• Title/Summary/Keyword: format string

Search Result 13, Processing Time 0.024 seconds

A Study on the Effect of Format String on Secure Programming in C Language (C언어에서 포맷 스트링이 프로그램 보안에 미치는 영향)

  • Lee, Hyung-Bong;Cha, Hong-Jun;Choi, Hyung-Jin
    • The KIPS Transactions:PartC
    • /
    • v.8C no.6
    • /
    • pp.693-702
    • /
    • 2001
  • One of the major characteristics of C language is that it allows us to use pointer type variables to access any area of virtual address space. So, we can read/write/execute from/to virtual memory area not controlled delicately by operating system. We can access such memory area by using format string and it can be a vulnerability of C language from the point of secure programming. In this paper, we analyze in detail the process of security attack based on format string and then exploit a new virus style attack which is stepwise and durable with some actual scenarios to warn the severity of it, and grope for some preliminary responding actions.

  • PDF

Storing and Retrieving Motion Capture Data based on Motion Capture Markup Language and Fuzzy Search (MCML 기반 모션캡처 데이터 저장 및 퍼지 기반 모션 검색 기법)

  • Lee, Sung-Joo;Chung, Hyun-Sook
    • Journal of the Korean Institute of Intelligent Systems
    • /
    • v.17 no.2
    • /
    • pp.270-275
    • /
    • 2007
  • Motion capture technology is widely used for manufacturing animation since it produces high quality character motion similar to the actual motion of the human body. However, motion capture has a significant weakness due to the lack of an industry wide standard for archiving and retrieving motion capture data. In this paper, we propose a framework to integrate, store and retrieve heterogeneous motion capture data files effectively. We define a standard format for integrating different motion capture file formats. Our standard format is called MCML (Motion Capture Markup Language). It is a markup language based on XML (eXtensible Markup Language). The purpose of MCML is not only to facilitate the conversion or integration of different formats, but also to allow for greater reusability of motion capture data, through the construction of a motion database storing the MCML documents. We propose a fuzzy string searching method to retrieve certain MCML documents including strings approximately matched with keywords. The method can be used to retrieve desired series of frames included in MCML documents not entire MCML documents.

Improvement of Runtime Intrusion Prevention Evaluator (RIPE) (실행시간 침입 방지 평가 프로그램(RIPE)의 개선)

  • Lee, Hyungyu;Lee, Damho;Kim, Taehwan;Cho, Donghwang;Lee, Sanghoon;Kim, Hoonkyu;Pyo, Changwoo
    • Journal of KIISE
    • /
    • v.42 no.8
    • /
    • pp.1049-1056
    • /
    • 2015
  • Runtime Intrusion Prevention Evaluator (RIPE), published in 2011, is a benchmark suite for evaluating mitigation techniques against 850 attack patterns using only buffer overflow. Since RIPE is built as a single process, defense and attack routines cannot help sharing process states and address space layouts when RIPE is tested. As a result, attack routines can access the memory space for defense routines without restriction. We separate RIPE into two independent processes of defense and attacks so that mitigations based on confidentiality such as address space layout randomization are properly evaluated. In addition, we add an execution mode to test robustness against brute force attacks. Finally, we extend RIPE by adding 38 attack forms to perform format string attacks and virtual table (vtable) hijacking attacks. The revised RIPE contributes to the diversification of attack patterns and precise evaluation of the effectiveness of mitigations.

Bidirectional LSTM based light-weighted malware detection model using Windows PE format binary data (윈도우 PE 포맷 바이너리 데이터를 활용한 Bidirectional LSTM 기반 경량 악성코드 탐지모델)

  • PARK, Kwang-Yun;LEE, Soo-Jin
    • Journal of Internet Computing and Services
    • /
    • v.23 no.1
    • /
    • pp.87-93
    • /
    • 2022
  • Since 99% of PCs operating in the defense domain use the Windows operating system, detection and response of Window-based malware is very important to keep the defense cyberspace safe. This paper proposes a model capable of detecting malware in a Windows PE (Portable Executable) format. The detection model was designed with an emphasis on rapid update of the training model to efficiently cope with rapidly increasing malware rather than the detection accuracy. Therefore, in order to improve the training speed, the detection model was designed based on a Bidirectional LSTM (Long Short Term Memory) network that can detect malware with minimal sequence data without complicated pre-processing. The experiment was conducted using the EMBER2018 dataset, As a result of training the model with feature sets consisting of three type of sequence data(Byte-Entropy Histogram, Byte Histogram, and String Distribution), accuracy of 90.79% was achieved. Meanwhile, it was confirmed that the training time was shortened to 1/4 compared to the existing detection model, enabling rapid update of the detection model to respond to new types of malware on the surge.

