• Title/Summary/Keyword: Memory vulnerability

검색결과 62건 처리시간 0.132초

Automated Method for Detecting OOB Vulnerability of Heap Memory Using Dynamic Symbolic Execution (동적 기호 실행을 이용한 힙 메모리 OOB 취약점 자동 탐지 방법)

  • Kang, Sangyong;Park, Sunghyun;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • 제28권4호
    • /
    • pp.919-928
    • /
    • 2018
  • Out-Of-Bounds (OOB) is one of the most powerful vulnerabilities in heap memory. The OOB vulnerability allows an attacker to exploit unauthorized access to confidential information by tricking the length of the array and reading or writing memory of that length. In this paper, we propose a method to automatically detect OOB vulnerabilities in heap memory using dynamic symbol execution and shadow memory table. First, a shadow memory table is constructed by hooking heap memory allocation and release function. Then, when a memory access occurs, it is judged whether OOB can occur by referencing the shadow memory, and a test case for causing a crash is automatically generated if there is a possibility of occurrence. Using the proposed method, if a weak block search is successful, it is possible to generate a test case that induces an OOB. In addition, unlike traditional dynamic symbol execution, exploitation of vulnerabilities is possible without setting clear target points.

A Out-of-Bounds Read Vulnerability Detection Method Based on Binary Static Analysis (바이너리 정적 분석 기반 Out-of-Bounds Read 취약점 유형 탐지 연구)

  • Yoo, Dong-Min;Jin, Wen-Hui;Oh, Heekuck
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • 제31권4호
    • /
    • pp.687-699
    • /
    • 2021
  • When a vulnerability occurs in a program, it is documented and published through CVE. However, some vulnerabilities do not disclose the details of the vulnerability and in many cases the source code is not published. In the absence of such information, in order to find a vulnerability, you must find the vulnerability at the binary level. This paper aims to find out-of-bounds read vulnerability that occur very frequently among vulnerability. In this paper, we design a memory area using memory access information appearing in binary code. Out-of-bounds Read vulnerability is detected through the designed memory structure. The proposed tool showed better in code coverage and detection efficiency than the existing tools.

A Study on the Analysis and Mitigation of Temporal Access Vulnerability in Processing-In Memory (Processing-In Memory 시간적 접근 취약점 분석 및 완화에 대한 연구)

  • Tae-Wook Kim;Yeongpil Cho
    • Annual Conference of KIPS
    • /
    • 한국정보처리학회 2024년도 춘계학술발표대회
    • /
    • pp.199-201
    • /
    • 2024
  • 많은 양의 데이터 처리를 요구하는 오늘날, 메모리 입/출력 없이 데이터를 처리할 수 있는 Processing-In Memory가 많은 관심을 받고 있다. Processing-In Memory는 소프트웨어 라이브러리를 통해 접근할 수 있는데, 적절히 구현되지 않은 라이브러리는 공격 대상이 된다. 본 논문에서는 Processing-In Memory 소프트웨어 라이브러리에 존재하는 시간적 접근 취약점을 분석하고 그에 대한 완화기법을 제시한다.

Container Vulnerability Intruder Detection Framework based on Memory Trap Technique (메모리 트랩기법을 활용한 컨테이너 취약점 침입 탐지 프레임워크)

  • Choi, Sang-Hoon;Jeon, Woo-Jin;Park, Ki-Woong
    • The Journal of Korean Institute of Next Generation Computing
    • /
    • 제13권3호
    • /
    • pp.26-33
    • /
    • 2017
  • Recently container technologies have been receiving attention for efficient use of the cloud platform. Container virtualization technology has the advantage of a highly portable, high density when compared with the existing hypervisor. Container virtualization technology, however, uses a virtualization technology at the operating system level, which is shared by a single kernel to run multiple instances. For this reason, the feature of container is that the attacker can obtain the root privilege of the host operating system internal the container. Due to the characteristics of the container, the attacker can attack the root privilege of the host operating system in the container utilizing the vulnerability of the kernel. In this paper, we propose a framework for efficiently detecting and responding to root privilege attacks of a host operating system in a container. This framework uses a memory trap technique to detect changes in a specific memory area of a container and to suspend the operation of the container when it is detected.

Development of User Oriented Vulnerability Analysis Application on Smart Phone (사용자 중심의 스마트폰 보안 취약성 분석 어플리케이션 개발)

  • Cho, Sik-Wan;Jang, Won-Jun;Lee, Hyung-Woo
    • Journal of the Korea Convergence Society
    • /
    • 제3권2호
    • /
    • pp.7-12
    • /
    • 2012
  • An advanced and proactive response mechanism against diverse attacks should be proposed for enhance its security and reliability on android based commercial smart work device. In this study, we propose a user-oriented vulnerability analysis and response system on commercial smart work device based on android when diverse attacks are activated. Proposed mechanism uses simplified and optimized memory for monitoring and detecting the abnormal behavior on commercial smart work device, with which we can find and determine the attacker's attempts. Additionally, proposed mechanism provides advanced vulnerability analysis and monitoring/control module.

