• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.701-713
• /
• 2021

Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.

• Journal of Internet Computing and Services
• /
• v.9 no.1
• /
• pp.115-127
• /
• 2008

The component for satisfying several domain requirements must be developed to support variety. But, when the application is developed using the component, it happens other requirements. So, it is difficult to design component to satisfy severaldomain requirements. Also, it is impossible to support the special business logic. As this problem, the component must provide to the white-box component, it is not the black-box component. So, in this paper, we propose the variability design technique and the customization technique using the design technique that can support the various requirements. This technique is not focus on designing the component to analyze various domains. The variability of the component is designed to the initial variability in the component development phase and we use the customization technique for applying the variability to developing application. The variability can be re-designed during developing the application to use the component applying the variability. The variability of the component is evolved and the generation of the component is increased via the iteration Generally, the range of the component variability is classified the function modification within the component and the component internal structure modification as requirements in the component outside. As the range of the variability, we propose the variability design technique of the behavior and the message flow. This paper proposes a message flow design technique for modifying function call.

• Journal of Environmental Policy
• /
• v.9 no.1
• /
• pp.83-107
• /
• 2010

Urbanized environments are constructed to estimate peak flow and cost savings in response to possible BMP allocation at a watershed scale. The main goal is to explore the proper allocation of sub-watershed level BMPs for peak flow attenuation at a watershed scale. Since several individual site scale BMPs work as a form of aggregated BMPs at a sub-watershed scale, it is a question as to how to properly allocate the sub-watershed level BMPs at a watershed scale. The Hydrological Simulation Program-FORTRAN (HSPF) is set up for a hypothetically urbanized watershed. A peak flow is determined to be the primary variable of interest and targeted to characterize the spatial distribution of aggregated BMPs. Construction cost of a regional pond forms the basis of the economic valuation. The results indicate that when total size of BMPs is constant in the entire watershed, (1) it is most effective to have aggregated BMPs in some upper sub-watersheds while the BMPs in either the mainstem sub-watershed or a single sub-watershed are the least effective choices for peak flow attenuation at a watershed scale; (2) savings exist between allocation differences and reduced peak flow increases cost savings. The largest saving is found in the strategy of aggregated BMPs in some upper sub-watersheds. These findings, however, call for follow-up site specific case studies revisiting the watershed scale impacts of BMP allocation. Then, it will be argued that location and extent of decentralization are considerable policy variables for an alternative stormwater management policy at a watershed scale.

• Korean small business review
• /
• v.40 no.3
• /
• pp.1-24
• /
• 2018

The purpose of this study is verifying with corporate financial data that the required investment amount flow shows a similar pattern as times passed, in new product development by start-up company. In the previous paper, the same authors proposed the required investment amount flow as a 'New Product Investment Curve (NPIC)'. In this study, we have studied further in various types of companies. The samples used are accounting data of 462 companies selected from 5,873 Korean companies which were finished external audit in 2015. The results of this study are as follows; The average investment period was 3 years for the listed companies, while 6 years for the unlisted companies. The investment payback period was 6 years for listed companies, while 17 years for unlisted companies. The investment payback period of the company supported by big affiliate company (We call 'greenhouse company') was 14~15 years, while 17 years for real venture companies. When we divide all companies into 4 groups in terms of R&D cost and variable cost ratio, NPIC explanatory power of 'high R&D and high variable cost ratio group (Automobile Assembly Business) is best. Among the eight investment cost indexes proposed to estimate the investment amount, the 'cash 1' (operating cash flow+fixed asset excluding land & building+intangible asset, deferred asset change)/year-end total assets) turned out to be the most effective index to estimate the investment flow patterns. The conclusion is that NPIC explanatory power is somewhat reduced when we estimate all companies together. However, if we estimate the sample companies by characteristics such as listed, unlisted, greenhouse, and venture company, the proposed NPIC was verified to be effective by showing the required investment amount pattern.

• Journal of KIISE
• /
• v.41 no.12
• /
• pp.1018-1025
• /
• 2014

An ROP attack creates gadget sequences which consist of existing code snippets in a program, and hijacks the control flow of a program by chaining and executing gadget sequences consecutively. Existing defense schemes have limitations in that they cause high execution overhead, an increase in the binary size overhead, and a low applicability. In this paper, we solve these problems by introducing zero-sum defender, which is a fast and space-efficient mitigation scheme against ROP attacks. We find a fundamental property of gadget execution in which control flow starts in the middle of a function without a call instruction and ends with a return instruction. So, we exploit this property by monitoring whether the execution is abused by ROP attacks. We achieve a very low runtime overhead with a very small increase in the binary size. In our experimental results, we verified that our defense scheme prevents real world ROP attacks, and we showed that there is only a 2% performance overhead and a 1% binary size increase overhead in several benchmarks.