Function of the Korean String Indexing System for the Subject Catalog (주제목록을 위한 한국용어열색인 시스템의 기능)

  • Yoon Kooho
    • Journal of the Korean Society for Library and Information Science
    • /
    • v.15
    • /
    • pp.225-266
    • /
    • 1988
  • Various theories and techniques for the subject catalog have been developed since Charles Ammi Cutter first tried to formulate rules for the construction of subject headings in 1876. However, they do not seem to be appropriate to Korean language because the syntax and semantics of Korean language are different from those of English and other European languages. This study therefore attempts to develop a new Korean subject indexing system, namely Korean String Indexing System(KOSIS), in order to increase the use of subject catalogs. For this purpose, advantages and disadvantages between the classed subject catalog nd the alphabetical subject catalog, which are typical subject ca-alogs in libraries, are investigated, and most of remarkable subject indexing systems, in particular the PRECIS developed by the British National Bibliography, are reviewed and analysed. KOSIS is a string indexing based on purely the syntax and semantics of Korean language, even though considerable principles of PRECIS are applied to it. The outlines of KOSIS are as follows: 1) KOSIS is based on the fundamentals of natural language and an ingenious conjunction of human indexing skills and computer capabilities. 2) KOSIS is. 3 string indexing based on the 'principle of context-dependency.' A string of terms organized accoding to his principle shows remarkable affinity with certain patterns of words in ordinary discourse. From that point onward, natural language rather than classificatory terms become the basic model for indexing schemes. 3) KOSIS uses 24 role operators. One or more operators should be allocated to the index string, which is organized manually by the indexer's intellectual work, in order to establish the most explicit syntactic relationship of index terms. 4) Traditionally, a single -line entry format is used in which a subject heading or index entry is presented as a single sequence of words, consisting of the entry terms, plus, in some cases, an extra qualifying term or phrase. But KOSIS employs a two-line entry format which contains three basic positions for the production of index entries. The 'lead' serves as the user's access point, the 'display' contains those terms which are themselves context dependent on the lead, 'qualifier' sets the lead term into its wider context. 5) Each of the KOSIS entries is co-extensive with the initial subject statement prepared by the indexer, since it displays all the subject specificities. Compound terms are always presented in their natural language order. Inverted headings are not produced in KOSIS. Consequently, the precision ratio of information retrieval can be increased. 6) KOSIS uses 5 relational codes for the system of references among semantically related terms. Semantically related terms are handled by a different set of routines, leading to the production of 'See' and 'See also' references. 7) KOSIS was riginally developed for a classified catalog system which requires a subject index, that is an index -which 'trans-lates' subject index, that is, an index which 'translates' subjects expressed in natural language into the appropriate classification numbers. However, KOSIS can also be us d for a dictionary catalog system. Accordingly, KOSIS strings can be manipulated to produce either appropriate subject indexes for a classified catalog system, or acceptable subject headings for a dictionary catalog system. 8) KOSIS is able to maintain a constistency of index entries and cross references by means of a routine identification of the established index strings and reference system. For this purpose, an individual Subject Indicator Number and Reference Indicator Number is allocated to each new index strings and new index terms, respectively. can produce all the index entries, cross references, and authority cards by means of either manual or mechanical methods. Thus, detailed algorithms for the machine-production of various outputs are provided for the institutions which can use computer facilities.

  • PDF

Effective Highlighting Retrieval Results of Historical Documents (고전 문서의 효과적인 검색 결과 하이라이팅)

  • Jeong, Chang-Hoo;Choi, Yun-Soo;Kim, Kwang-Young;Seo, Jeong-Hyeon;Yoon, Hwa-Mook
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2006.11a
    • /
    • pp.543-546
    • /
    • 2006
  • In this paper, we introduce a method to effectively highlight retrieval results without impairing meaningful features after historical documents were digitized into XML format. Especially, making the best of the features of historical documents, we perform string matching for the highlighting. Also, considering the features of the XML document, we carry out various processes when highlighting tag is inserted.

  • PDF

XML Schema Model of Great Staff Music Score using the Integration Method (통합 방식을 이용한 대보표 악보의 XML 스키마 모델)

  • 김정희;곽호영
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.7 no.2
    • /
    • pp.302-313
    • /
    • 2003
  • Currently, DTD(Document Type Definition) Definition of Music score has been widely studied according to applications, and the methods of automatic transformation from defined DTD to XML Schema is in progress. In addition, studies of structure of DTD definition are focused on the expression of music information by individual format. In this paper, expression method of the music information by continuous string values is suggested using the fact that measure is basically a component of score, and XML Schema is also modelled. In addition, mechanism extracting the music information from XML instance which was expressed using the proposed method is presented. As a result, XML Schema taking the continuous string values could be defined, instance obtained by the proposed method results in increasing efficiency by simplicity of XPATH and reduction of search step compared to previous method. In addition, it is possible for human to make direct expression, and it is known that the instance size decreases.

