• Journal of Korea Multimedia Society
• /
• v.12 no.8
• /
• pp.1120-1127
• /
• 2009

The commensurate number of the attacks and infringement targeting a vulnerability of the game service has been increasing constantly, due to the dramatic growth and expansion of the impact of the game industry. However, there exist no subsequent researches for the differentiated technology, which is to prevent the reverse function of the game service. Therefore, in this study, we examined the current status of infringement toward online game services which are provided in the market currently and designed the proper technical measures for a manipulation of the game service which is the most vulnerable part. We have encrypted an execution file and decrypted it in real time process. Furthermore, we conducted debugging, disassemble, and prevented a its own memory dump, also concealed the information to overcome the module dependency to preclude a manipulation.

• Journal of Korean Society of Archives and Records Management
• /
• v.5 no.2
• /
• pp.183-193
• /
• 2005

A large part of the vast amounts of information produced in the world is born digital, and comes in a wide variety of formats: text, database, audio, film, image. During the meeting of the Organization's Executive Board in May 2001, Member States agreed on the need for rapid action to safeguard digital heritage. The interest of UNESCO in this situation comes as no surprise. UNESCO exists in part to encourage and enable the preservation and enjoyment of the cultural, scientific and information heritage of the world's peoples. The growth of digital heritage and its vulnerability could hardly go unnoticed. Our societies have witnessed the end of the paradigm of the written archive, a paradigm that had developed over hundreds of years. Throughout the twentieth century new media have wisely and modestly joined this prestigious tradition. This paradigm has already been transformed, and the devices in place are unable to deal with the brutal advance of information technologies, and the quantitative inflation which they cause. This goes beyond those institutions specializing in the management of memory: a whole new regime of information will have to be constructed, and quickly, completely transforming old memory and archiving systems. If this shift does not take place, our societies will suffer irremediable damage in their collective social memory.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1039-1048
• /
• 2019

Symbolic execution, an automatic search method for vulnerability verification, has been technically improved over the last few years. However, it is still not practical to analyze the program using only the symbolic execution itself. One of the biggest reasons is that because of the path explosion problem that occurs during program analysis, there is not enough memory, and you can not find the solution of all paths in the program using symbolic execution. Thus, it is practical for the analyst to construct a path for symbolic execution to a target with vulnerability rather than solving all paths. In this paper, we propose a static analysis - based backward CFG(Control Flow Graph) generation technique that can be used in symbolic execution for program analysis. With the creation of a backward CFG, an analyst can select potential vulnerable points, and the backward path generated from that point can be used for future symbolic execution. We conducted experiments with Linux binaries(x86), and indeed showed that potential vulnerability selection and backward CFG path generation were possible in a variety of binary situations.

• Nuclear Engineering and Technology
• /
• v.54 no.6
• /
• pp.2031-2036
• /
• 2022

Energetic particle strikes the device and induces data corruption in the configuration memory (CRAM), causing errors and even malfunctions in a system on chip (SoC). Software-based fault injection is a convenient way to assess device performance. In this paper, dynamic partial reconfiguration (DPR) is adopted to make fault injection on a Xilinx 16 nm FinFET Ultrascale+ MPSoC. And the reconfiguration module implements the Sobel and Gaussian image filtering, respectively. Fault injections are executed on the static and reconfiguration modules' bitstreams, respectively. Another contribution is that the failure modes and effects analysis (FMEA) method is applied to evaluate the system reliability, according to the obtained injection results. This paper proposes a software-based solution to estimate programmable device vulnerability.

