• 정보보호학회논문지
• /
• 제31권4호
• /
• pp.701-713
• /
• 2021

Race Condition은 둘 이상의 프로세스가 하나의 공통 자원에 대해 입력이나 조작이 동시에 일어나 의도치 않은 결과를 가져오는 취약점이다. 해당 취약점은 서비스 거부 또는 권한 상승과 같은 문제를 초래할 수 있다. 소프트웨어에서 취약점이 발생하면 관련된 정보를 문서화하지만 종종 취약점의 발생 원인을 밝히지 않거나 소스코드를 공개하지 않는 경우가 있다. 이런 경우, 취약점을 탐지하기 위해서는 바이너리 레벨에서의 분석이 필요하다. 본 논문은 UNIX 커널기반 File System의 Time-Of-Check Time-Of-Use (TOCTOU) Race Condition 취약점을 바이너리 레벨에서 탐지하는 것을 목표로 한다. 지금까지 해당 취약점에 대해 정적/동적 분석 기법의 다양한 탐지 기법이 연구되었다. 기존의 정적 분석을 이용한 취약점 탐지 도구는 소스코드의 분석을 통해 탐지하며, 바이너리 레벨에서 수행한 연구는 현재 거의 전무하다. 본 논문은 바이너리 정적 분석 도구인 Binary Analysis Platform (BAP)를 통해 Control Flow Graph, Call Graph 기반의 File System의 TOCTOU Race Condition 탐지 방법을 제안한다.

• Journal of Radiation Protection and Research
• /
• 제47권1호
• /
• pp.50-57
• /
• 2022

Background: There are several proton therapy facilities in operation or planned in Taiwan, and these facilities are anticipated to not only treat cancer but also provide beam services to the industry or academia. The simplified approach based on the Monte Carlo-based data sets (source terms and attenuation lengths) with the point-source line-of-sight approximation is friendly in the design stage of the proton therapy facilities because it is intuitive and easy to use. The purpose of this study is to expand the Monte Carlo-based data sets to allow the simplified approach to cover the application of proton beams more widely. Materials and Methods: In this work, the MCNP6 Monte Carlo code was used in three simulations to achieve the purpose, including the neutron yield calculation, Monte Carlo-based data sets generation, and dose assessment in simple cases to demonstrate the effectiveness of the generated data sets. Results and Discussion: The consistent comparison of the simplified approach and Monte Carlo simulation results show the effectiveness and advantage of applying the data set to a quick shielding design and conservative dose assessment for proton therapy facilities. Conclusion: This study has expanded the existing Monte Carlo-based data set to allow the simplified approach method to be used for dose assessment or shielding design for beam services in proton therapy facilities. It should be noted that the default model of the MCNP6 is no longer the Bertini model but the CEM (cascade-exciton model), therefore, the results of the simplified approach will be more conservative when it was used to do the double confirmation of the final shielding design.

• 정보보호학회논문지
• /
• 제31권4호
• /
• pp.687-699
• /
• 2021

프로그램에서 취약점이 발생하면 그에 대한 정보가 문서화되어 공개된다. 그러나 일부 취약점의 경우 발생한 원인과 그 소스코드를 공개하지 않는다. 이러한 정보가 없는 상황에서 취약점을 찾기 위해서는 바이너리 수준에서 코드를 분석해야 한다. 본 논문에서는 Out-of-bounds Read 취약점 유형을 바이너리 수준에서 찾는 것을 목표로 한다. 바이너리에서 취약점을 탐지하는 기존의 연구는 주로 동적 분석을 이용한 도구로 발표되었다. 동적 분석의 경우 프로그램 실행 정보를 바탕으로 취약점을 정확하게 탐지할 수 있지만, 모든 실행 경로를 탐지하지 못할 가능성이 있다. 모든 프로그램 경로를 분석하기 위해서는 정적 분석을 사용해야 한다. 기존의 정적 도구의 경우 소스코드 기반의 도구들이며, 바이너리에 수준의 정적 도구는 찾기 어렵다. 본 논문에서는 바이너리 정적 분석을 통해 취약점을 탐지하며, 메모리 구조를 모델링하는 방법으로 Heap, Stack, Global 영역의 취약점을 탐지한다. 실험 결과 기존의 탐지도구인 BAP_toolkit과 비교하였을 때 탐지 정확도 및 분석 시간에서 의미 있는 결과를 얻었다.

• 한국정보처리학회논문지
• /
• 제6권11S호
• /
• pp.3278-3288
• /
• 1999

This paper proposes a security platform, called SCAP(Security platform for CORBA based APplication), to cope with potential threats in a distributed object system. SCAP supports CORBA security specification announced by OMG. SCAP is comprised of four functional blocks, which co-work with ORB to provide security services: Authentication Block, Association Block, Access Control Block, and Security Information Management Block. It is designed to support Common Secure Interoperability Functionality Level 2, which is useful for large-scale intra-, or inter-network based applications. Actual security services, which are dependent on supporting security technology, will be provided as external security service for replace ability. Implementation issues such as how to simulate an interceptor mechanism using a commercial ORB product without source code, and how to extend Current object required for security services are also described. At the end of the paper, the SCAP applied to the web environment is described to show its practical utilization.

