• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1159-1168
• /
• 2012

Control Flow Integrity(CFI) and Control Flow Locking(CFL) prevent unintended execution of software and provide integrity in control flow. Attackers, however, can still hijack program controls since CFI and CFL does not support fine-granularity, context-sensitive protection. In this paper, we propose a new CFI scheme, Source-code CFI(SCFI), to overcome the problems. SCFI provides context-sensitive locking for control flow. Thus, the proposed approach protects software against the attacks on the previous CFI and CFL schemes and improves safety.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.881-893
• /
• 2020

CFI(Control Flow Integrity) is a mitigation mechanism that protects programs by verifying control flows. IFCC(Indirect Function Call Checks) and SCS(Shadow Call Stack), CFI supported by LLVM Clang compiler, were introduced to protect applications in Android. IFCC protects function calls and SCS protects function returns. In this paper, we propose attacks to bypass CFI on the application environment with IFCC and SCS. Even if IFCC and SCS were applied to user applications, it was confirmed that there were many code segments not protected by IFCC and SCS in the application memory. We execute code in CFI unprotected segments to construct 1) bypassing IFCC to call a protected function, 2) modulating return address via SCS bypass. We identify code segments not protected by IFCC and SCS in Android10 QP1A. 191005.007.A3. We also implement proof-of-concept exploits to demonstrate that modulation of control flow is possible in an environment where IFCC and SCS are applied.

• Journal of Korea Water Resources Association
• /
• v.41 no.6
• /
• pp.605-617
• /
• 2008

This study developed a flood index which evaluates runoff characteristics. Runoff characteristics expressed in a hydrograph were reflected in the flood index in the form of characteristic factors such as a rising curve gradient, a peak discharge, a flood response time, and a flood discharge volume prior to peak. This study applied the standardization method to estimate the relative severity of the characteristic factors by transforming the distribution of characteristic factors into the standard normal distribution. The flood index developed in this study is a comprehensive flood index (CFI) which makes up for the weak points of a flash flood index (FFI) in determining relative severities. The CFI was applied to Han River basin and Selma River basin, and was compared with the FFI based on the correlation analysis and the regression analysis. The CFI could comprehensively evaluate flood runoff characteristics because the CFI is not dominated by a specific characteristic factor, and the CFI could explain more efficiently the relationship between rainfall and runoff than the FFI.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.225-227
• /
• 2022

CFI(Control Flow Integrity)는 제어 흐름을 검증해 프로그램을 보호하는 기법이다. Windows에서는 CFG(Control Flow Guard)란 이름으로 CFI 를 지원하고 LLVM 에서는 동일하게 CFI 란 이름으로 지원한다. 본 논문에서는 Windows CFG 의 몇 가지 한계점을 LLVM IFCC 와 비교해서 찾아보고 대안책을 제안한다. CFG 에 성능, 확장성, 보안 측면에서 LLVM IFCC 와 비교하여 한계점이 존재한다는 것을 확인하였다. 본 논문에서는 각 항에 대한 이론적 근거를 제시하고 문제를 해결할 수 있는 몇 가지 대응책을 소개한다.

• Journal of Distribution Science
• /
• v.11 no.1
• /
• pp.35-44
• /
• 2013

Purpose - This study aims to (a) analyze local citizens' perception of a local company, the Gwangyang Steel and Iron Company (GSIC); (b) compare the perception toward the local company with that of national citizens' perceptions towards many other unspecified companies, which were surveyed biannually by The Korea Chamber of Commerce and Industry (KCCI); and (c) analyze how such companies evaluate perceptions towards them, in relation to citizens' socioeconomic position, such as their education status. Research design, data, methodology - The data were collected using a questionnaire, which was given to a sample of local citizens in cities. To test the hypotheses, factor analyses, a t-test, and an ANOVA were conducted. The total number of respondents was 1798. The data gathered from the respondents of the sample were analyzed using SPSS Win 19.0 software. Perception towards the company was evaluated on the corporate favorite index (CFI). The CFI index shows how positive citizens feel towards a company. It is calculated using five leading factors, consisting of the following: contribution to the economy, productivity, international competitiveness, social contribution, and ethical management. The higher the level of positive feelings exhibited, the closer the index will come to 100. Results - As a result of the analysis, the CFI index towards the GSIC stood at 67.3. The CFI index towards the company is 16.5 points higher than that of the index towards the many other unspecified companies, which were surveyed by the bi-annual KCCI study in the first half of 2011. The other five indexes stood as follows: contribution to the economy, productivity, social contribution, and ethical management was 69.2, 71.2, 64.6, and 58.6, respectively. These indexes are 18.3, 4.6, 27.6, and 35.6, respectively, higher than those found by the KCCI study. However, international competitiveness is 73.0 (9.8 points lower than that of the KCCI study). This survey thus shows that the CFI of the local citizens towards the global company GSIC is very high when compared with the CFI index towards the many other unspecified companies that was determined by the KCCI survey. Conclusions - This survey shows that local citizens have high expectations of economic activity, increasing working opportunities, and regional cooperation projects from the local company, GSIC. In addition, the CFI index towards GSIC evaluates results depending on the respondent's relationship with the company, and their educational status. Respondents, whose family or relatives were working as employees of GSIC, have relatively positive perceptions of GSIC, and respondents with a relatively higher educational status also share positive perceptions. Local citizens expect the profit-making of the company to operate in accordance with management activities, and at the same time, they expect that the wealth generated by the company will return to wider society.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.408-411
• /
• 2014

최근 포스트 PC 시대가 시작되면서 다양한 모바일 기기가 상호 연결되는 트렌드가 나타나고 있다. 하지만 이로 인해 나타나는 보안상의 취약점 문제는 모바일 기기 상에서의 보다 강력한 보안성 요구 하게 되었다. 이 논문에서는 보안 취약점에 대처하는 연구 중 Control Flow Integrity (CFI) 연구에 대한 동향을 살펴보고, 이를 모바일 기기에 적용하기 위해서 고려해야 할 점에 대하여 논하겠다.

