• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.189-194
• /
• 2009

Most of anti-virus programs detect and compare the signature of the malicious code to detect buffer overflow malicious code. Therefore most of anti-virus programs can't detect new or unknown malicious code. This paper introduces a new way to detect malicious code traces memory executable of essentials APIs by malicious code. To prove the usefulness of the technology, 7 sample codes were chosen for compared with other methods of 8 anti-virus programs. Through the simulation, It turns out that other anti-virus programs could detect only a limited portion of the code, because they were implemented just for detecting not heap areas but stack areas. But in other hand, I was able to confirm that the proposed technology is capable to detect the malicious code.

• Review of KIISC
• /
• v.11 no.6
• /
• pp.42-52
• /
• 2001

인터넷 기술의 발전은 정보화 사회로의 촉진이라는 측면 외에 사용 인구의 증가에 따라 해킹, 바이러스·악성 코드의 유포 등 그 역기능적인 측면이 점점 심각한 사회 문제로서 대두되고 있다. 현재 공개 운영체제로 각광 받고 있는 리눅스(Linux) 운영체제의 경우 운영체제 커널은 물론이거니와 관련 프로그램들에 대한 소스가 공개되어 단순한 기술 습득의 목적이 아닌 악의의 목적을 가진 사용자들에 의한 시스템 침해 사례가 빈번한 추세이다. 특히 이러한 시스템 침해 사례 중 프로그램 작성 과정의 오류 및 설계상 실수로 인한 버퍼 오버플로우(Buffer Overflow) 취약성을 이용한 공격은 해킹에 있어 큰 범주를 차지하고 있다. 따라서 본 논문에서는 버퍼 오버플로우 공격에 있어 그 기반이 되는 스택을 이용한 버퍼 오버플로우 및 스택 외에 힙과 같은 메모리 영역을 이용하는 공격 유형에 대하여 분석한다. 그 후 이러한 버퍼 오버플로우 공격 방지를 위한 메모리에서의 경계 검사 기법을 제안하고자 한다. 추후에는 본 논문에서 제안된 기법에 대한 실제 구현과 검증이 필요하다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.586-588
• /
• 2002

실행 시간 스택 프레임의 하단과 상단을 가리키는 프레임 포인터와 스택 포인터는 항상 일정한 대소 관계를 유지한다. 선형 스택 공격이 진행되면, 이관계가 반전된다. 이때 스택이 역위되었다고 한다. 본 논문은 x86프로세서 계열의 gcc 컴파일러에 스택 역위 탐지기능을 부여하여, 이 컴파일러를 사용하였을 때 실행 프로그램의 성능에 미치는 영향을 분석하였다.

• Knowledge Management Research
• /
• v.23 no.3
• /
• pp.1-22
• /
• 2022

This study aims to investigate the gamification effect of the badge awards, the most popular gamification process, on users participation behavior. This study also attempts to investigate the effect of tailored gamification, which designs the system of gamification differently based on users' characteristics, focusing on the level of online user information disclosure. For this, we collect and analyze data on 557 users and 1,048,020 answers from StackOverflow, an online Q&A community for developers. The results show that providing a badge is effective for increasing the amount of user participation, whereas providing a goal through the badge is partially effective for increasing the quality of participation. However, the moderating effect of whether users disclose their SNS information on the relationship between badge gaining and participation decrease is not statistically significant. For platform operators, our findings emphasize the importance of gamification design to enhance user engagement effectively.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.192-194
• /
• 2022

This paper analyzes the attack method of pastejacking and proposes a clip toaster that can effectively defend it. When programming, developers often copy and paste code from GitHub, Stack Overflow, or blogs. Pastejacking is an attack that injects malicious data into the clipboard when a user copies code posted on the web, resulting in security threats by executing malicious commands that the user does not intend or by inserting dangerous code snippets into the software. In this paper, we propose clip toaster to visualize and alertusers of threats to defend pastejacking that threatens the security of the developer's terminal and program code. Clip Toaster can visualize security threat notifications and effectively detect and respond to attacks without interfering with user actions.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.3
• /
• pp.54-68
• /
• 2011