• 해양환경안전학회:학술대회논문집
• /
• 해양환경안전학회 2005년도 추계학술대회지
• /
• pp.91-110
• /
• 2005

Maritime terrorism at sea is the form of violent interference with shipping. Its global reach and negative impact on sea transportation, safety of navigation and marine environment, as well as the threat it poses to human lives and property, call for effective countermeasures at the international and national level at the same time. First, this paper gives a factual assessment of the phenomenon of maritime terrorism as well as a legal analysis of the international provisions to suppress such forms of violence at sea which is different from piracy. And also this paper attempts to address and identify issues relevant to the existing international regulations such as SUA Convention as the main source of international regulations applicable to acts of terrorism at sea, ISPS Code, PSI, etc. Finally this paper suggests the national countermeasures against maritime terrorism in light of above mentioned the definition, causes, types of maritime terrorism and concerning international regulations.

• 한국반도체및디스플레이장비학회:학술대회논문집
• /
• 한국반도체및디스플레이장비학회 2007년도 춘계학술대회
• /
• pp.281-286
• /
• 2007

Road traffic accidents kill more than one million people a year. ESCC represents a new device, that hasn't any analogue. This embedded system, heats the car glasses, when it's needed, that makes more safety driving. It's build on Atmega128L CPU, using high-performance EEPROM CPLD ATF1504AS. Source code was written in C language. Algorithm of work was written by dew-point table. This system is not only clearing the glass from condensation, but averts condensation. ESCC began working, when input information became close to dew-point table information. Thankful this device, field of view is more widely, that increase safety level.

• 한국생산제조학회지
• /
• 제19권2호
• /
• pp.288-294
• /
• 2010

In recent years, wind energy has been the world's fastest growing source of energy. This paper describes the structural design and analysis of composite blade for 2 kW-level HAWT (horizontal axis wind turbine). The aerodynamic design and force, which are required to design and analyze a composite blade structurally, are calculated through BEMT(blade element momentum theory) implemented in public code PROPID. To obtain the equivalent material properties of filament wound composite blades, the rule-of-mixture is applied using the basic material properties of fiber and matrix, respectively. Lay-up sequence, ply thickness and ply angle are designed to satisfy the loading conditions. Structural analysis by using commercial software ABAQUS is performed to compute the displacement and strength ratio of filament wound composite blades.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2016년도 추계학술발표대회
• /
• pp.455-458
• /
• 2016

소프트웨어의 재사용은 소프트웨어 개발의 품질과 생산성을 높이고 개발 비용을 절감할 수 있다. 소프트웨어 재사용을 위해서 가장 중요한 것은 소스 코드에서 재사용성이 높은 모듈을 추출하기 위해 모듈화에 적합한 소스 코드를 식별해야 한다. 이를 위해서 우리는 코드 가시화를 적용한다. 정량적 지표인 응집도 지표와 추출하여 코드의 복잡도와 재사용성을 판단한다. 본 논문에서는 객체 지향 패러다임에서 응집도를 재정의 하여 제안하고 모듈 단위를 메소드로 정의하여 모듈의 응집도를 추출한다. 이를 통해 모듈화가 가능한 코드의 재사용과 복잡한 코드의 리팩토링이 가능하도록 한다.

• International Journal of Naval Architecture and Ocean Engineering
• /
• 제5권3호
• /
• pp.392-403
• /
• 2013

For the analysis of radiating noise problems in medium-to-high frequency ranges, the Energy Flow Boundary Element Method (EFBEM) was developed. EFBEM is the analysis technique that applies the Boundary Element Method (BEM) to Energy Flow Analysis (EFA). The fundamental solutions representing spherical wave property for radiating noise problems in open field and considering the free surface effect in underwater are developed. Also the directivity factor is developed to express wave's directivity patterns in medium-to-high frequency ranges. Indirect EFBEM by using fundamental solutions and fictitious source was applied to open field and underwater noise problems successfully. Through numerical applications, the acoustic energy density distributions due to vibration of a simple plate model and a sphere model were compared with those of commercial code, and the comparison showed good agreement in the level and pattern of the energy density distributions.

• 한국원자력학회:학술대회논문집
• /
• 한국원자력학회 1996년도 춘계학술발표회논문집(4)
• /
• pp.51-56
• /
• 1996

In a NNP (Nuclear Power Plant) severe accident, radionuclides are dispersed into the air. The official regulatory institute, KINS (Korea Institute of Nuclear Safety), has been authorized and developing Computerized technical Advisory system for the Radiological Emergency preparedness (CARE). In this paper, in line with the CARE system, we presented the result of a modularized intermediate-level emergency dose assessment computer code. The RADCON (RADiological CONsequence analysis) version 3.0, which is operable on PC, is developed for simulating emergency situation by considering continuous washout phenomena, and provide a function of effective emergency planning. The source files are coded by using C language in order to increase the compatibility with the other computer system and modularized to adjust the functions and characteristics of each module fer easy understanding and further modification.