• Title/Summary/Keyword: source-level vulnerability

Search Result 22, Processing Time 0.02 seconds

A Study on the Design of Security Metrics for Source Code (소스코드의 보안성 메트릭 설계에 관한 연구)

  • Seo, Dong-Su
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.6
    • /
    • pp.147-155
    • /
    • 2010
  • It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.

A study on Dirty Pipe Linux vulnerability

  • Tanwar, Saurav;Kim, Hee Wan
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.14 no.3
    • /
    • pp.17-21
    • /
    • 2022
  • In this study, we wanted to examine the new vulnerability 'Dirty Pipe' that is founded in Linux kernel. how it's exploited and what is the limitation, where it's existed, and overcome techniques and analysis of the Linux kernel package. The study of the method used the hmark[1] program to check the vulnerabilities. Hmark is a whitebox testing tool that helps to analyze the vulnerability based on static whitebox testing and automated verification. For this purpose of our study, we analyzed Linux kernel code that is downloaded from an open-source website. Then by analyzing the hmark tool results, we identified in which file of the kernel it exists, cvss level, statistically depicted vulnerabilities on graph which is easy to understand. Furthermore, we will talk about some software we can use to analyze a vulnerability and how hmark software works. In the case of the Dirty Pipe vulnerability in Linux allows non-privileged users to execute malicious code capable of a host of destructive actions including installing backdoors into the system, injecting code into scripts, altering binaries used by elevated programs, and creating unauthorized user profiles. This bug is being tracked as CVE-2022-0847 and has been termed "Dirty Pipe"[2] since it bears a close resemblance to Dirty Cow[3], and easily exploitable Linux vulnerability from 2016 which granted a bad actor an identical level of privileges and powers.

Detecting TOCTOU Race Condition on UNIX Kernel Based File System through Binary Analysis (바이너리 분석을 통한 UNIX 커널 기반 File System의 TOCTOU Race Condition 탐지)

  • Lee, SeokWon;Jin, Wen-Hui;Oh, Heekuck
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.4
    • /
    • pp.701-713
    • /
    • 2021
  • Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.

A Study on the Development of DevSecOps through the Combination of Open Source Vulnerability Scanning Tools and the Design of Security Metrics (오픈소스 취약점 점검 도구 및 종합 보안 메트릭 설계를 통한 DevSecOps 구축방안 연구)

  • Yeonghae Choi;Hyeongjun Noh;Seongyun Cho;Hanseong Kang;Dongwan Kim;Suhyun Park;Minjae Cho;Juhyung Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.4
    • /
    • pp.699-707
    • /
    • 2023
  • DevSecOps is a concept that adds security procedures to the operational procedures of DevOps to respond to the short development and operation cycle. Multi-step vulnerability scanning process should be considered to provide reliable security while supporting rapid development and deployment cycle in DevSecOps. Many open-source vulnerability scanning tools available can be used for each stage of scanning, but there are difficulties in evaluating the security level and identifying the importance of information in integrated operation due to the various functions supported by the tools and different security results. This paper proposes an integrated security metric design plan for scurity results and the combination of open-source scanning tools that can be used in security stage when building the open-source based DevSecOps system.

Earthquake risk assessment methods of unreinforced masonry structures: Hazard and vulnerability

  • Preciado, Adolfo;Ramirez-Gaytan, Alejandro;Salido-Ruiz, Ricardo A.;Caro-Becerra, Juan L.;Lujan-Godinez, Ramiro
    • Earthquakes and Structures
    • /
    • v.9 no.4
    • /
    • pp.719-733
    • /
    • 2015
  • Seismic risk management of the built environment is integrated by two main stages, the assessment and the remedial measures to attain its reduction, representing both stages a complex task. The seismic risk of a certain structure located in a seismic zone is determined by the conjunct of the seismic hazard and its structural vulnerability. The hazard level mainly depends on the proximity of the site to a seismic source. On the other hand, the ground shaking depends on the seismic source, geology and topography of the site, but definitely on the inherent earthquake characteristics. Seismic hazard characterization of a site under study is suggested to be estimated by a combination of studies with the history of earthquakes. In this Paper, the most important methods of seismic vulnerability evaluation of buildings and their application are described. The selection of the most suitable method depends on different factors such as number of buildings, importance, available data and aim of the study. These approaches are classified in empirical, analytical, experimental and hybrid. For obtaining more reliable results, it is recommends applying a hybrid approach, which consists of a combination between methods depending on the case. Finally, a recommended approach depending on the building importance and aim of the study is described.

Attack Detection Technology through Log4J Vulnerability Analysis in Cloud Environments (클라우드 환경에서 Log4J 취약점 분석을 통한 공격 탐지 기술)

  • Byeon, Jungyeon;Lee, Sanghee;Yoo, Chaeyeon;Park, Wonhyung
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2022.05a
    • /
    • pp.557-559
    • /
    • 2022
  • The use of open source has the advantage that the development environment is convenient and maintenance is easier, but there is a limitation in that it is easy to be exposed to vulnerabilities from a security point of view. In this regard, the LOG4J vulnerability, which is an open source logging library widely used in Apache, was recently discovered. Currently, the risk of this vulnerability is at the 'highest' level, and developers are using it in many systems without being aware of such a problem, so there is a risk that hacking accidents due to the LOG4J vulnerability will continue to occur in the future. In this paper, we analyze the LOG4J vulnerability in detail and propose a SNORT detection policy technology that can detect vulnerabilities more quickly and accurately in the security control system. Through this, it is expected that in the future, security-related beginners, security officers, and companies will be able to efficiently monitor and respond quickly and proactively in preparation for the LOG4J vulnerability.

