• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.9
• /
• pp.399-404
• /
• 2013

MSEC(Microsoft Security Engineering Center) performed fuzz testing Windows Vista with 350 million test cases for 14 months before launching it. They analyzed crashes resulted from the testing and developed crash analyzer !exploitable based on the data used to determine exploitability. In this paper, we describe how MS crash analyzer determines exploitability of crashes. Besides, we suggest an improvement to overcome the limitations found in the MS crash analyzer during the analysis.

• KIISE Transactions on Computing Practices
• /
• v.22 no.4
• /
• pp.178-183
• /
• 2016

To enhance the reliability of programs, developers use fuzzing tools in test processes to identify vulnerabilities so that they can be fixed ahead of time. In this case, the developers consider the security-related vulnerabilities to be the most critical ones that should be urgently fixed to avoid possible exploitation by attackers. However, developers without much experience of analysis of vulnerabilities usually rely on tools to pick out the security-related crashes from the normal crashes. In this paper, we suggest a static analysis-based tool to help developers to make their programs more reliable by identifying security-related crashes among them. This paper includes experimental results, and compares them to the results from MSEC !exploitable for the same sets of crashes.

• Annual Conference of KIPS
• /
• 2019.05a
• /
• pp.324-327
• /
• 2019

소프트웨어의 비정상적인 작동인 크래시는 보안 취약점의 원인이 된다. 이러한 크래시로부터 야기되는 취약점을 예방하기 위해 다양한 테스트케이스를 생성하고 크래시를 발견 및 분석하는 연구가 지속되고 있다. 본 논문에서는 북한 소프트웨어 서광사무처리체계에서 사용하는 국제 사무용 전자문서 형식인 Open Document Format for Office Application (ODF)의 워드프로세스 문서 형태인 ODT파일의 효과적인 보안 테스트케이스를 찾기 위해 먼저 테스트케이스를 도출한다. 도출된 테스트케이스를 데이터 전처리한 후 Feature Selection 기법을 적용하여 의미 있는 속성들을 분류한다. 마지막으로 ODT 파일 내에 크래시를 유발하는 유의미한 속성들을 확인하고 퍼징 테스트케이스 작성 시 메트릭으로 활용할 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.587-604
• /
• 2021

Because the library cannot be run independently and used by many applications, it is important to detect vulnerabilities in the library. Fuzzing, which is a dynamic analysis, is used to discover vulnerabilities for the library. Although this fuzzing technique shows excellent results in terms of code coverage and unique crash counts, it is difficult to apply its effects to library fuzzing. In particular, a fuzzing executable and a seed corpus are needed that execute the library code by calling a specific function sequence and passing the input of the fuzzer to reproduce the various states of the library. Generating the fuzzing environment such as fuzzing executable and a seed corpus is challenging because it requires both understanding about the library and fuzzing knowledge. We propose a novel method to improve the ease of library fuzzing and enhance code coverage and crash detection performance by using a test framework. The systems's performance in this paper was applied to nine open-source libraries and was verified through comparison with previous studies.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.6
• /
• pp.541-547
• /
• 2019

Recent developments in hacking technology are continuing to increase the number of new security vulnerabilities. Approximately 80,000 new vulnerabilities have been registered in the Common Vulnerability Enumeration (CVE) database, which is a representative vulnerability database, from 2010 to 2015, and the trend is gradually increasing in recent years. While security vulnerabilities are growing at a rapid pace, responses to security vulnerabilities are slow to respond because they rely on manual analysis. To solve this problem, there is a need for a technology that can automatically detect and patch security vulnerabilities and respond to security vulnerabilities in advance. In this paper, we propose the technology to extract the features of the vulnerability-discovery target binary through complexity analysis, and select a vulnerability-discovery strategy suitable for the feature and automatically explore the vulnerability. The proposed technology was compared to the AFL, ANGR, and Driller tools, with about 6% improvement in code coverage, about 2.4 times increase in crash count, and about 11% improvement in crash incidence.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.97-101
• /
• 2019

If the operating system's core file contains an Intel PT, the debugger can not only check the program state at the time of the crash, but can also reconfigure the control flow that caused the crash. We can also extend the execution trace scope to the entire system to debug kernel panics and other system hangs. The second-generation PT, the WinIPT library, includes an Intel PT driver with additional code to run process and core-specific traces through the IOCTL and registry mechanisms provided by Windows 10 (RS5). In other words, the PT trace information, which was limited access only by the first generation PT, can be executed by process and core by the IOCTL and registry mechanism provided by the operating system in the second generation PT. In this paper, we compare and describe methods for collecting, storing, decoding and detecting malicious codes of data packets in a window environment using 1/2 generation PT.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06c
• /
• pp.510-515
• /
• 2007

더 이상 사용되지 않는 메모리가 계속해서 유지되는 것을 메모리 누수라고 한다. 메모리 누수가 발생하면 메모리 낭비가 누적되기 때문에 시스템의 성능이 저하되고 궁극적으로 시스템 크래시(crash)가 발생 할 수 있다. 본 논문에서는 이러한 메모리 누수를 검출하기 위하여 참조 계수 기법을 이용한다. 참조계수 기법을 이용하면 메모리 누수의 발생 여부뿐만 아니라 메모리 누수 발생시점에 대한 정보까지 제공할 수 있어 디버깅이 용이해진다. 그리고 본 논문에서 제안한 기법을 구현한 도구를 이용하여 사례연구를 수행한다. 사례 연구 분석을 통하여 본 연구에서 제안한 기법이 정확하게 메모리 누수를 검출하고 디버깅에 유용한 정보를 제공할 수 있다는 것을 보인다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.5
• /
• pp.2457-2464
• /
• 2013

In this paper, we design and analyze a mutual exclusion algorithm, based on the Token and Failure detector, in asynchronous distributed systems. A Failure Detector is an independent module that detects and reports crashes of other processes. There are some of advantages in rewriting the Token-based ME algorithm using a Failure Detector. We show that the Token-based ME algorithm, when using Failure Detector, is more effectively implemented than the classic Token-based ME algorithm for synchronous distributed systems.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.5
• /
• pp.119-126
• /
• 2019

Typical software developed and used by North Korea is Red Star and internal application software. However, most of the existing research on the North Korean software is the software installation method and general execution screen analysis. One of the ways to identify software vulnerabilities is file fuzzing, which is a typical method for identifying security vulnerabilities. In this paper, we use file fuzzing to analyze the security vulnerability of the software used in North Korea's Seogwang Document Processing System. At this time, we propose the analysis of open document text (ODT) file produced by Seogwang Document Processing System, extraction of node based on Document Object Mode (DOM) to determine test target, and generation of mutation file through insertion and substitution, this increases the number of crash detections at the same testing time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.275-285
• /
• 2019

Web-assemblies are a new binary standard designed to improve the performance of Web browser JavaScript. Web-assemblies are becoming a new web standard that can run at near native speed with efficient execution, concise representation, and code written in multiple languages. However, current Web-assembly vulnerability verification is limited to the Web assembly interpreter language, and vulnerability verification of Web-assembly binary itself is insufficient. Therefore, it is necessary to verify the safety of the web assembly itself. In this paper, we analyze how to operate the web assembly and verify the safety of the current web-assembly. In addition, we examine vulnerability of existing web -assembly and analyze limitations according to existing safety verification method. Finally, we introduce web-assembly API based fuzzing method to overcome limitation of web-assembly safety verification method. This verifies the effectiveness of the proposed Fuzzing by detecting crashes that could not be detected by existing safety verification tools.