• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.392-395
• /
• 2015

인터넷 확산에 따라 소프트웨어의 보안 취약점을 이용한 공격이 커지고 있다. 이와 같은 공격을 방지하기 위해서는 응용프로그램을 사전에 보안 취약점을 분석하여 분석된 취약점에 대해서는 시큐어 코딩을 적용하여 취약한 코드를 개선해야한다. 본 논문에서는 보안취약점을 분석하기 위한 공개 정적분석도구를 활용하여 분석하고 취약점 유발 코드는 시큐어 코딩을 적용하여 소프트웨어 보안을 할 수 있게 적용하였다.

• The Journal of the Korea Contents Association
• /
• v.10 no.8
• /
• pp.111-118
• /
• 2010

The OSGi platform is a Java-based component platform that is being widely used from environments for the application development to enterprise software. The OSGi platform provides dynamic and transparent installation for open environments. However, it open new attacks so that many researches try to solve OSGi vulnerability. Security flaws in OSGi platform are categorized two parts: the JVM and the OSGi platform itself. We focus on vulnerability by OSGi platform itself, particularly service injection. We identify the service injection attack and suggest secure mechanisms to prevent the attack. Those mechanisms are implemented, providing a few modification to the Knopflerfish OSGi implementation and are evaluated through comparing with existing mechanisms.

• International journal of advanced smart convergence
• /
• v.8 no.4
• /
• pp.47-57
• /
• 2019

We examine the weaknesses of the existing OOXML-based MS-Word file structure, and analyze how data concealment and forgery are performed in MS-Word digital documents. In case of forgery by including hidden information in MS-Word digital document, there is no difference in opening the file with the MS-Word Processor. However, the computer system may be malfunctioned by malware or shell code hidden in the digital document. If a malicious image file or ZIP file is hidden in the document by using the structural vulnerability of the MS-Word document, it may be infected by ransomware that encrypts the entire file on the disk even if the MS-Word file is normally executed. Therefore, it is necessary to analyze forgery and alteration of digital document through internal structure analysis of MS-Word file. In this paper, we designed and implemented a mechanism to detect this efficiently and automatic detection software, and presented a method to proactively respond to attacks such as ransomware exploiting MS-Word security vulnerabilities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.727-738
• /
• 2015

Until recently, power analysis is one of the most popular research issues among various side channel analyses. Since Differential Power Analysis had been first proposed by Kocher et al., various practical power analyses correspond with software/hardware cryptographic devices have been proposed. In this paper, we analyze vulnerability of countermeasure against power analysis exploiting single power trace of public cryptographic algorithm. In ICICS 2010, Clavier et al. proposed Horizontal Correlation Analysis which can recover secret information from a single exponentiation trace and corresponding countermeasures. "Blind operands in LIM", one of their countermeasures, exploits additive blinding in order to prevent leakage of intermediate value related to secret information. However, this countermeasure has vulnerability of having power leakage that is dependant with the message known by an adversary. In this paper, we analyzed vulnerabilities by three attack scenarios and proved them by practical correlation power analysis experiments.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.202-209
• /
• 2023

Android malware is now on the rise, because of the rising interest in the Android operating system. Machine learning models may be used to classify unknown Android malware utilizing characteristics gathered from the dynamic and static analysis of an Android applications. Anti-virus software simply searches for the signs of the virus instance in a specific programme to detect it while scanning. Anti-virus software that competes with it keeps these in large databases and examines each file for all existing virus and malware signatures. The proposed model aims to provide a machine learning method that depend on the malware detection method for Android inability to detect malware apps and improve phone users' security and privacy. This system tracks numerous permission-based characteristics and events collected from Android apps and analyses them using a classifier model to determine whether the program is good ware or malware. This method used the machine learning techniques KNN-SVM, DBN, and GRU in which help to find the accuracy which gives the different values like KNN gives 87.20 percents accuracy, SVM gives 91.40 accuracy, Naive Bayes gives 85.10 and DBN-GRU Gives 97.90. Furthermore, in this paper, we simply employ standard machine learning techniques; but, in future work, we will attempt to improve those machine learning algorithms in order to develop a better detection algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1463-1474
• /
• 2018