  • PDF

A Source-Level Discovery Methodology for Vulnerabilities of Linux Kernel Variables (리눅스 커널 변수 취약성에 대한 소스레벨 발견 방법론)

  • Ko Kwangsun;Kang Yong-hyeog;Eom Young Ik;Kim Jaekwang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.6
    • /
    • pp.13-25
    • /
    • 2005
  • In these days, there are various uses of Linux such as small embedded systems, routers, and huge servers, because Linux gives several advantages to system developers by allowing to use the open source code of the Linux kernel. On the other hand, the open source nature of the Linux kernel gives a bad influence on system security. If someone wants to exploit Linux-based systems, the attacker can easily do it by finding vulnerabilities of their Linux kernel sources. There are many kinds of existing methods for lading source-level vulnerabilities of softwares, but they are not suitable for finding source-level vulnerabilities of the Linux kernel which has an enormous amount of source code. In this paper, we propose the Onion mechanism as a methodology of finding source-level vulnerabilities of Linux kernel variables. The Onion mechanism is made up of two steps. The Int step is to select variables that may be vulnerable by using pattern matching mechanism and the second step is to inspect vulnerability of each selected variable by constructing and analyzing the system call trees. We also evaluate our proposed methodology by applying it to two well-known source-level vulnerabilities.

A Out-of-Bounds Read Vulnerability Detection Method Based on Binary Static Analysis (바이너리 정적 분석 기반 Out-of-Bounds Read 취약점 유형 탐지 연구)

  • Yoo, Dong-Min;Jin, Wen-Hui;Oh, Heekuck
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.4
    • /
    • pp.687-699
    • /
    • 2021
  • When a vulnerability occurs in a program, it is documented and published through CVE. However, some vulnerabilities do not disclose the details of the vulnerability and in many cases the source code is not published. In the absence of such information, in order to find a vulnerability, you must find the vulnerability at the binary level. This paper aims to find out-of-bounds read vulnerability that occur very frequently among vulnerability. In this paper, we design a memory area using memory access information appearing in binary code. Out-of-bounds Read vulnerability is detected through the designed memory structure. The proposed tool showed better in code coverage and detection efficiency than the existing tools.

A Study on Web Vulnerability Risk Assessment Model Based on Attack Results: Focused on Cyber Kill Chain (공격 결과 기반의 웹 취약점 위험도 평가 모델 연구: 사이버 킬체인 중심으로)

  • Jin, Hui Hun;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.4
    • /
    • pp.779-791
    • /
    • 2021
  • Common web services have been continuously targeted by hackers due to an access control policy that must be allowed to an unspecified number of people. In order to cope with this situation, companies regularly check web vulnerabilities and take measures according to the risk of discovered vulnerabilities. The risk of these web vulnerabilities is calculated through preliminary statistics and self-evaluation of domestic and foreign related organizations. However, unlike static diagnosis such as security setting and source code, web vulnerability check is performed through dynamic diagnosis. Even with the same vulnerability item, various attack results can be derived, and the degree of risk may vary depending on the subject of diagnosis and the environment. In this respect, the predefined risk level may be different from that of the actual vulnerability. In this paper, to improve this point, we present a web vulnerability risk assessment model based on the attack result centering on the cyber kill chain.

Implementation of a Static Analyzer for Detecting the PHP File Inclusion Vulnerabilities (PHP 파일 삽입 취약성 검사를 위한 정적 분석기의 구현)

  • Ahn, Joon-Seon;Lim, Seong-Chae
    • The KIPS Transactions:PartA
    • /
    • v.18A no.5
    • /
    • pp.193-204
    • /
    • 2011
  • Since web applications are accessed by anonymous users via web, more security risks are imposed on those applications. In particular, because security vulnerabilities caused by insecure source codes cannot be properly handled by the system-level security system such as the intrusion detection system, it is necessary to eliminate such problems in advance. In this paper, to enhance the security of web applications, we develop a static analyzer for detecting the well-known security vulnerability of PHP file inclusion vulnerability. Using a semantic based static analysis, our vulnerability analyzer guarantees the soundness of the vulnerability detection and imposes no runtime overhead, differently from the other approaches such as the penetration test method and the application firewall method. For this end, our analyzer adopts abstract interpretation framework and uses an abstract analysis domain designed for the detection of the target vulnerability in PHP programs. Thus, our analyzer can efficiently analyze complicated data-flow relations in PHP programs caused by extensive usage of string data. The analysis results can be browsed using a JAVA GUI tool and the memory states and variable values at vulnerable program points can also be checked. To show the correctness and practicability of our analyzer, we analyzed the source codes of open PHP applications using the analyzer. Our experimental results show that our analyzer has practical performance in analysis capability and execution time.