• Title/Summary/Keyword: Memory Corruption

Search Result 15, Processing Time 0.019 seconds

Instruction-corruption-less Binary Modification Mechanism for Static Stack Protections (이진 조작을 통한 정적 스택 보호 시 발생하는 명령어 밀림현상 방지 기법)

  • Lee, Young-Rim;Kim, Young-Pil;Yoo, Hyuck
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.14 no.1
    • /
    • pp.71-75
    • /
    • 2008
  • Many sensor operating systems have memory limitation constraint; therefore, stack memory areas of threads resides in a single memory space. Because most target platforms do not have hardware MMY (Memory Management Unit), it is difficult to protect each stack area. The method to solve this problem is to exchange original stack handling instructions in binary code for wrapper routines to protect stack area. In this exchanging phase, instruction corruption problem occurs due to difference of each instruction length between stack handling instructions and branch instructions. In this paper, we propose the algorithm to call a target routine without instruction corruption problem. This algorithm can reach a target routine by repeating branch instructions to have a short range. Our solution makes it easy to apply security patch and maintain upgrade of software of sensor node.

Mapping Block Information Recovery

  • Abdulhadi, Alahmadi;Chung, Tae Sun
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2015.04a
    • /
    • pp.506-507
    • /
    • 2015
  • Our scheme going to use the advanteges of shadow technical and use it in flash memory. With our scheme we can maintain the system from corruption by making a capy table for table mappinng. It is make us to recover the data easily when something unusually happen to the system.

Defending Non-control-data Attacks using Influence Domain Monitoring

  • Zhang, Guimin;Li, Qingbao;Chen, Zhifeng;Zhang, Ping
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.8
    • /
    • pp.3888-3910
    • /
    • 2018
  • As an increasing number of defense methods against control-data attacks are deployed in practice, control-data attacks have become challenging, and non-control-data attacks are on the rise. However, defense methods against non-control-data attacks are still deficient even though these attacks can produce damage as significant as that of control-data attacks. We present a method to defend against non-control-data attacks using influence domain monitoring (IDM). A definition of the data influence domain is first proposed to describe the characteristics of a variable during its life cycle. IDM extracts security-critical non-control data from the target program and then instruments the target for monitoring these variables' influence domains to ensure that corrupted variables will not be used as the attackers intend. Therefore, attackers may be able to modify the value of one security-critical variable by exploiting certain memory corruption vulnerabilities, but they will be prevented from using the variable for nefarious purposes. We evaluate a prototype implementation of IDM and use the experimental results to show that this method can defend against most known non-control-data attacks while imposing a moderate amount of performance overhead.

Design of an Automated Testing Tool to Detect Dynamic Memory Access Errors in C Programs (C언어 기반 프로그램의 동적 메모리 접근 오류 테스트 자동화 도구 설계)

  • Cho, Dae-Wan;Oh, Seung-Uk;Kim, Hyeon-Soo
    • Journal of KIISE:Software and Applications
    • /
    • v.34 no.8
    • /
    • pp.708-720
    • /
    • 2007
  • Memory access errors are frequently occurred in computer programs written in C programming language [1,2]. Accordingly, a number of research works have suggested a wide variety of methods to detect such errors automatically. However, they have one or more of the following problems: inability to detect all memory errors, changing the memory allocation mechanism, and excessive performance overhead. To cope with these problems, in this paper we suggest a new and automated tool to detect dynamic memory access errors in C programs.

Immersion Testing of Navigation Device Memory for Ship Track Extraction of Sunken Fishing Vessel (침몰 선박 항해장비의 항적추출 가능성 확인을 위한 침수시험)

  • Byung-Gil Lee;Byeong-Chel Choi;Ki-Jung Jo
    • Proceedings of the Korean Institute of Navigation and Port Research Conference
    • /
    • 2022.06a
    • /
    • pp.214-217
    • /
    • 2022
  • In the maritime digital forensic part, it is very important and difficult process that analysis of data and information with vessel navigation system's binary log data for situation awareness of maritime accident. In recent years, analysis of vessel's navigation system's trajectory information is an essential element of maritime accident investigation. So, we made an experiment about corruption with various memory device in navigation system. The analysis of corruption test in seawater give us important information about the valid pulling time of sunken ship for acquirement useful trajectory information.

