• Convergence Security Journal
• /
• v.14 no.5
• /
• pp.37-47
• /
• 2014

A Trojan malicious code is one of largest malicious codes and has been known as a virus that causes damage to a system as itself. However, it has been changed as a type that picks user information out stealthily through a backdoor method, and worms or viruses, which represent a characteristic of the Trojan malicious code, have recently been increased. Although several modeling methods for analyzing the diffusion characteristics of worms have proposed, it allows a macroscopic analysis only and shows limitations in estimating specific viruses and malicious codes. Thus, in this study an ESP model that can estimate future occurrences of Trojan malicious codes using the previous Trojan data is proposed. It is verified that the estimated value obtained using the proposed model is similar to the existing actual frequency in causes of the comparison between the obtained value and the result obtained by the Markov chain.

• Journal of KIISE:Computer Systems and Theory
• /
• v.26 no.4
• /
• pp.420-431
• /
• 1999

이 논문은 병렬 공유 메모리 시스템의 성능을 정확하게 평가할수 있으며 MIT의 Proteus 시뮬레이터의 기능을 확장한 시뮬레이터인 Trojan 에 대해 언급한다. 이 논문에서 언급되는 trojan 의 주요한 기능으로는 다음과 같다. 첫째, Trojan 은 프로세스 기반 응용 프로그램(예를 들어 SPLASH)과 쓰레드 기반 응용 프로그램들(예를 들어 SPLASH2) 에 대해 효율적 시뮬레이션을 제공한다. 둘째, 수행 구동 시뮬레이터 중에 처음으로 가상 메모리 시뮬레이션 기능이 구현되었다. 실제 운영체제의 가상 메모리 시스템과 하드웨어 시스템과의 상호작용 및 가상 메모리 시스템의 성능을 평가할수 있게 되었다. 기존의 공유 메모리 시뮬레이터들은 공유 메모리를 참조하기위해서 시뮬레이터 자체가 제공하는 문법에 맞게 변경해야만 하는 단점이 있다. 이 논문에서처럼 Trojan 시뮬레이터는 캐쉬동작, 네트웍통신양, 다주프로세서 시스템 설계,그리고 병렬 공유 응용 프로그램동작 및 성능 연구에 효율적이고 폭넓게 사용되고 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.29-32
• /
• 2012

하드웨어 Trojan은 악의적인 목적으로 전자 회로망에 수정을 가한 회로로, Trojan 설계자의 목적에 따라 특정 환경에서 동작(Trigger) 되어 전체 시스템에 심각한 보안문제를 초래할 수 있다. 일반적으로 Trojan은 동작 시 시스템의 방화벽이나 보안 장치 등의 시스템 일부를 하드웨어적으로 무력화 시켜 제 기능을 상실시키며 심각한 경우 시스템 전반에 걸쳐 모든 기능을 마비시킬 가능성이 있다. 본 연구에서는 군사 시설과 같이 고도의 보안 및 정확성이 요구되는 시스템 분야에서 신뢰성 향상에 초점을 두고, 서로 다른 프로세서에서 같은 연산을 처리하여 이를 비교할 수 있는 Vote Counter를 탑재한 이질 시스템(Heterogeneous system)을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.740-743
• /
• 2015

The increasing complexity of integrated circuits and IP-based hardware designs have created the risk of hardware Trojans. This paper introduces a new type of threat, the coherence-exploiting hardware Trojan. This Trojan can be maliciously implanted in master components in a system, and continuously injects memory read transactions on to bus or main interconnect. The injected traffic forces the eviction of cache lines, taking advantage of cache coherence protocols. This type of Trojans insidiously slows down the system performance, incurring Denial-of-Service (DoS) attack. We used Xilinx Zynq-7000 device to implement and evaluate the coherence-exploiting Trojan. The malicious traffic was injected through the AXI ACP interface in Zynq-7000. Then, we collected the L2 cache eviction statistics with performance counters. The experiment results reveal the severe threats of the Trojan to the system performance.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.24-26
• /
• 2013

