• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10a
• /
• pp.635-637
• /
• 2000

Linux는 다양한 하드웨어 플랫폼을 지원하며, 강력한 네트워크 지원 기능, 다양한 형식의 파일시스템 지원 기능 등 높은 성능을 자랑한다. 그러나, 소스코드의 공개로 인하여 많은 보안상의 취약성을 내포하고 있으며, 최근 이를 이용한 해킹사고가 많이 발생하고 있다. 본 논문에서는 Linux상에 상존하는 보안 취약성을 조사하고, 보안 요구사항을 도출하며, 최근 해킹의 상당부분을 차지하고 있는 Buffer Overflow 공격 방지를 위한 방안으로 커널 수정을 통해 Secure Linux를 개발하고자 한다.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.385-390
• /
• 2001

In this paper, we describe a blocking method of buffer overflow attack for secure operating system. Our team developed secure operating system using MAC and ACL access control added on Linux kernel. We describe secure operating system (SecuROS) and standardized Secure utility and library. A working prototype able to detect and block buffer overflow attack is available.

• Journal of KIISE:Information Networking
• /
• v.31 no.1
• /
• pp.20-26
• /
• 2004

A congestion control algorithm to prevent buffer overflow in MSR(Mobility Support Router) for I-TCP is proposed. Due to high bit error rate and frequent hand-offs over wireless environment, the current congestion control scheme in TCP Reno over mixed(wired and wireless) network exhibits lower throughput than the throughput achieved over wired only network. I-TCP has been proposed to address this by splitting a TCP connection into two TCP connections over wired section and wireless section, respectively. However, buffer overflow in MSR may occur whenever there are excessive bit errors or frequent hand-offs. This may lead to the loss of packets acked by MSR(resident in buffer) to the sender, but not received by the receiver, breaking TCP end-to-end semantics. In this Paper, a new scheme is proposed to prevent the MSR buffer from overflow by introducing “flow control” between the sender and the MSR. Advertised window for the TCP connection between the sender and the MSR is tied to the remaining MSR buffer space, controlling the flow of packets to the MSR buffer before overflow occurs.

• Journal of KIISE:Software and Applications
• /
• v.37 no.12
• /
• pp.942-945
• /
• 2010

In order to reduce the efforts to inspect the reported alarms from a static buffer overflow analyzer, we present an effective method to filter out redundant alarms. In the static analysis, a sequence of multiple alarms are frequently found due to the same cause in the code. In such a case, it is sufficient and reasonable for programmers to examine the first alarm instead of the entire alarms in the same sequence. Based on this observation, we devise a buffer overflow analysis that filters out redundant alarms with our context refinement technique. Our experiment with several open source programs shows that our method reduces the reported alarms by 23% on average.

• The KIPS Transactions:PartC
• /
• v.9C no.4
• /
• pp.453-458
• /
• 2002

Recently, the number of hacking, that use buffer overflow vulnerabilities, are increasing. Although the buffer overflow Problem has been known for a long time, for the following reasons, it continuos to present a serious security threat. There are three defense method of buffer overflow attack. First, allow overwrite but do not allow unauthorized change of control flow. Second, do not allow overwriting at all. Third, allow change of control flow, but prevents execution of injected code. This paper is for allowing overwrites but do not allow unauthorized change of control flow which is the solution of extending compiler. The previous defense method has two defects. First, a program company with overhead because it do much thing before than applying for the method In execution of process. Second, each time function returns, it store return address in reserved memory created by compiler. This cause waste of memory too much. The new proposed method is to extend compiler, by processing after compiling and linking time. To complement these defects, we can reduce things to do in execution time. By processing additional steps after compile/linking time and before execution time. We can reduce overhead.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.10a
• /
• pp.129-132
• /
• 2000

