
• v.12 no.1
• /
• pp.11-17
• /
• 2021

If a vulnerability in the software connected to the network to obtain the user's privilege, a remote attacker could gain the privilege to use the computer. In addition, in a user environment in which an operating system for a specific series is used a lot, if a problem occurs in the operating system, considerable damage can occur. In particular, If an error is a security vulnerability, it can be a very big problem. Various studies have been conducted to find and respond to vulnerabilities in such a situation. Among various security technologies, the fuzzing technology is one of the most effective technologies to find errors in software. In this paper, I designed and implemented a fuzzing agent that can detect buffer overflow vulnerabilities that can occur in various applications. Through this fuzzing agent, application developers will be able to realize a more secure computing environment in which they can discover and fix vulnerabilities in their own applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.911-917
• /
• 2021

As software gets an increasing amount of patches, lots of software bugs are increasingly caused by such software patches, collectively known as regression bugs. To proactively detect the regressions bugs, both industry and academia are actively searching for a way to augment fuzz testing, one of the most popular automatic bug detection techniques. In this paper, we investigate the status quo of the studies on augmenting fuzz testing for regression bug detection and, based on the limitations of current proposals, provide an outlook of the relevant research.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.01a
• /
• pp.405-406
• /
• 2023

일반적으로 네트워크 장비는 원활한 장비 관리를 위해 SNMP라는 프로토콜을 활용한다. SNMP를 활용함에 있어, 각 장비 제조사에서는 고유 기능을 정의하여 사용하기도 하는데 이를 Private MIB이라고 한다. 본 연구에서는 이러한 Private MIB을 대상으로 하는 퍼징(Fuzzing) 기술을 고안하였다. 본 논문에서는 특정 제조사의 Private MIB에 대해 페이로드를 만드는 전략과 실제 페이로드의 생성을 보인다. 이는 수많은 소프트웨어 혹은 장비들의 초기 안전성 평가를 수행하는 데 응용될 수 있을 것으로 기대한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.275-285
• /
• 2019

Web-assemblies are a new binary standard designed to improve the performance of Web browser JavaScript. Web-assemblies are becoming a new web standard that can run at near native speed with efficient execution, concise representation, and code written in multiple languages. However, current Web-assembly vulnerability verification is limited to the Web assembly interpreter language, and vulnerability verification of Web-assembly binary itself is insufficient. Therefore, it is necessary to verify the safety of the web assembly itself. In this paper, we analyze how to operate the web assembly and verify the safety of the current web-assembly. In addition, we examine vulnerability of existing web -assembly and analyze limitations according to existing safety verification method. Finally, we introduce web-assembly API based fuzzing method to overcome limitation of web-assembly safety verification method. This verifies the effectiveness of the proposed Fuzzing by detecting crashes that could not be detected by existing safety verification tools.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.5
• /
• pp.119-126
• /
• 2019

Typical software developed and used by North Korea is Red Star and internal application software. However, most of the existing research on the North Korean software is the software installation method and general execution screen analysis. One of the ways to identify software vulnerabilities is file fuzzing, which is a typical method for identifying security vulnerabilities. In this paper, we use file fuzzing to analyze the security vulnerability of the software used in North Korea's Seogwang Document Processing System. At this time, we propose the analysis of open document text (ODT) file produced by Seogwang Document Processing System, extraction of node based on Document Object Mode (DOM) to determine test target, and generation of mutation file through insertion and substitution, this increases the number of crash detections at the same testing time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1225-1236
• /
• 2020

Fuzzing is an automated software testing methodology that dynamically tests the security of software by inputting randomly generated input values outside of the expected range. KISA is releasing open source for standard cryptographic algorithms, and many crypto module developers are developing crypto modules using this source code. If there is a vulnerability in the open source code, the cryptographic library referring to it has a potential vulnerability, which may lead to a security accident that causes enormous losses in the future. Therefore, in this study, an appropriate security policy was established to verify the safety of block cipher source codes such as SEED, HIGHT, and ARIA, and the safety was verified using differential fuzzing. Finally, a total of 45 vulnerabilities were found in the memory bug items and error handling items, and a vulnerability improvement plan to solve them is proposed.

• Journal of IKEEE
• /
• v.26 no.4
• /
• pp.614-621
• /
• 2022

This paper proposes RIDS (Random Forest-Based Intrusion Detection), which is an intrusion detection system to detect hacking attack based on random forest. RIDS detects three typical attacks i.e. DoS (Denial of service) attack, fuzzing attack, and spoofing attack. It detects hacking attack based on four parameters, i.e. time interval between data frames, its deviation, Hamming distance between payloads, and its diviation. RIDS was designed in memory-centric architecture and node information is stored in memories. It was designed in scalable architecture where DoS attack, fuzzing attack, and spoofing attack can be all detected by adjusting number and depth of trees. Simulation results show that RIDS has 0.9835 accuracy and 0.9545 F1 score and it can detect three attack types effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.775-785
• /
• 2023

As processor technology advances, it has accelerated ISA extensions and increased the complexity of micro-architectures, leading to a continued rise in the importance of processor validation techniques. Recently, various fuzzing techniques have been introduced to discover undocumented instructions, and this study highlights the shortcomings of existing undocumented instruction fuzzing techniques and presents our observation on error cases in the latest processors from Intel and AMD. In particular, we analyzes the causes of false positives resulting from the fuzzer incorrectly judging CPU instruction length and proposes the length determination technique based on instruction execution information to improve accuracy.