• International conference on construction engineering and project management
• /
• 2015.10a
• /
• pp.179-182
• /
• 2015

Detecting and assessing human-related risks is critical to improve the on-site safety condition and reduce the loss in lives, time and budget for construction industry. Recent research in neural science and psychology suggest inattentional blindness that caused by overload in working memory is the major cause of unexpected human related accidents. Due to the limitation of human mental workload, laborers are vulnerable to unexpected hazards while focusing on complicated and dangerous construction tasks. Therefore, detecting the risk perception abilities of workers could help to identify vulnerable individuals and reduce unexpected injuries. However, there are no available measurement approaches or devices capable of monitoring construction workers' mental conditions. The research proposed in this paper aims to develop such a measurement framework to evaluate hazards through monitoring electroencephalogram of labors. The research team developed a wearable safety monitoring helmet, which can collect the brain waves of users for analysis. A bispectrum approach has been developed in this paper to enrich the data source and improve accuracy.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5642-5670
• /
• 2017

Antivirus is an important issue to the security of virtual machine (VM). According to where the antivirus system resides, the existing approaches can be categorized into three classes: internal approach, external approach and hybrid approach. However, for the internal approach, it is susceptible to attacks and may cause antivirus storm and rollback vulnerability problems. On the other hand, for the external approach, the antivirus systems built upon virtual machine introspection (VMI) technology cannot find and prohibit viruses promptly. Although the hybrid approach performs virus scanning out of the virtual machine, it is still vulnerable to attacks since it completely depends on the agent and hooks to deliver events in the guest operating system. To solve the aforementioned problems, based on in-memory signature scanning, we propose an agentless runtime antivirus system VirtAV, which scans each piece of binary codes to execute in guest VMs on the VMM side to detect and prevent viruses. As an external approach, VirtAV does not rely on any hooks or agents in the guest OS, and exposes no attack surface to the outside world, so it guarantees the security of itself to the greatest extent. In addition, it solves the antivirus storm problem and the rollback vulnerability problem in virtualization environment. We implemented a prototype based on Qemu/KVM hypervisor and ClamAV antivirus engine. Experimental results demonstrate that VirtAV is able to detect both user-level and kernel-level virus programs inside Windows and Linux guest, no matter whether they are packed or not. From the performance aspect, the overhead of VirtAV on guest performance is acceptable. Especially, VirtAV has little impact on the performance of common desktop applications, such as video playing, web browsing and Microsoft Office series.

• Journal of Korean Critical Care Nursing
• /
• v.10 no.1
• /
• pp.13-30
• /
• 2017

Purpose: The purpose of this study was to integrate the results of qualitative studies to understand critical care survivors' experience of the post-intensive care syndrome (PICS). Methods: This was a meta-synthesis of primary studies that used qualitative methods. We reviewed 26 qualitative studies on PICS selected from 8 international and Korean databases and from a manual search. Thomas and Harden's 3 stages (free coding, development of descriptive themes, generation of analytical themes) for thematic synthesis were utilized to analyze the collected qualitative data. Results: Four descriptive themes emerged from the thematic synthesis: weak physical conditions, psycho-emotional changes, the painful-memory of intensive care units, and social vulnerability. The analytical theme for the current study was "unfamiliarity with the vulnerable self." Critical care survivors had to confront entirely different "selves" after discharge from intensive care units. They had become physically weak, psychologically unstable, and the critical memories continued to create distress. These changes increased their social vulnerability by making them dependent on others, causing family conflicts, and changing interpersonal relationships. Conclusions: Finding from this qualitative synthesis and other related literature highlight the severity of PICS and the importance of rehabilitative intervention for critical care survivors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.691-705
• /
• 2012

Buffer overflow vulnerability is the most representative one that an attack method and its countermeasure is frequently developed and changed. This vulnerability is still one of the most critical threat since it was firstly introduced in middle of 1990s. Shellcode is a machine code which can be used in buffer overflow attack. Attackers make the shellcode for their own purposes and insert it into target host's memory space, then manipulate EIP(Extended Instruction Pointer) to intercept control flow of the target host system. Therefore, a lot of research to defend have been studied, and attackers also have done many research to bypass security measures designed for the shellcode defense. In this paper, we investigate shellcode defense and attack techniques briefly and we propose our new methodology which can hide shellcode in the 24bit BMP image. With this proposed technique, we can easily hide any shellcode executable and we can bypass the current detection and prevention techniques.

