• Title/Summary/Keyword: Vulnerability of Code

Search Result 153, Processing Time 0.028 seconds

A Software Vulnerability Analysis System using Learning for Source Code Weakness History (소스코드의 취약점 이력 학습을 이용한 소프트웨어 보안 취약점 분석 시스템)

  • Lee, Kwang-Hyoung;Park, Jae-Pyo
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.18 no.11
    • /
    • pp.46-52
    • /
    • 2017
  • Along with the expansion of areas in which ICT and Internet of Things (IoT) devices are utilized, open source software has recently expanded its scope of applications to include computers, smart phones, and IoT devices. Hence, as the scope of open source software applications has varied, there have been increasing malicious attempts to attack the weaknesses of open source software. In order to address this issue, various secure coding programs have been developed. Nevertheless, numerous vulnerabilities are still left unhandled. This paper provides some methods to handle newly raised weaknesses based on the analysis of histories and patterns of previous open source vulnerabilities. Through this study, we have designed a weaknesses analysis system that utilizes weakness histories and pattern learning, and we tested the performance of the system by implementing a prototype model. For five vulnerability categories, the average vulnerability detection time was shortened by about 1.61 sec, and the average detection accuracy was improved by 44%. This paper can provide help for researchers studying the areas of weaknesses analysis and for developers utilizing secure coding for weaknesses analysis.

Seismic pounding effects on adjacent buildings in series with different alignment configurations

  • Abdel Raheem, Shehata E.;Fooly, Mohamed Y.M.;Abdel Shafy, Aly G.A.;Abbas, Yousef A.;Omar, Mohamed;Abdel Latif, Mohamed M.S.;Mahmoud, Sayed
    • Steel and Composite Structures
    • /
    • v.28 no.3
    • /
    • pp.289-308
    • /
    • 2018
  • Numerous urban seismic vulnerability studies have recognized pounding as one of the main risks due to the restricted separation distance between neighboring structures. The pounding effects on the adjacent buildings could extend from slight non-structural to serious structural damage that could even head to a total collapse of buildings. Therefore, an assessment of the seismic pounding hazard to the adjacent buildings is superficial in future building code calibrations. Thus, this study targets are to draw useful recommendations and set up guidelines for potential pounding damage evaluation for code calibration through a numerical simulation approach for the evaluation of the pounding risks on adjacent buildings. A numerical simulation is formulated to estimate the seismic pounding effects on the seismic response demands of adjacent buildings for different design parameters that include: number of stories, separation distances; alignment configurations, and then compared with nominal model without pounding. Based on the obtained results, it has been concluded that the severity of the pounding effects depends on the dynamic characteristics of the adjacent buildings and the input excitation characteristics, and whether the building is exposed to one or two-sided impacts. Seismic pounding among adjacent buildings produces greater acceleration and shear force response demands at different story levels compared to the no pounding case response demands.

A Study on the Static Eccentricities of Buildings Designed by Different Design Eccentricities (설계편심의 크기에 따른 비틀림 비정형 건물의 최종 정적편심 크기의 비교에 관한 연구)

  • Lee, Kwang-Ho;Jeong, Seoung-Hoon
    • Journal of the Earthquake Engineering Society of Korea
    • /
    • v.16 no.5
    • /
    • pp.33-40
    • /
    • 2012
  • To reduce the vulnerability of torsional irregular buildings caused by seismic loads, the torsional amplification factor was introduced by the seismic code. This factor has been applied differently in a variety of seismic codes. In this study, the final static eccentricity, and the lateral and torsional stiffness ratios of buildings designed with different design eccentricities were compared. The increment of the torsional amplification factor resulted in a decrement of the final static eccentricity of the building. However, after reaching the maximum value of this factor, the final static eccentricity of the building increased again. The final static eccentricity of the building designed by multiplying the sum of the inherent and accidental eccentricity by the torsional amplification factor was zero or had a minus value, depending to the position of the vertical element.