버퍼넘침(buffer overflow)은 특정 프로그램 언어에서 발생하는 배열의 경계파괴 현상을 말한다. 그 대표적인 언어로서 C/C++을 들 수 있는데. 이들 언어는 기본적으로 스트링(문자열)을 정의함에 있어서 크기속성을 배제하고 끝을 의미하는 종료문자(delimiter character. NULL)를 사용함으로써 배열(버퍼)의 경계침범 가능성을 허용하고 있다. 이 때 스택영역에 할당된 버퍼가 넘친다면, 주변에 위치한 지역변수, 레지스터 보관, 복귀주소 둥의 값이 변질되어 원래의 의도된 제어흐름을 보장할 수 없게 된다. 특히 복귀주소 부분을 의도적으로 침범하여 특정 값을 덮어쓸 수 있다면 해당 프로그램의 동작을 인위적으로, 그리고 자유롭게 변경할 수 있게 된다. 본 논문에서는 이와 같은 스택영역에서의 버퍼넘침을 사용한 제어흐름 변경 해킹기법의 과정을 현존하는 UNIX 시스템 및 C/C++ 언어를 이용하여 살펴보고 대응방향을 모색한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10a
• /
• pp.653-655
• /
• 2000

버퍼넘침(buffer overflow)은 특정 프로그램 언어에서 발생하는 배열의 경계파괴 현상을 말한다. 그 대표적인 언어로서 C/C++을 들 수 있는데, 이들 언어는 기본적으로 스트링(문자열)을 정의함에 있어서 크기속성을 배제하고 끝을 의미하는 종료문자(delimiter character, NULL)을 사용함으로써 배열(버퍼)의 경계침범 가능성을 허용하고 있다. 이때 스택영역에 할당된 버퍼가 넘침다면, 주변에 위치한 지역변수, 레지스터 보관, 복귀주소 등의 값이 변질되어 원래의 의도된 제어흐름을 보장할 수 없게 된다. 특히 복귀주소 부분을 의도적으로 침범하여 특정 값을 덮어쓸 수 있다면 해당 프로그램의 동작을 인위적으로, 그리고 자유롭게 변경할 수 있게 된다. 본 논문에서는 이와 같은 스택영역에서의 버퍼넘침을 사용한 제어흐름 변경 해킹기법의 과정을 현존하는 UNIX 시스템 및 C/C++ 언어를 이용하여 살펴보고 대응방향을 모색한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.11 no.4
• /
• pp.268-279
• /
• 1986

Recently, the improtance of the ISDN has been emphasized for the new services in the future information society. In this paper, new application of statistical multiplexer which can be used for CCITT D-channel multiplexing is suggested. The basic architecture of statistical multiplexer which can interleave eleven 16Kbps D-channels into one 64Kbps B-channel is also proposed. The necessary buffer size was estimated by computer simulation considering data traffic intensity, signal arrival length distribution and buffer overflow probability. Based on this buffer size, the basic architecture of the statistical multiplexer has been survetyed and hardware design principles are also studied.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.11
• /
• pp.5271-5289
• /
• 2016

On large-scale data analysis platforms deployed on cloud infrastructures over the Internet, the instability of the data transfer time and the dynamics of the processing rate require a more sophisticated data distribution scheme which maximizes parallel efficiency by achieving the balanced load among participated computing elements and by eliminating the idle time of each computing element. In particular, under the constraints that have the real-time and limited data buffer (in-memory storage) are given, it needs more controllable mechanism to prevent both the overflow and the underflow of the finite buffer. In this paper, we propose an auto regulated data provisioning model based on receiver-driven data pull model. On this model, we provide a synchronized data replenishment mechanism that implicitly avoids the data buffer overflow as well as explicitly regulates the data buffer underflow by adequately adjusting the buffer resilience. To estimate the optimal size of buffer resilience, we exploits an adaptive buffer resilience control scheme that minimizes both data buffer space and idle time of the processing elements based on directly measured sample path analysis. The simulation results show that the proposed scheme provides allowable approximation compared to the numerical results. Also, it is suitably efficient to apply for such a dynamic environment that cannot postulate the stochastic characteristic for the data transfer time, the data processing rate, or even an environment where the fluctuation of the both is presented.

• Proceedings of the IEEK Conference
• /
• 1999.11a
• /
• pp.1041-1044
• /
• 1999

This paper propose a solution to resolve data overflow or leakage when a subscriber receive data to service provider. The set-top box can communicate with a service provider and can inform the service provider its data overflow or leakage. When service provider received this control signal, it changes data transmit rate and transmits data with changed rate. The buffer of set-top box is important because incoming data from a service provider are stored by it.