  • PDF

A Study on Characteristics and Techniques that Affect Data Integrity for Digital Forensic on Flash Memory-Based Storage Devices (플래시 메모리 기반 저장장치에서 디지털 포렌식을 위한 데이터 무결성에 영향을 주는 특성 및 기술 연구)

  • Hyun-Seob Lee
    • Journal of Internet of Things and Convergence
    • /
    • v.9 no.3
    • /
    • pp.7-12
    • /
    • 2023
  • One of the most important characteristics of digital forensics is integrity. Integrity means that the data has not been tampered with. If evidence is collected during digital forensic and later tampered with, it cannot be used as evidence. With analog evidence, it's easy to see if it's been tampered with, for example, by taking a picture of it. However, the data on the storage media, or digital evidence, is invisible, so it is difficult to tell if it has been tampered with. Therefore, hash values are used to prove that the evidence data has not been tampered with during the process of collecting evidence and submitting it to the court. The hash value is collected from the stored data during the evidence collection phase. However, due to the internal behavior of NAND flash memory, the physical data shape may change over time from the acquisition phase. In this paper, we study the characteristics and techniques of flash memory that can cause the physical shape of flash memory to change even if no intentional data corruption is attempted.

A detection mechanism for Jump-Oriented Programming at binary level (바이너리 수준에서의 Jump-Oriented Programming에 대한 탐지 메커니즘)

  • Kim, Ju-Hyuk;Lee, Yo-Ram;Oh, Soo-Hyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.5
    • /
    • pp.1069-1078
    • /
    • 2012
  • It is known that memory has been frequently a target threatening the computer system's security while attacks on the system utilizing the memory's weakness are actually increasing. Accordingly, various memory protection mechanisms have been studied on OS while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as attacks of Return to Library or Return-Oriented Programing and recently, a technique bypassing the countermeasure against Return-Oriented Programming proposed. Therefore, this paper is intended to suggest a detection mechanism at binary level by analyzing the procedure and features of Jump-Oriented Programming. In addition, we have implemented the proposed detection mechanism and experimented it may efficiently detect Jump-Oriented Programming attack.

Limitations and Future Work Suggetion on Safe Interaction Model between Rust and C/C++ (Rust와 C/C++간 안전한 상호작용에 관한 연구의 맹점과 개선 모델 연구)

  • Taehyun Noh;Hojoon Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.2
    • /
    • pp.345-351
    • /
    • 2023
  • As software development progresses and programs become increasingly complex, the cost of reducing and managing software vulnerabilities has also increased. To address this issue, the Rust programming language, which guarantees Memory Safety, has been suggested as an alternative for more error-prone languages such as traditional C/C++. However, Rust also supports the use of libraries written in C/C++ to enhance compatibility with older languages and avoid redundant development, compromising its original guarantees. For example, memory corruption happened in C/C++ can lead to exploits such as buffer overflow, Use-After-Free and null-pointer dereferecing. To tackle this problem, recent studies have been conducted to secure interactino between Rust and C/C++ by isolation. This paper uncovers areas that have not been fully explored in previous studies, following limitation analysis on each. Finally, this paper suggests the future direction of research on safe interaction between Rust and C/C++.

Fault injection and failure analysis on Xilinx 16 nm FinFET Ultrascale+ MPSoC

  • Yang, Weitao;Li, Yonghong;He, Chaohui
    • Nuclear Engineering and Technology
    • /
    • v.54 no.6
    • /
    • pp.2031-2036
    • /
    • 2022
  • Energetic particle strikes the device and induces data corruption in the configuration memory (CRAM), causing errors and even malfunctions in a system on chip (SoC). Software-based fault injection is a convenient way to assess device performance. In this paper, dynamic partial reconfiguration (DPR) is adopted to make fault injection on a Xilinx 16 nm FinFET Ultrascale+ MPSoC. And the reconfiguration module implements the Sobel and Gaussian image filtering, respectively. Fault injections are executed on the static and reconfiguration modules' bitstreams, respectively. Another contribution is that the failure modes and effects analysis (FMEA) method is applied to evaluate the system reliability, according to the obtained injection results. This paper proposes a software-based solution to estimate programmable device vulnerability.

Lightweight Capability-Based Access Control System on File Descriptor via ARM PA (ARM PA를 통한 경량화된 파일 디스크립터 권한 관리 시스템)

  • Kyuwon Cho;Hojoon Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.2
    • /
    • pp.319-323
    • /
    • 2023
  • In intra-process isolation, file descriptors work as another attack vector from the memory corruption attacks. The attacker can read or write by corrupting file descriptors so they can escape the isolation. In this paper, we propose new lightweight capability-based access control system on file descriptor using ARM's hardware extension, PA(Pointer Authentication). Our system was implemented on Linux kernel module, only shows 5% overhead to control the access on the file descriptor.