• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.1
• /
• pp.71-75
• /
• 2008

Many sensor operating systems have memory limitation constraint; therefore, stack memory areas of threads resides in a single memory space. Because most target platforms do not have hardware MMY (Memory Management Unit), it is difficult to protect each stack area. The method to solve this problem is to exchange original stack handling instructions in binary code for wrapper routines to protect stack area. In this exchanging phase, instruction corruption problem occurs due to difference of each instruction length between stack handling instructions and branch instructions. In this paper, we propose the algorithm to call a target routine without instruction corruption problem. This algorithm can reach a target routine by repeating branch instructions to have a short range. Our solution makes it easy to apply security patch and maintain upgrade of software of sensor node.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.506-507
• /
• 2015

Our scheme going to use the advanteges of shadow technical and use it in flash memory. With our scheme we can maintain the system from corruption by making a capy table for table mappinng. It is make us to recover the data easily when something unusually happen to the system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.8
• /
• pp.3888-3910
• /
• 2018

As an increasing number of defense methods against control-data attacks are deployed in practice, control-data attacks have become challenging, and non-control-data attacks are on the rise. However, defense methods against non-control-data attacks are still deficient even though these attacks can produce damage as significant as that of control-data attacks. We present a method to defend against non-control-data attacks using influence domain monitoring (IDM). A definition of the data influence domain is first proposed to describe the characteristics of a variable during its life cycle. IDM extracts security-critical non-control data from the target program and then instruments the target for monitoring these variables' influence domains to ensure that corrupted variables will not be used as the attackers intend. Therefore, attackers may be able to modify the value of one security-critical variable by exploiting certain memory corruption vulnerabilities, but they will be prevented from using the variable for nefarious purposes. We evaluate a prototype implementation of IDM and use the experimental results to show that this method can defend against most known non-control-data attacks while imposing a moderate amount of performance overhead.

• Journal of KIISE:Software and Applications
• /
• v.34 no.8
• /
• pp.708-720
• /
• 2007

Memory access errors are frequently occurred in computer programs written in C programming language [1,2]. Accordingly, a number of research works have suggested a wide variety of methods to detect such errors automatically. However, they have one or more of the following problems: inability to detect all memory errors, changing the memory allocation mechanism, and excessive performance overhead. To cope with these problems, in this paper we suggest a new and automated tool to detect dynamic memory access errors in C programs.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2022.06a
• /
• pp.214-217
• /
• 2022

In the maritime digital forensic part, it is very important and difficult process that analysis of data and information with vessel navigation system's binary log data for situation awareness of maritime accident. In recent years, analysis of vessel's navigation system's trajectory information is an essential element of maritime accident investigation. So, we made an experiment about corruption with various memory device in navigation system. The analysis of corruption test in seawater give us important information about the valid pulling time of sunken ship for acquirement useful trajectory information.

• Journal of Internet of Things and Convergence
• /
• v.9 no.3
• /
• pp.7-12
• /
• 2023

One of the most important characteristics of digital forensics is integrity. Integrity means that the data has not been tampered with. If evidence is collected during digital forensic and later tampered with, it cannot be used as evidence. With analog evidence, it's easy to see if it's been tampered with, for example, by taking a picture of it. However, the data on the storage media, or digital evidence, is invisible, so it is difficult to tell if it has been tampered with. Therefore, hash values are used to prove that the evidence data has not been tampered with during the process of collecting evidence and submitting it to the court. The hash value is collected from the stored data during the evidence collection phase. However, due to the internal behavior of NAND flash memory, the physical data shape may change over time from the acquisition phase. In this paper, we study the characteristics and techniques of flash memory that can cause the physical shape of flash memory to change even if no intentional data corruption is attempted.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1069-1078
• /
• 2012

It is known that memory has been frequently a target threatening the computer system's security while attacks on the system utilizing the memory's weakness are actually increasing. Accordingly, various memory protection mechanisms have been studied on OS while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as attacks of Return to Library or Return-Oriented Programing and recently, a technique bypassing the countermeasure against Return-Oriented Programming proposed. Therefore, this paper is intended to suggest a detection mechanism at binary level by analyzing the procedure and features of Jump-Oriented Programming. In addition, we have implemented the proposed detection mechanism and experimented it may efficiently detect Jump-Oriented Programming attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.345-351
• /
• 2023

As software development progresses and programs become increasingly complex, the cost of reducing and managing software vulnerabilities has also increased. To address this issue, the Rust programming language, which guarantees Memory Safety, has been suggested as an alternative for more error-prone languages such as traditional C/C++. However, Rust also supports the use of libraries written in C/C++ to enhance compatibility with older languages and avoid redundant development, compromising its original guarantees. For example, memory corruption happened in C/C++ can lead to exploits such as buffer overflow, Use-After-Free and null-pointer dereferecing. To tackle this problem, recent studies have been conducted to secure interactino between Rust and C/C++ by isolation. This paper uncovers areas that have not been fully explored in previous studies, following limitation analysis on each. Finally, this paper suggests the future direction of research on safe interaction between Rust and C/C++.

• Nuclear Engineering and Technology
• /
• v.54 no.6
• /
• pp.2031-2036
• /
• 2022

Energetic particle strikes the device and induces data corruption in the configuration memory (CRAM), causing errors and even malfunctions in a system on chip (SoC). Software-based fault injection is a convenient way to assess device performance. In this paper, dynamic partial reconfiguration (DPR) is adopted to make fault injection on a Xilinx 16 nm FinFET Ultrascale+ MPSoC. And the reconfiguration module implements the Sobel and Gaussian image filtering, respectively. Fault injections are executed on the static and reconfiguration modules' bitstreams, respectively. Another contribution is that the failure modes and effects analysis (FMEA) method is applied to evaluate the system reliability, according to the obtained injection results. This paper proposes a software-based solution to estimate programmable device vulnerability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.319-323
• /
• 2023

In intra-process isolation, file descriptors work as another attack vector from the memory corruption attacks. The attacker can read or write by corrupting file descriptors so they can escape the isolation. In this paper, we propose new lightweight capability-based access control system on file descriptor using ARM's hardware extension, PA(Pointer Authentication). Our system was implemented on Linux kernel module, only shows 5% overhead to control the access on the file descriptor.