• Title/Summary/Keyword: exploit

Search Result 1,236, Processing Time 0.026 seconds

A Secure Operating System Architecture Based on Linux against Communication Offense with Root Exploit for Unmanned Aerial Vehicles

  • Koo, KwangMin;Lee, Woo-yeob;Cho, Sung-Ryung;Joe, Inwhee
    • Journal of Information Processing Systems
    • /
    • v.16 no.1
    • /
    • pp.42-48
    • /
    • 2020
  • This paper proposes an operating system architecture for unmanned aerial vehicle (UAV), which is secure against root exploit, resilient to connection loss resulting in the control loss, and able to utilize common applications used in Linux. The Linux-based UAVs are exposed to root exploit. On the other hand, the microkernel-based UAVs are not able to use the common applications utilized in Linux, even though which is secure against root exploit. For this reason, the proposed architecture uses a virtualized microkernel on the Linux operating system to isolate communication roles and prevent root exploit. As a result, the suggested Operating system is secure against root exploit and is able to utilize the common applications at the same time.

An Analysis Method for Detecting Vulnerability to Symbolic Link Exploit (심볼릭 링크 공격 취약성 검출을 위한 분석 기법)

  • Joo, Seong-Yong;Ahn, Joon-Seon;Jo, Jang-Wu
    • The KIPS Transactions:PartA
    • /
    • v.15A no.1
    • /
    • pp.45-52
    • /
    • 2008
  • In this paper we define a vulnerable code to symbolic link exploit and propose a technique to detect this using program analysis. The existing methods to solve symbolic link exploit is for protecting it, on accessing a temporary file they should perform an investigation whether the file is attacked by symbolic link exploit. If programmers miss the investigation, the program may be revealed to symbolic link exploit. Because our technique detects all the vulnerable codes to symbolic link exploit, it helps programmers keep the program safety. Our technique add two type qualifiers to the existing type system to analyze vulnerable codes to symbolic link exploit, it detects the vulnerable codes using type checking including the added type qualifiers. Our technique detects all the vulnerable codes to symbolic link exploit automatically, it has the advantage of saving costs of modifying and of overviewing all codes because programmers apply the methods protecting symbolic link exploit to only the detected codes as vulnerable. We experiment our analyzer with widely used programs. In our experiments only a portion of all the function fopen() is analyzed as the vulnerabilities to symbolic link exploit. It shows that our technique is useful to diminish modifying codes.

Exploit the method according to the function call (동적 링크를 활용한 특정 함수 호출)

  • OK, Geun Ho;Kang, Young-Jin;Lee, HoonJae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.05a
    • /
    • pp.755-758
    • /
    • 2016
  • In this paper, binary in the program function is to be called binary explain the function in any way to call with in the binary. And the functions required during the call to the elements and their dynamic links in the compilation process and its elements and C-language file describes the concept of 'linker' that connects, and static links and dynamic link Compare analysis differences. Also Do an experiment on Return To Dynamic Linker exploit.

  • PDF

Efficient Use of On-chip Memory through Profile-Driven Array Reorganization

  • Cho, Doosan;Youn, Jonghee
    • IEMEK Journal of Embedded Systems and Applications
    • /
    • v.6 no.6
    • /
    • pp.345-359
    • /
    • 2011
  • In high performance embedded systems, the use of multiple on-chip memories is an essential architectural feature for exploiting inherent parallelism in multimedia applications. This feature allows multiple data accesses to be executed in parallel. However, it remains difficult to effectively exploit of multiple on-chip memories. The successful use of this architecture strongly depends on how to efficiently detect and exploit memory parallelism in target applications. In this paper, we propose a technique based on a linear array access descriptor [1], which is generated from profiled data, to detect and exploit memory parallelism. The proposed technique tackles an array reorganization problem to maximize memory parallelism in multimedia applications. We present preliminary experiments applying the proposed technique onto a representative coarse grained reconfigurable array processor (CGRA) with multimedia kernel codes. Our experimental results demonstrate that our technique optimizes data placement by putting independent data on separate storage. The results exhibit 9.8% higher performance on average compared to the existing method.

Polymorphic Wonn Detection Using A Fast Static Analysis Approach (고속 정적 분석 방법을 이용한 폴리모픽 웹 탐지)

  • Oh, Jin-Tae;Kim, Dae-Won;Kim, Ik-Kyun;Jang, Jong-Soo;Jeon, Yong-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.4
    • /
    • pp.29-39
    • /
    • 2009
  • In order to respond against worms which are malicious programs automatically spreading across communication networks, worm detection approach by generating signatures resulting from analyzing worm-related packets is being mostly used. However, to avoid such signature-based detection techniques, usage of exploits employing mutated polymorphic types are becoming more prevalent. In this paper, we propose a novel static analysis approach for detecting the decryption routine of polymorphic exploit code, Our approach detects a code routine for performing the decryption of the encrypted original code which are contained with the polymorphic exploit code within the network flows. The experiment results show that our approach can detect polymorphic exploit codes in which the static analysis resistant techniques are used. It is also revealed that our approach is more efficient than the emulation-based approach in the processing performance.

