• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.4933-4956
• /
• 2016

Use-After-Free (UAF) is a common lethal form of software vulnerability. By using tools such as Web Browser Fuzzing, a large amount of samples containing UAF vulnerabilities can be generated. To evaluate the threat level of vulnerability or to patch the vulnerabilities, automatic deduplication and exploitability determination should be carried out for these samples. There are some problems existing in current methods, including inadequate pertinence, lack of depth and precision of analysis, high time cost, and low accuracy. In this paper, in terms of key dangling pointer and crash context, we analyze four properties of similar samples of UAF vulnerability, explore the method of extracting and calculate clustering eigenvalues from these samples, perform clustering by fast search and find of density peaks on a large number of vulnerability samples. Samples were divided into different UAF vulnerability categories according to the clustering results, and the exploitability of these UAF vulnerabilities was determined by observing the shape of class cluster. Experimental results showed that the approach was applicable to the deduplication and exploitability determination of a large amount of UAF vulnerability samples, with high accuracy and low performance cost.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.10
• /
• pp.6004-6013
• /
• 2014

The research on resource sharing in the diversification field is concerned mainly with sharing, but there has been little interest in resources. This research examined resource sharing with the main variables and logics of resource-based view. Based on a survey of 263 affiliates of 35 diversified firms, the impacts of resource quantity, resource quality, and resource exploitability on inter-affiliate resource sharing were hypothesized and verified. To confirm the performance implications of resource sharing, the impacts of the combination of resource quantity and resource sharing, the combination of resource quality and resource sharing, and the combination of resource exploitability and resource sharing on the affiliate performance were also hypothesized and verified. According to the empirical results from multiple regression analyses, resource sharing increases in the order of low resource quantity, high resource quality, and high resource exploitability. The performance was advanced in resource sharing under a low resource quantity and resource sharing under high resource exploitability, but it was not advanced in resource sharing under high resource quality. The results highlight the need for a further study on why the resource quality and resource exploitability affect resource sharing in the opposite directions, as expected in the hypotheses, why resource sharing under high resource quality does not lead to high performance, even though resource quality increases resource sharing, and what they would be if resources are subdivided by the types.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.9
• /
• pp.399-404
• /
• 2013

MSEC(Microsoft Security Engineering Center) performed fuzz testing Windows Vista with 350 million test cases for 14 months before launching it. They analyzed crashes resulted from the testing and developed crash analyzer !exploitable based on the data used to determine exploitability. In this paper, we describe how MS crash analyzer determines exploitability of crashes. Besides, we suggest an improvement to overcome the limitations found in the MS crash analyzer during the analysis.

• KIISE Transactions on Computing Practices
• /
• v.22 no.4
• /
• pp.178-183
• /
• 2016

To enhance the reliability of programs, developers use fuzzing tools in test processes to identify vulnerabilities so that they can be fixed ahead of time. In this case, the developers consider the security-related vulnerabilities to be the most critical ones that should be urgently fixed to avoid possible exploitation by attackers. However, developers without much experience of analysis of vulnerabilities usually rely on tools to pick out the security-related crashes from the normal crashes. In this paper, we suggest a static analysis-based tool to help developers to make their programs more reliable by identifying security-related crashes among them. This paper includes experimental results, and compares them to the results from MSEC !exploitable for the same sets of crashes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1079-1090
• /
• 2012

As the number of information asset and their vulnerabilities are increasing, it becomes more difficult for network security administrators to assess security vulnerability of their system and network. There are several researches for vulnerability analysis based on quantitative approach. However, most of them are based on experts' subjective evaluation or they require a lot of manual input for deriving quantitative assessment results. In this paper, we propose HRMS(Hacking and Response Measurement System) for enumerating attack path using automated vulnerability measurement automatically. HRMS can estimate exploitability of systems or applications based on their known vulnerability assessment metric, and enumerate attack path even though system, network and application's information are not fully given for vulnerability assessment. With this proposed method, system administrators can do proactive security vulnerability assessment.

• Journal of Information Processing Systems
• /
• v.13 no.4
• /
• pp.689-702
• /
• 2017

The Structured Query Language (SQL) Injection continues to be one of greatest security risks in the world according to the Open Web Application Security Project's (OWASP) [1] Top 10 Security vulnerabilities 2013. The ease of exploitability and severe impact puts this attack at the top. As the countermeasures become more sophisticated, SOL Injection Attacks also continue to evolve, thus thwarting the attempt to eliminate this attack completely. The vulnerable data is a source of worry for government and financial institutions. In this paper, a detailed survey of different types of SQL Injection and proposed methods and theories are presented, along with various tools and their efficiency in intercepting and preventing SQL attacks.

• Journal of Internet Computing and Services
• /
• v.20 no.4
• /
• pp.13-19
• /
• 2019

In order to register an application with Apple's App Store, it must pass a rigorous verification process through the Apple verification center. That's why spyware applications are difficult to get into the App Store. However, malicious code can also be executed through normal application vulnerabilities. To prevent such attacks, research is needed to detect and analyze early to patch potential vulnerabilities in applications. To prove a potential vulnerability, it is necessary to identify the root cause of the vulnerability and analyze the exploitability. A tool for analyzing iOS applications is the debugger named LLDB, which is built into Xcode, the development tool. There are various functions in the LLDB, and these functions are also available as APIs and are also available in Python. Therefore, in this paper, we propose a method to efficiently analyze potential vulnerabilities of iOS application by using LLDB API.

• Korean Journal of Ecology and Environment
• /
• v.33 no.4 s.92
• /
• pp.366-373
• /
• 2000

Toxin production and low digestibility of cyanobacteria are known to cause low exploitability of cyanobacteria by zooplankton. In this study, we compared relative tolerance and compatibility of zooplankton taxa in eight eutrophic lakes, exposed to frequent cyanobacterial blooms, uring the summer season of 1999. Microcystis, Anabaena, Oscillatoria and Phormidium were common cyanobacteria in all lakes. with relatively lower $NO_3-N$ concentration (<0.2 mgN/l) and TN/TP ratio (<20), compared with other lakes where colonial cyanobacteria dominated. Rotifers were dominant zooplankton in most lakes, and among them, Keratella, Polyarthra and Hexathra were common. The laboratory feeding experiment showed that relative copepods that greatly decreased (90%) after 4 day when cyanobacteria were used as the food source of zooplankton, while rotifers gradually increased with the change of dominant taxa from Keratella through Pompholyx to Monostyla. These results suggest that rotifers may be capable of coexisting with cyanobacteria by exploiting them for the food source.