A Development of Analysis Tool and the Analysis of Vulnerabilities on the Program Source Code (프로그램 소스코드 취약성 분석 및 분석도구의 개발)

  • 하경휘;최진우;우종우;김홍철;박상서
    • Convergence Security Journal
    • /
    • v.4 no.2
    • /
    • pp.27-34
    • /
    • 2004
  • The recent explosive use of the Internet and the development of computer communication technologies reveal serious computer security problem. Inspite of many studies on secure access to the system, generally, the attackers do not use the previous intrusion techniques or network flaw, rather they tend to use the vulnerabilities residing inside the program, which are the running programs on the system or the processes for the service. Therefore, the security managers must focus on updating the programs with lots of time and efforts. Developers also need to patch continuously to update the Program, which is a lot of burden for them. In order to solve the problem, we need to understand the vulnerabilities in the program, which has been studied for some time. And also we need to analyze the functions that contains some vulnerabilities inside. In this paper, we first analyzed the vulnerabilities of the standard C library, and Win32 API functions used in various programs. And then we described the design and implementation of the automated scanning tool for writing secure source code based on the analysis.

  • PDF

Software-based Encryption Pattern Bootstrap for Secure Execution Environment (보안 실행 환경을 위한 소프트웨어 기반의 암호화 패턴 부트스트랩)

  • Choi, Hwa-Soon;Lee, Jae-Heung
    • Journal of IKEEE
    • /
    • v.16 no.4
    • /
    • pp.389-394
    • /
    • 2012
  • Most current systems have ignored security vulnerability concerned with boot firmware. It is highly likely that boot firmware may cause serious system errors, such as hardware manipulations by malicious programs or code, the operating system corruption caused by malicious code and software piracy under a condition of no consideration of security mechanism because boot firmware has an authority over external devices as well as hardware controls. This paper proposed a structural security mechanism based on software equipped with encrypted bootstrap patterns different from pre-existing bootstrap methods in terms of securely loading an operating system, searching for malicious codes and preventing software piracy so as to provide reliability of boot firmware. Moreover, through experiments, it proved its superiority in detection capability and overhead ranging between 1.5 % ~ 3 % lower than other software security mechanisms.

Meltdown Threat Dynamic Detection Mechanism using Decision-Tree based Machine Learning Method (의사결정트리 기반 머신러닝 기법을 적용한 멜트다운 취약점 동적 탐지 메커니즘)

  • Lee, Jae-Kyu;Lee, Hyung-Woo
    • Journal of Convergence for Information Technology
    • /
    • v.8 no.6
    • /
    • pp.209-215
    • /
    • 2018
  • In this paper, we propose a method to detect and block Meltdown malicious code which is increasing rapidly using dynamic sandbox tool. Although some patches are available for the vulnerability of Meltdown attack, patches are not applied intentionally due to the performance degradation of the system. Therefore, we propose a method to overcome the limitation of existing signature detection method by using machine learning method for infrastructures without active patches. First, to understand the principle of meltdown, we analyze operating system driving methods such as virtual memory, memory privilege check, pipelining and guessing execution, and CPU cache. And then, we extracted data by using Linux strace tool for detecting Meltdown malware. Finally, we implemented a decision tree based dynamic detection mechanism to identify the meltdown malicious code efficiently.

A Robust Biometric-based User Authentication Protocol in Wireless Sensor Network Environment (무선센서네트워크 환경에서 생체기반의 개선된 사용자 인증 프로토콜)

  • Shin, Kwang-Cheul
    • The Journal of Society for e-Business Studies
    • /
    • v.18 no.3
    • /
    • pp.107-123
    • /
    • 2013
  • In a wireless sensor network environment, it is required to ensure anonymity by keeping sensor nodes' identifiers not being revealed and to support real-time authentication, lightweight authentication and synchronization. In particular, there exist possibilities of location information leakage by others, privacy interference and security vulnerability when it comes to wireless telecommunications. Anonymity has been an importance issue in wired and wireless network environment, so that it has been studied in wide range. The sensor nodes are interconnected among them based on wireless network. In terms of the sensor node, the researchers have been emphasizing on its calculating performance limit, storage device limit, and smaller power source. To improve of biometric-based D. He scheme, this study proposes a real-time authentication protocol using Unique Random Sequence Code(URSC) and variable identifier for enhancing network performance and retaining anonymity provision.

