• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.559-565
• /
• 2015

To defend against information leakage or malware inflow by USB memory, security technologies such as copy protection and device control have being researched and developed. However, countermeasure are insufficient despite being recognized as a fatal security-hole for BadUSB presented at the Black Hat Security Conference 2014. To solve this problem, the countermeasures for BadUSB vulnerability are proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1345-1354
• /
• 2012

The modern society with the wide spread USB memory, witnesses the acceleration in the development of USB products that applied secure technology. Secure USB is protecting the data using the method as device-based access control, encryption of stored files, and etc. In terms of forensic analyst, to access the data is a lot of troubles. In this paper, we studied software-based data en/decryption technology and proposed for analysis mechanism to validation vulnerability that secured on removable storage media. We performed a vulnerability analysis for USB storage device that applied security mechanism. As a result, we found vulnerabilities that extracts a source file without a password.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1225-1236
• /
• 2020

Fuzzing is an automated software testing methodology that dynamically tests the security of software by inputting randomly generated input values outside of the expected range. KISA is releasing open source for standard cryptographic algorithms, and many crypto module developers are developing crypto modules using this source code. If there is a vulnerability in the open source code, the cryptographic library referring to it has a potential vulnerability, which may lead to a security accident that causes enormous losses in the future. Therefore, in this study, an appropriate security policy was established to verify the safety of block cipher source codes such as SEED, HIGHT, and ARIA, and the safety was verified using differential fuzzing. Finally, a total of 45 vulnerabilities were found in the memory bug items and error handling items, and a vulnerability improvement plan to solve them is proposed.

• The KIPS Transactions:PartA
• /
• v.18A no.5
• /
• pp.193-204
• /
• 2011

Since web applications are accessed by anonymous users via web, more security risks are imposed on those applications. In particular, because security vulnerabilities caused by insecure source codes cannot be properly handled by the system-level security system such as the intrusion detection system, it is necessary to eliminate such problems in advance. In this paper, to enhance the security of web applications, we develop a static analyzer for detecting the well-known security vulnerability of PHP file inclusion vulnerability. Using a semantic based static analysis, our vulnerability analyzer guarantees the soundness of the vulnerability detection and imposes no runtime overhead, differently from the other approaches such as the penetration test method and the application firewall method. For this end, our analyzer adopts abstract interpretation framework and uses an abstract analysis domain designed for the detection of the target vulnerability in PHP programs. Thus, our analyzer can efficiently analyze complicated data-flow relations in PHP programs caused by extensive usage of string data. The analysis results can be browsed using a JAVA GUI tool and the memory states and variable values at vulnerable program points can also be checked. To show the correctness and practicability of our analyzer, we analyzed the source codes of open PHP applications using the analyzer. Our experimental results show that our analyzer has practical performance in analysis capability and execution time.

• Annual Conference of KIPS
• /
• 2023.05a
• /
• pp.116-118
• /
• 2023

자율주행차가 제공하는 새로운 시장과 경쟁력, 인력 및 시간 절약, 교통 체증 문제 해결 등의 장점을 다루고, UN 사이버 보안 법률에 따른 자율주행차의 기술적인 요구사항을 준수해야 한다. 하지만 자율주행차에 대한 기술적인 요구사항을 준수하는 것으로는 모든 사이버 공격에 대해서 막을 수 없다. 자율주행차의 법적 요구사항과 사이버 보안 위협에 대처하는 방법을 다룬다. 특히 RTOS(Real Time OS)와 같은 실시간 시스템에 매우 위험할 수 있는 DRAM(Dynamic Random Access Memory)에 대한 로우해머링 공격 기법에 대해 분석하고 로우해머링에 대한 보안 방법을 제시한다. 그리고 자율 주행 시스템의 안전과 신뢰성을 보장하기 위해 하드웨어 기반 또는 소프트웨어 기반 방어 기술을 소개하고 있다.