• Structural Engineering and Mechanics
• /
• v.81 no.6
• /
• pp.665-675
• /
• 2022

The safety problems of giant hydraulic structures such as dams caused by terrorist attacks, earthquakes, and wars often have an important impact on a country's economy and people's livelihood. For the national defense department, timely and effective assessment of damage to or impending damage to dams and other structures is an important issue related to the safety of people's lives and property. In the field of damage assessment and vulnerability analysis, it is usually necessary to give the damage assessment results within a few minutes to determine the physical damage (crack length, crater size, etc.) and functional damage (decreased power generation capacity, dam stability descent, etc.), so that other defense and security departments can take corresponding measures to control potential other hazards. Although traditional numerical calculation methods can accurately calculate the crack length and crater size under certain combat conditions, it usually takes a long time and is not suitable for rapid damage assessment. In order to solve similar problems, this article combines simulation calculation methods with machine learning technology interdisciplinary. First, the common concrete gravity dam shape was selected as the simulation calculation object, and XFEM (Extended Finite Element Method) was used to simulate and calculate 19 cracks with different initial positions. Then, an LSTM (Long-Short Term Memory) machine learning model was established. 15 crack paths were selected as the training set and others were set for test. At last, the LSTM model was trained by the training set, and the prediction results on the crack path were compared with the test set. The results show that this method can be used to predict the crack propagation path rapidly and accurately. In general, this article explores the application of machine learning related technologies in the field of mechanics. It has broad application prospects in the fields of damage assessment and vulnerability analysis.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.79-90
• /
• 2014

User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people' lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive unconscious, a set of mental processes incoming information and producing judgements and behaviors without our conscious awareness and within a second. Most people have joined up for various websites with a small number of IDs/PWs, because they relied on their memory for managing IDs/PWs. Human memory decays with the passing of time and knowledges in human memory tend to interfere with each other. For that reason, there is the potential for people to enter an invalid ID/PW. Therefore, these characteristics above mentioned regarding of user authentication with ID/PW can lead to human vulnerabilities: people use a few PWs for various websites, manage IDs/PWs depending on their memory, and enter ID/PW unconsciously. Based on the vulnerability of human factors, a variety of information leakage attacks such as phishing and pharming attacks have been increasing exponentially. In the past, information leakage attacks exploited vulnerabilities of hardware, operating system, software and so on. However, most of current attacks tend to exploit the vulnerabilities of the human factors. These attacks based on the vulnerability of the human factor are called social-engineering attacks. Recently, malicious social-engineering technique such as phishing and pharming attacks is one of the biggest security problems. Phishing is an attack of attempting to obtain valuable information such as ID/PW and pharming is an attack intended to steal personal data by redirecting a website's traffic to a fraudulent copy of a legitimate website. Screens of fraudulent copies used for both phishing and pharming attacks are almost identical to those of legitimate websites, and even the pharming can include the deceptive URL address. Therefore, without the supports of prevention and detection techniques such as vaccines and reputation system, it is difficult for users to determine intuitively whether the site is the phishing and pharming sites or legitimate site. The previous researches in terms of phishing and pharming attacks have mainly studied on technical solutions. In this paper, we focus on human behaviour when users are confronted by phishing and pharming attacks without knowing them. We conducted an attack experiment in order to find out how many IDs/PWs are leaked from pharming and phishing attack. We firstly configured the experimental settings in the same condition of phishing and pharming attacks and build a phishing site for the experiment. We then recruited 64 voluntary participants and asked them to log in our experimental site. For each participant, we conducted a questionnaire survey with regard to the experiment. Through the attack experiment and survey, we observed whether their password are leaked out when logging in the experimental phishing site, and how many different passwords are leaked among the total number of passwords of each participant. Consequently, we found out that most participants unconsciously logged in the site and the ID/PW management dependent on human memory caused the leakage of multiple passwords. The user should actively utilize repudiation systems and the service provider with online site should support prevention techniques that the user can intuitively determined whether the site is phishing.