A Study on the Improvement and Utilization of Public N-Day Vulnerability Databases (N-day 취약점 데이터베이스 개선 및 활용 방안 연구)

  • JongSeon Jeong;Jungheum Park
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.667-680
    • /
    • 2024
  • If the software is not updated after the vulnerability is disclosed, it can continue to be attacked. As a result, the importance of N-day detection is increasing as attacks that exploit vulnerabilities increase. However, there is a problem that it is difficult to find specific version information in the published vulnerability database, or that the wrong version or software is outputted. There is also a limitation in that the connection between the published vulnerability databases is not good. In order to overcome these limitations, this paper proposes a method of building information including comprehensive vulnerability information such as CVE, CPE, and Exploit Database into an integrated database. Furthermore, by developing a website for searching for vulnerabilities based on an integrated database built as a result of this study, it is effective in detecting and utilizing vulnerabilities in specific software versions and Windows operating systems.

CAWR: Buffer Replacement with Channel-Aware Write Reordering Mechanism for SSDs

  • Wang, Ronghui;Chen, Zhiguang;Xiao, Nong;Zhang, Minxuan;Dong, Weihua
    • ETRI Journal
    • /
    • v.37 no.1
    • /
    • pp.147-156
    • /
    • 2015
  • A typical solid-state drive contains several independent channels that can be operated in parallel. To exploit this channel-level parallelism, a variety of works proposed to split consecutive write sequences into small segments and schedule them to different channels. This scheme exploits the parallelism but breaks the spatial locality of write traffic; thus, it is able to significantly degrade the efficiency of garbage collection. This paper proposes a channel-aware write reordering (CAWR) mechanism to schedule write requests to different channels more intelligently. The novel mechanism encapsulates correlated pages into a cluster beforehand. All pages belonging to a cluster are scheduled to the same channels to exploit spatial locality, while different clusters are scheduled to different channels to exploit the parallelism. As CAWR covers both garbage collection and I/O performance, it outperforms existing schemes significantly. Trace-driven simulation results demonstrate that the CAWR mechanism reduces the average response time by 26% on average and decreases the valid page copies by 10% on average, while achieving a similar hit ratio to that of existing mechanisms.

Determinants of Utilization & Satisfaction for the Exploit of Community Centers in Rural Area (농촌지역 마을회관 이용 활용도와 만족도에 관한 결정요인 분석)

  • Lee, Byoung-Hoon;Kim, Dong-Weon;Park, Hye-Jin;Yun, Yeong-Seok
    • Journal of Korean Society of Rural Planning
    • /
    • v.18 no.4
    • /
    • pp.27-34
    • /
    • 2012
  • The purpose of this study is to analyze the community center users' the determinants of utilization & satisfaction for the exploit and to draw out the implication as to what are the influencing factors. The ordered logit model approach was used to examine the determinants. For the use of community center, we surveyed by mail subjecting on rural residents for one month, June 2012, analyzed 625 valid questionnaires. The findings are as follows. First, 'Facility-Satisfaction', 'Education', 'Exploit-Frequency' and 'Age' are the most important factors which affect users' satisfaction. Second, 'A meeting hall function', 'Cultural & Educational function', 'Social & Organizational function', and 'functional criticality function' influence the attributes of users' utilization. Therefore, it is needed to establish the various functions of community center and to prepare the vitalization plan in futuristic viewpoint reflecting the change of rural area. In addition, since there is no clear entity to supervise community center administratively, policy support system to community center should be equipped. Along with these, it is needed to develop managing and operation model for customized community center.

A Study of The ROK's Defense Exporting Strategies (한국의 방산수출 전략 연구)

  • Lee, Pil-Jung
    • Journal of National Security and Military Science
    • /
    • s.9
    • /
    • pp.141-190
    • /
    • 2011
  • Defense industry as 'a new dynamics of economic growth' policy implies driving policy of defense products' export. The purpose of this study is to suggest suitable strategies to meet with such policy in terms of region and individual nation. The strategies towards advanced region are joint sale strategy for the third countries, extension strategy of trade-off and development strategy of products to exploit niche markets. The strategies towards non-advanced regions are package strategy including exchange of economic development know-how, strengthening strategy of relationships to leading groups in national decision-making processes, exploit strategy of sales market through transfer discard and surplus equipments to other nations, government to government sale strategy towards countries holding low leveled equipment maintaining and management abilities. Finally, successive strategies require leaders' will, active sales diplomacy and active international cooperations of defense industry.

  • PDF

A New Method of Profit Maximization Based on the Theory of Constraints (제약이론 기반의 기업이익 최적화 방법론)

  • Moon, Je-Chang;Rim, Suk-Chul
    • IE interfaces
    • /
    • v.14 no.4
    • /
    • pp.356-364
    • /
    • 2001
  • Production Improvement Method in TOC consists of five steps, but it is very difficult for most firms to implement it because it lacks the detailed methods at each step. This paper suggests some of detailed methods to implement the TOC. In the first step, computer simulation is used to identify the constraints in production lines. Subsequently, ASP, AUT, and CM calculation are defined for the second step, which are helpful to exploit the company's constraints. We also suggest the OEE method to effectively exploit the constraints of production lines in the factory. Finally the TOC/OEE procedure is suggested to optimize the investment in the fourth step. As an illustrative example, we introduce a case of a wafer manufacturer to adopt the suggested methods. The benefits of implementating the suggested methods are addressed in the framework of the balanced scorecard.

  • PDF