As the prediction accuracy of conditional branch instruction is increased highly, the importance of prediction accuracy for unconditional branch instruction is also increased accordingly. Except the case of RAS(Return Address Stack) overflow, the prediction accuracy of function return address should be 100% theoretically. However, there exist some possibilities of miss-predictions for RAS return addresses, when miss-speculative execution paths are invalidated, in case of modern speculative microprocessor environments. In this paper, we propose the RAS rename technique to prevent RAS pollution, results in the reduction of RAS miss-prediction. We divide a RAS stack into a soft-stack and a hard-stack and we handle the instructions for speculative execution in the soft-stack. When some overwrites happen in the soft-stack, we move the soft-stack data into the hard-stack. In addition, we propose an enhanced version of RAS rename scheme. In simulation results, our solution provide 1/90 reduction of miss-prediction of function return address, results in up to 6.85% IPC improvement, compared to normal RAS method. Furthermore, it reduce miss-prediction ratio as 1/9, compared to previous technique.

• Journal of Information Technology Services
• /
• v.7 no.2
• /
• pp.127-135
• /
• 2008

The concept of preprocessing is widely used in various computer science area such as compiler and software engineering for the purpose of macro processing and optimization. In addition, preprocessing is also used in SAT solvers in order to eliminate redundant literals and clauses to speed up its solving time before searching the state space. However, there is an unexpected run-time error such as stack-overflow during this step, in case the size of a given set of clauses is huge which impedes SAT solvers. In this case, the preprocessing should be applied at the encoding time to optimize its size. In this paper this idea is applied to several Sudoku problems. As a result, significant improvements are obtained with respect to the number of variables and clauses as well as the solving time compared to the previous works.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2021.07a
• /
• pp.467-468
• /
• 2021

본 논문에서는 자료수집(데이터 크롤링)을 이용해 많은 채용정보를 쉽게 접근할 수 있도록 하는 시스템이다. 현재는 StackOverflow의 자료를 수집하고 데이터베이스에 자동으로 저장하도록 하였다. 수집해야 할 자료가 많아 Celery와 RabbitMQ를 사용하여 비동기 작업을 요청하여 즉시 응답을 받지 않아도 다른 일을 수행할 수 있다. 이렇게 수집한 자료들을 해당 사이트에 나열해줌으로 사용자들이 시간과 비용을 절감하여 효율적인 취업 준비를 할 수 있도록 하는 시스템을 설계 구현하였다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.5
• /
• pp.3121-3131
• /
• 2014

Vulnerabilities related to memory have been known as major threats to the security of a computer system. Actually, the number of attacks using memory vulnerability has been increased. Accordingly, various memory protection mechanisms have been studied and implemented on operating system while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as Return-Oriented Programing(ROP) and Jump-Oriented Programming(JOP) called Code Re-used attack to bypass the memory protection mechanism. Thus, in this paper, I analyzed code re-use attack techniques emerged recently among attacks related to memory, as well as analyzed various detection mechanisms proposed previously. Based on the results of the analyses, a mechanism that could detect various code re-use attacks on a binary level was proposed. In addition, it was verified through experiments that the proposed mechanism could detect code re-use attacks effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1069-1078
• /
• 2012

It is known that memory has been frequently a target threatening the computer system's security while attacks on the system utilizing the memory's weakness are actually increasing. Accordingly, various memory protection mechanisms have been studied on OS while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as attacks of Return to Library or Return-Oriented Programing and recently, a technique bypassing the countermeasure against Return-Oriented Programming proposed. Therefore, this paper is intended to suggest a detection mechanism at binary level by analyzing the procedure and features of Jump-Oriented Programming. In addition, we have implemented the proposed detection mechanism and experimented it may efficiently detect Jump-Oriented Programming attack.