• International Journal of Internet, Broadcasting and Communication
• /
• v.14 no.3
• /
• pp.17-21
• /
• 2022

In this study, we wanted to examine the new vulnerability 'Dirty Pipe' that is founded in Linux kernel. how it's exploited and what is the limitation, where it's existed, and overcome techniques and analysis of the Linux kernel package. The study of the method used the hmark[1] program to check the vulnerabilities. Hmark is a whitebox testing tool that helps to analyze the vulnerability based on static whitebox testing and automated verification. For this purpose of our study, we analyzed Linux kernel code that is downloaded from an open-source website. Then by analyzing the hmark tool results, we identified in which file of the kernel it exists, cvss level, statistically depicted vulnerabilities on graph which is easy to understand. Furthermore, we will talk about some software we can use to analyze a vulnerability and how hmark software works. In the case of the Dirty Pipe vulnerability in Linux allows non-privileged users to execute malicious code capable of a host of destructive actions including installing backdoors into the system, injecting code into scripts, altering binaries used by elevated programs, and creating unauthorized user profiles. This bug is being tracked as CVE-2022-0847 and has been termed "Dirty Pipe"[2] since it bears a close resemblance to Dirty Cow[3], and easily exploitable Linux vulnerability from 2016 which granted a bad actor an identical level of privileges and powers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.701-713
• /
• 2021

Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.6
• /
• pp.235-242
• /
• 2021

In this work, we develop a Korean dependency parser based on a stack-pointer network that consists of a pointer network and an internal stack. The parser has an encoder and decoder and builds a dependency tree for an input sentence in a depth-first manner. The encoder of the parser encodes an input sentence, and the decoder selects a child for the word at the top of the stack at each step. Since the parser has the internal stack where a search path is stored, the parser can utilize information of previously derived subtrees when selecting a child node. Previous studies used only a grandparent and the most recently visited sibling without considering a subtree structure. In this paper, we introduce graph attention networks that can represent a previously derived subtree. Then we modify our parser based on the stack-pointer network to utilize subtree information produced by the graph attention networks. After training the dependency parser using Sejong and Everyone's corpus, we evaluate the parser's performance. Experimental results show that the proposed parser achieves better performance than the previous approaches at sentence-level accuracies when adopting 2-depth graph attention networks.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06a
• /
• pp.104-106
• /
• 2012

소프트웨어 버스마크 (Software Birthmark)는 프로그램 실행 파일로부터 프로그램의 고유한 정보를 추출하는 기법이다. 프로그램의 도용을 판별하기 위해 바이너리로부터 버스마크를 추출하여 원본 프로그램과의 유사도를 측정하거나 악성 코드 탐지에 사용된다. 본 논문에서는 그래프 기반 바이너리 구조 매칭기법을 기반으로 한 버스마크를 제안한다. 제안 기법은 원본 프로그램과 대상 프로그램 사이에서 함수와 함수, 기본 블록과 기본 블록의 매칭 방법을 개선함으로써, 기존 기법에 비해 강인성(Resilience)이 향상된 버스마크를 추출한다.

• Proceedings of the IEEK Conference
• /
• 2004.06b
• /
• pp.553-556
• /
• 2004

In this paper, we present a new efficient multi-level hardware/software partitioning algorithm for system-on-a-chip design. Originally the multi-level partitioning algorithm are proposed to enhance the performance of previous iterative improvement partitioning algorithm for large scale circuits. But when designing very complex and heterogeneous SoCs, the HW/SW partitioning decision needs to be made prior to refining the system description. In this paper, we present a new method, based on multi-level algorithm, which can cover SoC design. The different variants of algorithm are evaluated by a randomly generated test graph. The experimental results on test graphs show improvement average $9.85\%$ and $8.51\%$ in total communication costs over FM and CLIP respectively.

• Journal of Korea Society of Industrial Information Systems
• /
• v.4 no.4
• /
• pp.25-31
• /
• 1999

This paper proposes an easy method to develope user interfaces for the GIS using local server automation In the developing stage of user interface the most important thing is to apply effective windows programming techniques and component software supporting techniques. This study shows an user interface developing method using the local server automation and Visual Basic programming. For a case study, the study constructs its user interface which performs map overlaying, referencing attribute tablet, graph analysis, drawing up of thematic amp.

• 한국IT서비스학회:학술대회논문집
• /
• 2008.11a
• /
• pp.337-340
• /
• 2008

To take the re-use of software, we need to study the efficient integration method of source programs. When the source programs are merged, it is required the steps of verification for any non-interference on non-identical parts of them. The traditional techniques of the program integration verify non-interference of source programs through the simple comparison of statements of source programs. We propose the efficient integration method using data flow analysis in the programs. A study comparing test results from the traditional method and the proposed method has found that the proposed method is more efficient than the traditional method.

• Journal of Information Processing Systems
• /
• v.14 no.2
• /
• pp.455-468
• /
• 2018

The concepts of graph theory are applied to model and analyze dynamics of computer networks, biochemical networks and, semantics of social networks. The analysis of dynamics of complex networks is important in order to determine the stability and performance of networked systems. The analysis of non-stationary and nonlinear complex networks requires the applications of ordinary differential equations (ODE). However, the process of resolving input excitation to the dynamic non-stationary networks is difficult without involving external functions. This paper proposes an analytical formulation for generating solutions of nonlinear network ODE systems with functional decomposition. Furthermore, the input excitations are analytically resolved in linearized dynamic networks. The stability condition of dynamic networks is determined. The proposed analytical framework is generalized in nature and does not require any domain or range constraints.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 1999.05a
• /
• pp.124-132
• /
• 1999

This paper proposes an easy method to develope user interfaces for the GIS using OLE automation. In the developing stage of user interface, the most important thing is to apply effective windows programming techniques and component software supporting techniques. This study shows an user interface developing method using the OLE automation and Visual Basic programming. For a case study, the study constructs its user interface which performs map overlaying, referencing attribute tables, graph analysis, drawing up of thematic map.

• Journal of the Korean Institute of Telematics and Electronics
• /
• v.24 no.4
• /
• pp.559-567
• /
• 1987

In this paper, the real time simulation of continuous dynamic system was performed by general integration algorithms using multiprocessor. For the stable simulation, the relation between stability of integration method and integration step-size was investigated from the stability graph. As a typical illustration, the real-time digital simulation and the real-time hard-ware-in-the-loop simulation of flight control system were performed and reviewed. Moreover through the real-time simulation, the design verification and performace test of flight control system could be evaluated. The computer used for simulation is AD10, which is a very high-speed special-purpose computer designed specifically for a time-critical simulation of large and complex models of dynamic systems. The simulation validity is demonstrated by comparing hardware simulation results with software simulation results.