A Study on Cybersecurity Risk Assessment in Maritime Sector (해상분야 사이버보안 위험도 분석)

  • Yoo, Yun-Ja;Park, Han-Seon;Park, Hye-Ri;Park, Sang-Won
    • Proceedings of the Korean Institute of Navigation and Port Research Conference
    • /
    • 2019.11a
    • /
    • pp.134-136
    • /
    • 2019
  • The International Maritime Organization (IMO) issued 2017 Guidelines on maritime cyber risk management. In accordance with IMO's maritime cyber risk management guidelines, each flag State is required to comply with the Safety Management System (SMS) of the International Safety Management Code (ISM) that the cyber risks should be integrated and managed before the first annual audit following January 1, 2021. In this paper, to identify cyber security management targets and risk factors in the maritime sector and to conduct vulnerability analysis, we catagorized the cyber security sector in management, technical and physical sector in maritime sector based on the industry guidelines and international standards proposed by IMO. In addition, the Risk Matrix was used to conduct a qualitative risk assessment according to risk factors by cyber security sector.

  • PDF

Methodology for investigating the behavior of reinforced concrete structures subjected to post earthquake fire

  • Behnam, Behrouz;Ronagh, Hamid R.;Baji, Hassan
    • Advances in concrete construction
    • /
    • v.1 no.1
    • /
    • pp.29-44
    • /
    • 2013
  • Post earthquake fire (PEF) can lead to the collapse of buildings that are partially damaged in a prior ground-motion that occurred immediately before the fire. The majority of standards and codes for the design of structures against earthquake ignore the possibility of PEF and thus buildings designed with those codes could be too weak when subjected to a fire after an earthquake. An investigation based on sequential analysis inspired by FEMA356 is performed here on the Life-Safety performance level of structures designed to the ACI 318-08 code after they are subjected to two different earthquake levels with PGA of 0.35 g and 0.25 g. This is followed by a four-hour fire analysis of the weakened structure, from which the time it takes for the weakened structure to collapse is calculated. As a benchmark, the fire analysis is also performed for undamaged structure and before occurrence of earthquake. The results show that the vulnerability of structures increases dramatically when a previously damaged structure is exposed to PEF. The results also show the damaging effects of post earthquake fire are exacerbated when initiated from second and third floor. Whilst the investigation is for a certain class of structures (regular building, intermediate reinforced structure, 3 stories), the results confirm the need for the incorporation of post earthquake fire in the process of analysis and design and provides some quantitative measures on the level of associated effects.

Post-earthquake fire performance-based behavior of reinforced concrete structures

  • Behnama, Behrouz;Ronagh, Hamid R.
    • Earthquakes and Structures
    • /
    • v.5 no.4
    • /
    • pp.379-394
    • /
    • 2013
  • Post-earthquake fire (PEF) can lead to a rapid collapse of buildings damaged partially as a result of prior earthquake. Almost all standards and codes for the design of structures against earthquake ignore the risk of PEF, and thus buildings designed using those codes could be too weak when subjected to a fire after an earthquake. An investigation based on sequential analysis inspired by FEMA356 is performed here on the Immediate Occupancy, Life Safety and Collapse Prevention performance levels of structures, designed to the ACI 318-08 code, after they are subjected to an earthquake level with PGA of 0.35g. This investigation is followed by a fire analysis of the damaged structures, examining the time taken for the damaged structures to collapse. As a point of reference, a fire analysis is also performed for undamaged structures and before the occurrence of earthquake. The results indicate that the vulnerability of structures increases dramatically when a previously damaged structure is exposed to PEF. The results also show that the damaging effects of post-earthquake fire are exacerbated when initiated from the second and third floor. Whilst the investigation is made for a certain class of structures (conventional buildings, intermediate reinforced structure, 3 stories), the results confirm the need for the incorporation of post-earthquake fire into the process of analysis and design, and provides some quantitative measures on the level of associated effects.