• Journal of the Earthquake Engineering Society of Korea
• /
• v.8 no.1
• /
• pp.77-86
• /
• 2004

This paper introduces a shape memory alloy-restrainer-damper(SMA-RD) to protect multiple span continuous steel bridges from seismic loads. The type of bridges has only one fixed bearing condition on a pier and expansion bearings are located on the other piers and abutments. Due to this state and a big mass of the deck, these bridges are usually very vulnerable to column's damage on which fixed bearings are located and large deformation of abutments in passive action. Two types of SMA-RDs are developed, and their effect is inspected for protecting the bridges through seismic analyses. Conventional steel restrainer cables are also used to reduce the seismic vulnerability of the bridge and the results are compared to those of the SMA-RDs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.17-27
• /
• 2020

Many users are using password managers in order to conveniently manage several usernames and passwords needed to access the web sites. The password manager encrypts and stores several passwords on the server, and the user accesses the server to receive the password information. Thus, if an attacker can sniff a message between the password manager and the server and decrypt the message content, or if an attacker can steal the computer's memory and decrypt the message content, then all the passwords will be exposed to the attacker. In this paper, we analyze the client-server communications and encryption process of password mangers and show there is a serious vulnerability in memory attack.

• International journal of steel structures
• /
• v.18 no.4
• /
• pp.1325-1335
• /
• 2018

This study dealt with investigating the seismic performance of the smart and shape memory alloy (SMA) and magnets plus rubber-spring (MRS) dampers and their effects on the seismic resistance of multiple-span simply supported bridges. The rubber springs in the MRS dampers were pre-compressed. For this aim, a set of experimental works was performed together with developing nonlinear analytical models to investigate dynamic responses of the bridges subjected to earthquakes. Fragility analysis and probabilistic assessment were conducted to assess the seismic performance for the overall bridge system. Fragility curves were then generated for each model and were compared with those of as-built. Results showed dampers could increase the seismic capacity of bridges. Furthermore, from system fragility curves, use of damper models reduced the seismic vulnerability in comparison to the as-built bridge model. Although the SMA damper showed the best seismic performance, the MRS damper was the most appropriate one for the bridge in that the combination of magnetic friction and pre-compressed rubber springs was cheaper than the shape memory alloy, and had the similar capability of the damper.

• Korean Journal of Biological Psychiatry
• /
• v.13 no.3
• /
• pp.191-201
• /
• 2006

Objectives : The purpose of this study was to investigate whether the cognitive functions would be correlated with psychotic symptoms and whether antipsychotic treatments would affect the cognitive functions after 8 weeks. Methods : The thirty-five schizophrenic patients were conducted in this study. The psychopathology was measured using PANSS. The memory function, executive function, and sustained attention were measured using Memory Assessment Scale(MAS), Wisconsin Card Sorting Test(WCST), and Vigilance(VIG) and Cognitrone(COG) in Vienna Test System. After 8 weeks of antipsychotic treatment, we retested the cognitive tests. Results : 1) The cognitive tests after the 8 week's treatment showed significant improvements in memory and executive function in the schizophrenic patients. On the other side, sustained attention did not show improvement. 2) The change of PANSS were correlated with perseverative response, perseverative error and total correct in WCST at baseline. WCST scores at baseline were correlated with negative symptoms, but not positive ones. Conclusion : These study suggests that 1) the impaired sustained attention could be a vulnerability marker in schizophrenia, 2) memory & executive function deficit could be reversible after treatment, and 3) medication might have a benefit in improving the cognitive functions in schizophrenia. Furthermore, the data supports that the better premorbid executive function was, the more favorable was the treatment response in schizophrenic patients. Finally, this study indicates that executive function might be an index of treatment improvement.

• Korean Journal of Biological Psychiatry
• /
• v.19 no.1
• /
• pp.53-59
• /
• 2012

Objectives : Autobiographical memory (ABM) is a special type of episodic memory, containing events that have occurred in a personal life. Overgeneral tendency of ABM refers to the retrieval of memory with only general and categorical descriptions rather than specific events. ABM specificity in depression and posttraumatic stress disorder is a robust finding with relation to cognitive vulnerability, affect regulation, problem-solving ability. It is also implicated in bipolar disorder with frequent relapses. In this study, we investigated whether ABM specificity was related to manic or euthymic mood states in patients with bipolar disorder. Methods : Forty bipolar patients with manic and euthymic episodes and 25 healthy controls participated in this study. Prompted by 5 positively and 5 negatively valenced emotional cue words, each participant was instructed to recall positive or negative memories and describe them in detail. The One-way ANOVA was used to compare ABM scores and post-hoc analyses were done. Results : Comapred to the healthy persons, the bipolar patients reported significantly more general than specific negative memories in both manic and euthymic episodes (p = 0.003). However, there was no significant difference between manic and euthymic patients (p = 0.074). Conclusions : These results suggest that overgeneral tendency of negative ABM may be a trait abnormality in bipolar disorder. Moreover, this phenomenon might be related to underlying cognitive deficits or affect regulation irrespective of the mood state.