Undefined Instruction 하드웨어 Trojan 은 정의되지 않은 명령어가 명령어 버스를 통해 CPU 에 유입될 경우 발현되어 CPU 의 전반적인 기능을 마비시킬 수 있는 하드웨어 Trojan 이다. 일반적으로 대부분의 상용화된 CPU 는 Undefined Instruction 에 대한 예외 처리를 지원하는데, ARM 의 경우 파이프 라인의 실행 단계에서 Undefined Instruction 임을 판별한다. 본 연구에서는 파이프 라인의 명령어 추출단계에서 발현되어서 명령어 해독단계에는 다른 명령어를 전달 시킴으로써 Undefined Instruction 예외처리를 피할 수 있는 하드웨어 Trojan 을 설계하고, 이를 방지하는 대응책을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.72-74
• /
• 2013

DoS(Denial of Service) 공격은 시스템을 악의적으로 공격해 해당 시스템의 자원을 부족하게 하여 원래 의도된 용도로 사용하지 못하게 하는 공격이다. 본 연구에서는 CPU의 인터럽트 처리 메커니즘을 악용한 하드웨어 Trojan의 DoS 공격 방법과 대응방안에 대해 연구한다. 이 연구에서 제안하는 하드웨어 Trojan은 기존 DoS 공격이 지속적인 서비스 요청으로 의도된 서비스가 불가능하게 하는 것과 유사하게 인터럽트를 지속적으로 발생시켜 CPU가 정상적인 동작을 할 수 없도록 한다. 본 연구에서는 이에 대한 대응 방법으로 인터럽트 서비스 루틴 코드의 수정을 통한 대응 및 Trojan 발견 방법에 대해서 제시한다.

• Electronics and Telecommunications Trends
• /
• v.36 no.6
• /
• pp.78-87
• /
• 2021

Information technology (IT) has been applied to various fields, and currently, IT devices and systems are used in very important areas, such as aviation, industry, and national defense. Such devices and systems are subject to various types of malicious attacks, which can be software or hardware based. Compared to software-based attacks, hardware-based attacks are known to be much more difficult to detect. A hardware Trojan horse is a representative example of hardware-based attacks. A hardware Trojan horse attack inserts a circuit into an IC chip. The inserted circuit performs malicious actions, such as causing a system malfunction or leaking important information. This has increased the potential for attack in the current supply chain environment, which is jointly developed by various companies. In this paper, we discuss the future direction of research by introducing attack cases, the characteristics of hardware Trojan horses, and countermeasure trends.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.4
• /
• pp.220-231
• /
• 2002

Trojan-horse programs are the programs that disguise normal and useful programs but do malicious thing to the hosts. This paper proposes an anti-Trojan horse mechanism using the information attached to the code by the developers. In this mechanism, each code is accompanied with the information on their possible accesses to resources, and based on this information users determine whether the code is malicious or not. Even in the case a code is accepted by users due to its non-malicious appearance, its runtime behaviors are monitored and halted whenever any attempts to malicious operations are detected. By hiring such runtime monitoring system, this mechanism enables detecting unknown Trojan horses and reduces the decision-making overhead being compared to the previous monitoring-based approaches. We describe the mechanism in a formal way to show the advantages and the limitations of the security this mechanism provides.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.109-119
• /
• 2020

The FPGAs are semiconductors that can be redesigned after initial fabrication. It is used in various embedded systems such as signal processing, automotive industry, defense and military systems. However, as the complexity of hardware design increases and the design and manufacturing process globalizes, there is a growing concern about hardware trojan inserted into hardware. Many detection methods have been proposed to mitigate this threat. However, existing methods are mostly targeted at IC chips, therefore it is difficult to apply to FPGAs that have different components from IC chips, and there are few detection studies targeting FPGA chips. In this paper, we propose a method to detect hardware trojan by learning the static features of hardware trojan in LUT-level netlist of FPGA using machine learning.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.31-43
• /
• 2014

Large number of Android mobile application has been developed and deployed through the Android open market by increasing android-based smart work device users recently. But, it has been discovered security vulnerabilities on malicious applications that are developed and deployed through the open market or 3rd party market. There are issues to leak user's personal and financial information in mobile devices to external server without the user's knowledge in most of malicious application inserted Trojan Horse forms of malicious code. Therefore, in order to minimize the damage caused by malignant constantly increasing malicious application, it is required a proactive detection mechanism development. In this paper, we analyzed the existing techniques' Pros and Cons to detect a malicious application and proposed discrimination and detection result using malicious application discrimination mechanism based on Jaccard similarity after collecting events occur in real-time execution on android-mobile devices.