Countermeasures to the Vulnerability of the Keyboard Hardware (키보드컨트롤러의 하드웨어 취약점에 대한 대응 방안)

  • Jeong, Tae-Young;Yim, Kang-Bin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • 제18권4호
    • /
    • pp.187-194
    • /
    • 2008
  • This paper proposes an effective countermeasure to an intrinsic hardware vulnerability of the keyboard controller that causes sniffing problem on the password authentication system based on the keyboard input string. Through the vulnerability, some possible attacker is able to snoop whole the password string input from the keyboard even when any of the existing keyboard protection software is running. However, it will be impossible for attackers to gather the exact password strings if the proposed policy is applied to the authentication system though they can sniff the keyboard hardware protocol. It is expected that people can use secure Internet commerce after implementing and applying the proposed policy to the real environment.

A Study on Security Police against Problem of Using Secure USB according to National Assembly Network Separation (국회 네트워크 분리에 따른 보안 USB 메모리의 사용 문제점 및 보안 대책 연구)

  • Nam, Won-Hee;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 한국정보통신학회 2012년도 춘계학술대회
    • /
    • pp.471-474
    • /
    • 2012
  • The administration of government agencies and Law enforcement agencies is utilize. that network separation and Establish CERT for network security. However, the legislature has a basic security system. so a lot of relative vulnerability. In this paper, study for security National Assembly and the National Assembly Secretariat, at Library of National Assembly on legislative National Assembly for information security and network configuration, network and external Internet networks is to divide the internal affairs. Network separation in accordance with the movement of materials to use secure USB memory, the user has the uncomfortable issues. Problem analysis and security vulnerabilities on the use of USB memory is study the problem. User efficiency and enhance security.

  • PDF

A Study on Vulnerability Analysis and Memory Forensics of ESP32

  • Jiyeon Baek;Jiwon Jang;Seongmin Kim
    • Journal of Internet Computing and Services
    • /
    • 제25권3호
    • /
    • pp.1-8
    • /
    • 2024
  • As the Internet of Things (IoT) has gained significant prominence in our daily lives, most IoT devices rely on over-the-air technology to automatically update firmware or software remotely via the network connection to relieve the burden of manual updates by users. And preserving security for OTA interface is one of the main requirements to defend against potential threats. This paper presents a simulation of an attack scenario on the commoditized System-on-a-chip, ESP32 chip, utilized for drones during their OTA update process. We demonstrate three types of attacks, WiFi cracking, ARP spoofing, and TCP SYN flooding techniques and postpone the OTA update procedure on an ESP32 Drone. As in this scenario, unpatched IoT devices can be vulnerable to a variety of potential threats. Additionally, we review the chip to obtain traces of attacks from a forensics perspective and acquire memory forensic artifacts to indicate the SYN flooding attack.

An Error Detection and Automatic Correction Algorithm for Memory-related Vulnerabilities in C language Programming (C언어 프로그래밍의 메모리 취약점에 대한 오류 감지 및 자동 수정 알고리즘)

  • Yeon-Gyeong Seo;Sanghoon Jeon
    • Convergence Security Journal
    • /
    • 제24권3호
    • /
    • pp.105-115
    • /
    • 2024
  • Since 2015, programming has been included in school curricula to enhance computer literacy and problem-solving skills. C language, widely used for its simplicity, efficiency, and long history, poses significant security risks, particularly in memory vulnerabilities like buffer overflow, pointer errors, format strings, and integer overflow. These vulnerabilities can cause severe system issues and widespread damage. This paper proposes an "Error Detection and Automatic Correction of Memory Vulnerabilities (EDAC)" algorithm to detect and correct these errors, aiming to reduce the impact of C language memory vulnerabilities.

Vulnerability analysis for AppLock Application (AppLock 정보 은닉 앱에 대한 취약점 분석)

  • Hong, Pyo-gil;Kim, Dohyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • 제32권5호
    • /
    • pp.845-853
    • /
    • 2022
  • As the memory capacity of smartphone increases, the type and amount of privacy stored in the smartphone is also increasing. but recently there is an increasing possibility that various personal information such as photos and videos of smartphones may be leaked due to malicious apps by malicious attackers or other people such as repair technicians. This paper analyzed and studied the security and vulnerability of these vault apps by analyzing the cryptography algorithm and data protection function. We analyzed 5.3.7(June 13, 2022) and 3.3.2(December 30, 2020) versions of AppLock, the most downloaded information-hidding apps registered with Google Play, and found various vulnerabilities. In the case of access control, there was a vulnerability in that values for encrypting patterns entered by users were hardcoded into plain text in the source code, and encrypted pattern values were stored in xml files. In addition, in the case of the vault function, there was a vulnerability in that the files and log files for storing in the vault were not encrypted.