Fuzzing is one of the software testing techniques that find security flaws by inputting invalid values or arbitrary values into the program and various methods have been suggested to increase the efficiency of such fuzzing. In this paper, focusing on the existence of field with high relevance to coverage and software crash, we propose a new method for intensively fuzzing corresponding field part while performing field based fuzzing. In this case, we use a deep learning model called Variational Autoencoder(VAE) to learn the statistical characteristic of input values measured in high coverage and it showed that the coverage of the regenerated files are uniformly higher than that of simple variation. It also showed that new crash could be found by learning the statistical characteristic of the files in which the crash occurred and applying the dropout during the regeneration. Experimental results showed that the coverage is about 10% higher than the files in the queue of the AFL fuzzing tool and in the Hwpviewer binary, we found two new crashes using two crashes that found at the initial fuzzing phase.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.87-95
• /
• 2019

The damage is increasing due to many encroachment accidents caused by increasingly sophisticated cyber attacks. Many institutions and businesses lack early response to invest a lot of resources in the infrastructure for incident detection. The initial response of an intrusion is to identify the route of attack, and many cyber attacks are targeted at software vulnerabilities. Therefore, analyzing the artifacts of a Windows system against software vulnerabilities and classifying the analyzed data can be utilized for rapid initial response. Therefore, the remaining artifacts upon entry of attacks by software are classified, and artifact grouping is presented for use in analysis of encroachment accidents.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.18 no.2
• /
• pp.144-155
• /
• 2019

One of the issues of the automotive industry today is autonomous driving vehicles. In order to achieve level 3 or higher as defined by SAE International, harmonization of autonomous driving technology and connected technology is essential. Current vehicles have new features such as autonomous driving, which not only increases the number of electrical components, but also the amount and complexity of software. As a result, the attack surface, which is the access point of attack, is widening, and software security vulnerabilities are also increasing. However, the reality is that the essential security requirements for vehicles are not defined. In this paper, based on real attacks and vulnerability cases and trends, we identify the assets in the in-vehicle network and derive the threats. We also defined the security requirements and derived essential security requirements that should be applied at least to the safety of the vehicle occupant through risk analysis.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.95-105
• /
• 2018

As the IT industry developed, the information held by the company soon became a corporate asset. As this information has value as an asset, the number and scale of various cyber attacks which targeting enterprises and institutions is increasing day by day. Therefore, research are being carried out to protect the assets from cyber attacks by using the attack graph to identify the possibility and risk of various attacks in advance and prepare countermeasures against the attacks. In the attack graph, security metric is used as a measure for determining the importance of each asset or the risk of an attack. This is a key element of the attack graph used as a criterion for determining which assets should be protected first or which attack path should be removed first. In this survey, we research trends of various security metrics used in attack graphs and classify the research according to application viewpoints, use of CVSS(Common Vulnerability Scoring System), and detail metrics. Furthermore, we discussed how to graft the latest security technologies, such as MTD(Moving Target Defense) or SDN(Software Defined Network), onto the attack graphs.

• The KIPS Transactions:PartC
• /
• v.15C no.2
• /
• pp.125-132
• /
• 2008

As the development of Internet technology, the number of IDs managed by each individuals has been increased. And many software development institutes have developed ID/PW management solutions to facilitate secure and convenient management of ID/PW. However, these solutions also can be vulnerable in case of administrator's password exposure. Thus, we need to derive security requirements from the vulnerability analysis of these solutions, also we need evaluation criteria for secure ID/PW management solution development. In this paper, we analyze the vulnerability of ID/PW management solution and propose the evaluation criteria for secure ID/PW management solution.