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.179-190
• /
• 2020

In the Unix-like system environment, the GOT overwrite attack is one of the traditional control flow hijacking techniques for exploiting software privileges. Several techniques have been proposed to defend against the GOT overwrite attack, and among them, the Full Relro(Relocation Read only) technique, which blocks GOT overwrites at runtime by arranging the GOT section as read-only in the program startup, has been known as the most effective defense technique. However, it entails loading delay, which limits its application to a program sensitive to startup performance, and it is not currently applied to the library due to problems including a chain loading delay problem caused by nested library dependency. Also, many compilers, including LLVM, do not apply the Full Relro technique by default, so runtime programs are still vulnerable to GOT attacks. In this paper, we propose a GOT protection scheme using the Control Flow Integrity(CFI) technique, which is currently recognized as the most suitable technique for defense against code reuse attacks. We implemented this scheme based on LLVM and applied it to the binutils-gdb program group to evaluate security, performance and compatibility. The GOT protection scheme with CFI is difficult to bypass, fast, and compatible with existing library programs.

• Journal of the Korean Association of Oral and Maxillofacial Surgeons
• /
• v.41 no.6
• /
• pp.293-298
• /
• 2015

Objectives: Infection involving the orbit, zygomatic space, lateral pharyngeal space, or hemifacial and oral floor phlegmon is referred to as cervicofacial infection (CFI). When diagnosis and/or adequate treatment are delayed, these infections can be life-threatening. Most cases are the result of odontogenic infections. We highlight our experiences in the management of this life-threatening condition. Materials and Methods: This was a retrospective study of patients who presented with CFI from December 2005 to June 2012 at the Oral and Maxillofacial Surgery Clinic or the Accident and Emergency Unit of Ahmadu Bello University Teaching Hospital (Zaria, Nigeria). The medical records of all patients who presented with either localized or diffuse infection of the maxillofacial soft tissue spaces were retrospectively collected. Data collected was analyzed using SPSS version 13.0 and are expressed as descriptive and inferential statistics. Results: Of the 77 patients, 49 patients (63.6%) were males, a male to female ratio of 1:7.5. The ages ranged from two years to 75 years with a mean of $35.0{\pm}19.3$ years, although most patients were older than 40 years. The duration of symptoms prior to presentation ranged from 6 to 60 days, with a mean of $11.0{\pm}9.4$ days. More than 90% of the patients presented to the clinic within the first 10 days. The most commonly involved anatomical space was the submandibular space (n=29, 37.7%), followed by hemifacial space (n=22, 28.6%) and buccal space (n=7, 9.1%). Ludwig angina accounted for about 7.8% of the cases. Conclusion: CFI most commonly involves the submandibular space, typically affects individuals with a low level of education, and is influenced by traditional medical practices. Despite improved health care delivery, CFI remains a significant problem in developing countries.

• Journal of Internet Computing and Services
• /
• v.25 no.3
• /
• pp.19-25
• /
• 2024

The worldwide aging population trend is causing an increase in the incidence of major retinal diseases that can lead to blindness, including glaucoma, cataract, and macular degeneration. In the field of ophthalmology, there is a focused interest in diagnosing diseases that are difficult to prevent in order to reduce the rate of blindness. This study proposes a deep learning approach to accurately diagnose ocular diseases in fundus photographs using less data than traditional methods. For this, Convolutional Neural Network (CNN) models capable of effective learning with limited data were selected to classify Conventional Fundus Images (CFI) from various ocular disease patients. The chosen CNN models demonstrated exceptional performance, achieving high Accuracy, Precision, Recall, and F1-score values. This approach reduces manual analysis by ophthalmologists, shortens consultation times, and provides consistent diagnostic results, making it an efficient and accurate diagnostic tool in the medical field.

• Proceedings of the Korea Contents Association Conference
• /
• 2016.05a
• /
• pp.387-388
• /
• 2016

Kwon (2015) was developed Employment Promotion Tool for Persons with Disabilities in the Aspect of the Quality of Life(QOL-EPAT). But its reliability and validity have not been verified yet. Therefore, this study aimed to verify the reliability, content validity and construct validity of QOL-EPAT. This study was conducted with a disability employment specialists. Period May to October 2015, six months, was distributed to collect the questionnaire. Reliability of QOL-EPAT was estimated using the internal consistency method; both the coefficient of Cronbach's ${\alpha}$ were over 0.7. Construct Validity; Construct validity was verified using structural equation modeling (SEM). Goodness of fit index (GFI), Adjusted goodness of fit index (AGFI), comparative fit index (CFI), tucker-Lewis index (TLI) and root mean square error of approximation (RMSEA) are the suitability indices of SEM. As the result, GFI=0.898; AGFI=0.844; CFI=0.961; TLI=0.949 and RMSEA=0.069. The validity was verified because the values of GFI, AGFI, CFI, TLI and RMSEA were within the goodness-of-fit range. Thus, impaired employs promoters of Japan also provided which allows for analysis of the policy by using a validated scale.