A Proposal of the Olfactory Information Presentation Method and Its Application for Scent Generator Using Web Service

  • Kim, Jeong-Do;Byun, Hyung-Gi
    • Journal of Sensor Science and Technology
    • /
    • v.21 no.4
    • /
    • pp.249-255
    • /
    • 2012
  • Among the human senses, olfactory information still does not have a proper data presentation method unlike that regarding vision and auditory information. It makes presenting the sense of smell into multimedia information impossible, which may be an exploratory field in human computer interaction. In this paper, we propose an olfactory information presentation method, which is a way to use smell as multimedia information, and show an application for scent generation and odor display using a web service. The olfactory information can present smell characteristics such as intensity, persistence, hedonic tone, and odor description. The structure of data format based on olfactory information can also be organized according to data types such as integer, float, char, string, and bitmap. Furthermore, it can be used for data transmitting via a web service and for odor display using a scent generator. The scent generator, which can display information of smell, is developed to generate 6 odors using 6 aroma solutions and a diluted solution with 14 micro-valves and a micropump. Throughout the experiment, we confirm that the remote user can grasp information of smell transmitted by messenger service and request odor display to the computer controlled scent generator. It contributes to enlarge existing virtual reality and to be proposed as a standard reference method regarding olfactory information presentation for future multimedia technology.

A Passport Recognition and face Verification Using Enhanced fuzzy ART Based RBF Network and PCA Algorithm (개선된 퍼지 ART 기반 RBF 네트워크와 PCA 알고리즘을 이용한 여권 인식 및 얼굴 인증)

  • Kim Kwang-Baek
    • Journal of Intelligence and Information Systems
    • /
    • v.12 no.1
    • /
    • pp.17-31
    • /
    • 2006
  • In this paper, passport recognition and face verification methods which can automatically recognize passport codes and discriminate forgery passports to improve efficiency and systematic control of immigration management are proposed. Adjusting the slant is very important for recognition of characters and face verification since slanted passport images can bring various unwanted effects to the recognition of individual codes and faces. Therefore, after smearing the passport image, the longest extracted string of characters is selected. The angle adjustment can be conducted by using the slant of the straight and horizontal line that connects the center of thickness between left and right parts of the string. Extracting passport codes is done by Sobel operator, horizontal smearing, and 8-neighborhood contour tracking algorithm. The string of codes can be transformed into binary format by applying repeating binary method to the area of the extracted passport code strings. The string codes are restored by applying CDM mask to the binary string area and individual codes are extracted by 8-neighborhood contour tracking algerian. The proposed RBF network is applied to the middle layer of RBF network by using the fuzzy logic connection operator and proposing the enhanced fuzzy ART algorithm that dynamically controls the vigilance parameter. The face is authenticated by measuring the similarity between the feature vector of the facial image from the passport and feature vector of the facial image from the database that is constructed with PCA algorithm. After several tests using a forged passport and the passport with slanted images, the proposed method was proven to be effective in recognizing passport codes and verifying facial images.

  • PDF

A Study on Considerations in the Authority Control to Accommodate LRM Nomen (LRM 노멘을 수용하기 위한 전거제어시 고려사항에 관한 연구)

  • Lee, Mihwa
    • Journal of Korean Library and Information Science Society
    • /
    • v.52 no.1
    • /
    • pp.109-128
    • /
    • 2021
  • This paper is to explore considerations in authority control to accommodate LRM nomen entities through the literature reviews, the analysis of RDA rules, and the opinion survey of domestic catalog experts. As a result, for authority control, considerations were proposed in the aspect of nomen's attribute elements, catalog description, and MARC authority format. First, it is necessary to describe in as much detail as possible the category, the scheme, intended audience, the context of use, the reference source, the language, the script, the script conversion as the attributes of the nomen with the status of identification, note, and indifferentiated name indicators added in RDA. Second, the description method of attribute elements and relational elements of nomen can be unstructured, structured, identifier, and IRI as suggested in RDA, and vocabulary encoding scheme (VES) and string encoding scheme (SES) should be written for structured description, Also, cataloging rules for structuring authorized access points and preferred names/title should be established. Third, an additional expansion plan based on Maxwell's expansion (draft) was proposed in order to prepare the MARC 21 authority format to reflect the LRM nomen. (1) The attribute must be described in 4XX and 5XX so that the attribute can be entered for each nomen, and the attributes of the nomen to be described in 1XX, 5XX and 4XX are presented separately. (2) In order to describe the nomen category, language, script, script conversion, context of use, and date of usage as a nomen attribute, field and subfield in MARC 21 must be added. Accordingly, it was proposed to expand the subfield of 368, 381, and 377, and to add fields to describe the context of use and date of usage. The considerations in authority control for the LRM nomen proposed in this paper will be the basis for establishing an authority control plan that reflects LRM in Korea.