• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.795-798
• /
• 2006

최근 소프트웨어의 복잡도가 증가되어감에 따라 소프트웨어 취약점 검출에 대한 정형화된 방법과 자동화된 도구가 필요하게 되었다. 본 논문에서는 기존의 소프트웨어 테스트에서 고려되지 않았던 보안을 고려한 테스트라는 측면에서 자동화된 도구를 이용하여 소스가 없고 바이너리 코드만 있는 경우 결함 주입 기법을 통해 취약점 분석 방법을 보여주며, 윈도우즈 환경에서 사용되는 응용프로그램에 대한 상호 비교를 통해 향후 발생할 취약점에 대한 예방과 회피에 활용 될 사례를 보여주고 있다.

• Transactions of the Korean Society of Automotive Engineers
• /
• v.22 no.3
• /
• pp.68-74
• /
• 2014

As the number of ECUs (Electronic control units) are increasing, reliability and functional stability of a software in an ECU is getting more important. Therefore the application of functional safety standards ISO 26262 is making the software more reliable. Software fault injection test (SFIT) is required as a verification technique for the application of ISO 26262. In case of applying SFIT, an artificial error is injected to inspect the vulnerability of the system which is not easily detected during normal operation. In this paper, the basic concept of SFIT will be examined and the application of SIFT based on ISO26262 will be described.

• Journal of IKEEE
• /
• v.15 no.4
• /
• pp.267-273
• /
• 2011

In hardware design, its stability and reliability are important, because a hardware error can cause serious damages or disaster. To improve stability and reliability, this paper presents the implementation of the hardware verification system using the fault injection method in PC environment. This paper presents a verification platform that can verify hardware system reliably and effectively, through a process to generate faults as well as insert input signals into the actual running system environment. The verification system is configured to connect a PC with a digital I/O card, and it can transmit or receive signals from the target system, as a verifier's intention. In addition, it can generate faults and inject them into the target system. And it can be monitored by displaying the received signals from the target system to the graphical wave signals. We can evaluate its reliability by analyzing the graphical wave signals. In this paper, the proposed verification system has been applied to the FPGA firmware of a nuclear power plant control system. As a result, we found its usefulness and reliability.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.9
• /
• pp.419-428
• /
• 2017

In an embedded system, modules exchange data by interacting among themselves. Exchanging erroneous resource data among modules may lead to execution errors. The interacting resources produce dependencies between the two modules where any change of the resources by one module affects the functionality of another module. Several investigations of the embedded systems show that interaction faults between the modules are one of the major cause of critical software failure. Therefore, interaction testing is an essential phase for reducing the interaction faults and minimizing the risk. The direct and indirect interactions between the modules generate interaction faults. The direct interaction is the explicit call relation between the modules, and the indirect interaction is the remaining relation that is made underneath the interface that possesses data dependence relationship with resources. In this paper, we investigate the errors that are based on the indirect interaction between modules and introduce a new test criterion for identifying the errors that are undetectable by existing approaches at the integration level. We propose a novel approach for generating the interaction model using the indirect interaction pattern and design test criteria that are based on different interaction errors to generate test cases. Finally, we use the fault injection technique to evaluate the feasibility and effectiveness of our approach.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.313-320
• /
• 2007

In this paper, we propose a method to analyze security vulnerabilities of MS word-processor by checking the validation of its input files. That is, this study is to detect some vulnerabilities in the input file of the word processor by analyzing the header information of its input file. This validation test can not be conducted by the existing software fault injection tools including Holodeck and CANVAS. The proposed method can be also applied to identify the input file vulnerabilities of Hangul and Microsoft Excel which handle a data file with a header as an input. Moreover, our method can provide a means for assessing the fault tolerance and trustworthiness of the target software.