• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.701-713
• /
• 2021

Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.

• Journal of Digital Convergence
• /
• v.13 no.3
• /
• pp.201-208
• /
• 2015

Recently computer, smart phone, medical devices, etc has become used in a variety of environments as the application fields of IT products have become diversification. Attack case of abuse of software security vulnerabilities is on the increase as the application fields of software have become diversification. Accordingly, secure coding program is of a varied but history management, updating, API module to be vulnerable to attack. Thus, this paper proposed a materialization of CMS linked system to enable check the vulnerability of the source code to content unit for secure software development, configuration management system that interwork on the transmission module. Implemented an efficient coding system secure way that departmentalized by the function of the program and by analyzing and applying secure coding standards.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.175-180
• /
• 2017

In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.

• The Journal of Society for e-Business Studies
• /
• v.16 no.2
• /
• pp.129-142
• /
• 2011

Traditionally research in Service Oriented Architecture(SOA) security has focused primarily on exploiting standards and solutions separately. There exists no unified methodology for SOA security to manage risks at the enterprise level. It needs to analyze preliminarily security threats and to manage enterprise risks by identifying vulnerabilities of SOA. In this paper, we propose a metric-based vulnerability assessment method using dynamic properties of services in SOA. The method is to assess vulnerability at the architecture level as well as the service level by measuring run-time dependency between services. The run-time dependency between services is an important characteristic to understand which services are affected by a vulnerable service. All services which directly or indirectly depend on the vulnerable service are exposed to the risk. Thus run-time dependency is a good indicator of vulnerability of SOA.

• Journal of Korea Multimedia Society
• /
• v.17 no.6
• /
• pp.706-715
• /
• 2014

It is used to lead to serious structural vulnerability of the system security of security-critical system when we have quickly developed software system according to urgent release schedule without appropriate security planning, management, and assurance processes. The Data Set and Provider of DataSnap, which is a middleware of Delphi XE2 of the Embarcadero Technologies Co., certainly help to develop an easy and fast-paced procedure, but it is difficult to apply security program and vulnerable to control software system security when the connection structure Database-DataSnap server-SQL Connection-SQL Data set-Provider is applied. This is due to that all kinds of information of Provider are exposed on the moment when DataSnap Server Port is sure to malicious attackers. This exposure becomes a window capable of running SQL Command. Thus, it should not be used Data Set and Provider in the DataSnap Server in consideration of all aspects of security management. In this paper, we study on the verification of the security vulnerabilities for Client and Server DataSnap in Dlephi XE2, and we propose a secure coding method to improve security vulnerability in the DataSnap server system.

• Earthquakes and Structures
• /
• v.12 no.2
• /
• pp.223-236
• /
• 2017

Seismic assessment and rehabilitation of Monumental Buildings constitute an important issue in many regions around the world to preserve cultural heritage. On the contrary, many recent earthquakes have demonstrated the high vulnerability of this type of structures. The high nonlinear masonry behaviour requires ad hoc refined finite element numerical models, whose complexity and computational costs are generally unsuitable for practical applications. For these reasons, several authors proposed simplified numerical strategies to be used in engineering practice. However, most of these alternative methods are oversimplified being based on the assumption of in-plane behaviour of masonry walls. Moreover, they cannot be used for modelling the monumental structures for which the interaction between plane and out-plane behaviour governs the structural response. Recently, an innovative discrete-modelling approach for the simulation of both in-plane and out of-plane response of masonry structures was proposed and applied to study several typologies of historic structures. In this paper the latter model is applied with reference to a real case study, and numerically compared with an advanced finite element modelling. The method is applied to the St.Venerio church in Reggiolo (Italy), damaged during the 2012 Emilia-Romagna earthquake and numerically investigated in the literature.

• Journal of the military operations research society of Korea
• /
• v.22 no.2
• /
• pp.166-181
• /
• 1996

Aircraft survivability is determined by the susceptibility and the vulnerability. The aircraft susceptibility and vulnerability depend upon the hardware and software factors. Each of the hardware and software factors consisted of the qualitative and quantitative attributes varies according to the time of the mission. In order to establish the mathermatical model to analyze and evaluate the aircraft survivability, qualitative factors have to be transformed into quantitative factors. Even if many researches in the area of dynamic concept analysis and conversion of qualitative factors into the quantitative factors has been insufficient. This research enhances these insufficient area by developing a reliable aircarft survivability analysis method. The major areas of this research are as follows. First, a method for the conversion of the qualitative factors into the quantitative factors is developed by combining the Fuzzy Set Theory concept and the Delphi Technique. Second, by using the stochastic network diagram for the dynamic survivability analysis, the aircraft survivability and the probability of kill are calculated from the state probability for the situation during mission. The advantage of the analysis technique developed in this research includes ease of use and flexibility. In other words, in any given aircraft's mission execution under any variable probability density function, the developed computer program is able to analyze and evaluate the aircraft survivability.

• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.257-262
• /
• 2015

The ministry of security and public administration provide the secure coding guide that can remove the vulnerability of applications and defend cyber attack from the coding step because cyber attack like the hacking about 75% abusing the vulnerability of applications. In this paper we find the oder of priority and did the criticality analysis used by AHP about 7 items in the secure coding which the ministry of security and public administration provide. The result is decided that 'exception handling' is the most important item. There is no secure coding items in software supervision currently, therefore the result of the research will make good use audit standards in the process of the software development.

• Structural Engineering and Mechanics
• /
• v.72 no.1
• /
• pp.83-97
• /
• 2019

In this research, the vulnerability of some reinforced concrete frames with different stories are studied based on the Park-Ang Damage Index. The damages of the frames are investigated under various earthquakes with nonlinear dynamic analysis in IDARC software. By examining the most important characteristics of earthquake parameters, the damage index and vulnerability of these frames are investigated in this software. The intensity of Erias, velocity spectral intensity (VSI) and peak ground velocity (PGV) had the highest correlation, and root mean square of displacement ($D_{rms}$) had the lowest correlation coefficient among the parameters. Then, the particle swarm optimization (PSO) algorithm was used, and the sinusoidal waves were equivalent to the used earthquakes according to the most influential parameters above. The damage index equivalent to these waves is estimated using nonlinear dynamics analysis. The comparison between the damages caused by earthquakes and equivalent sinusoidal waves is done too. The generations of sinusoidal waves equivalent to different earthquakes are generalized in some reinforced concrete frames. The equivalent sinusoidal wave method was exact enough because the greatest difference between the results of the main and artificial accelerator damage index was about 5 percent. Also sinusoidal waves were more consistent with the damage indices of the structures compared to the earthquake parameters.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.45-52
• /
• 2020

Traditional methods of detecting security vulnerabilities in source-code require a lot of time and effort. If there is good data, the issue could be solved by using the data with machine learning. Thus, this paper proposes a source-code vulnerability detection method based on machine learning. Our method employs the code2vec model that has been used to propose the names of methods, and uses as a data set, Juliet Test Suite that is a collection of common security vulnerabilities. The evaluation shows that our method has high precision of 97.3% and recall rates of 98.6%. And the result of detecting vulnerabilities in open source project shows hopeful potential. In addition, it is expected that further progress can be made through studies covering with vulnerabilities and languages not addressed here.