• Archives of Plastic Surgery
• /
• v.32 no.4
• /
• pp.428-434
• /
• 2005

Extensive and complicated defects on the body call for an omnipotent tool for a perfect reconstruction. Flaps derived from the omentum has many advantages over the conventional flaps. From 1999 to 2004, Omental flaps were applied for various soft tissue reconstructions. Among total 20 total 7 cases were for immediate reconstruction, 2 cases for chronic infection, 3 cases for simultaneous reconstruction of two defects, 4 cases for functional joint reconstruction and 4 cases were for flow- through revascularization. Among these cases, 3 cases were operated with minimal incision harvest technique. There were no complete flap failures, partial necrosis of the distal parts were noted on three cases. The omental flap is indicated on a large contaminated defect reconstruction due to its large size, well-vascularized, and malleable properties. The omental flap provides several additional advantages over other flaps, which are; the availability of the one staged simultaneous reconstruction of two defects with one flap, providing gliding function for the joint motion, and a flow-through characteristics with long vascular pedicle. But there are some serious shortcomings, including a long abdominal scar and intraabdominal problems. However, these are rare and can be minimized with our minimal incision technique. Due to its unique characteristics. the omentum is one of the ideal tissues for the reconstruction of the complicated soft tissue defects due to its unique characteristics.

• Proceedings of the Korea Contents Association Conference
• /
• 2007.11a
• /
• pp.126-129
• /
• 2007

Recently the use of wireless network increases according to it solves the hand-off and with path loss, pading, noise etc of wireless network the research for transmission error improvement is developed. TCP and SCTP of standard where it guarantees the reliability of wire network apply in wireless network the congestion control, flow control mechanism used it decreases the efficiency of data transfer throughputs. In this paper, It mixes SCTP and SNOOP for SCTP apply on wireless network, to improve BS(Basic Station) operation processes when the transmission error occurs in wireless network. BS send ZWP(Zero Window Probe) to MN(Mobile Node) when the transmission error occurs so, check path and status and update RWND and error status checked. It selects the new path, send ZWA(Zero Window Advertisement) to FH(Fixed Host) and the prevents call to congestion control or flow control and it does to make wait status standing. Continuously of data transfer after the connection of wireless network is stabilized, it make increase about 10% the transmission throughput of data.

• Proceedings of the Korean Geotechical Society Conference
• /
• 2004.03b
• /
• pp.509-516
• /
• 2004

The measurement of abnormal change of temperature(temperature anomaly) will help determine the safety of various engineering constructions, as the measurement in body often used to diagnose one's health. Temperature anomaly can be occurred in leakage or seepage of water flow in rocks, and in ground water table etc. Grouting materials injected in fractured rocks generate heat during hardening process. The degree of temperature change is associated directly with heat flow characteristics, that is, thermal conductivity, specific heat capacity. density of the surrounding rocks and can afford to assess the grouting efficiency. However, in practice, the use of traditional temperature measuring technique composed of only one single thermal sensor has been fundamentally limited to acquire thermal data sufficient to use for that, partly due to the time-consuming measuring work, partly due to the non-consecutive quality of data. Thus, in this paper, a new concept of temperature measuring technique, what we call, thermal line sensor technique is introduced. In this, the sensors with an accuracy of $0.02^{\circ}$ are inserted at regular intervals in one line cable and addressed by a control device, which enables to fundamentally enhance the capability of data acquisition in time and space. This new technology has been demonstrated on diverse field model experiments. The results were simply meant to be illustrative of a potential to be used for various kinds of temperature measurements encountered in grouting and leakage problems.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.46 no.2
• /
• pp.24-30
• /
• 2009

In this paper, the FPGA modem platform complying with 3GPP Release 7 eHSPA specifications and its regularized verification flow are proposed. The FFGA platform consists of modem board supporting physical layer requirements, MCU and DSP core embedded control board to drive the modem board, and peripheral boards for RF interfacing and various equipment interfaces. On the other hand, the proposed verification flow has been regularized into three categories according to the correlation degrees of hardware-software inter-operation, such as simple function test, scenario test call processing and system-level performance test. When it comes to real implementations, the emulation verification strategy for low power mobile SoC is also introduced.

• Journal of Korean Society for Quality Management
• /
• v.37 no.3
• /
• pp.39-53
• /
• 2009

This paper suggests a new process structuring method, which we call process modularization, for decomposing and grouping activities in a process. Above all, we propose the concept of a module that is a group of activities positioned on the same flow before and after control constructs. Since activities in a module are relatively strongly interrelated with one another, it is important to take into consideration of these together. A design structure matrix (DSM) is used to structure the process because it has a lot of advantages in process modeling and analysis. We developed two algorithms: the restricted topological sorting (RTS) algorithm for ordering activities and the module finding (MF) algorithm for detecting modules in a process, which utilize the DSM. The suggested approach enables a firm's manager to design and analyze the process effectively. We also developed a supporting tool to accelerate the progress of process modularization. The supporting tool aids the process manager in finding the module and understanding the process structure easily. An illustrative example is addressed to show operations of the suggested approach.