Korea Internet & Security Agency

Hwan Kuk Kim

Tae Eun Kim

Jee Soo Jurn

Geon Bae Na

Soo Jin Yoon

Sang Hwan Oh

Dae Il Jang

Jong Ki Kim

Do Won Kim

Young Kwon Park

Seong Min Park

Hyung Jin Cho

Han Chul Bae

Jin Hyun Cho

Bo Min Choi

Eun Hye Ko

A method for identifying a type of a variable within a binary performed on a computing device is provided. The method comprises, identifying a variable from disassembly code of a binary, and determining a type of the variable based on an instruction of the disassembly code, associated with the variable.

Method and device for identifying type of variable in binary

There is provided a method of patching a binary having vulnerability which is performed by a computing device. The method comprises loading a first binary to be patched, into a memory, generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary, executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.

Method and apparatus for patching binary having vulnerability

Provided are methods of detecting a Diameter spoofing attack. According to an embodiment, the method comprises, obtaining a normal International Mobile Subscriber Identity (IMSI) from a packet of a Diameter S6a protocol transmitted from a Mobile Management Entity (MME) to a Home Subscriber Server (HSS) of a home network, adding a record comprising the normal IMSI to a session table, obtaining an Insert Subscriber Data Request (IDR) message of the Diameter S6a protocol and determining a category of the IDR message.

Method and apparatus for detecting diameter protocol IDR message spoofing attack in mobile communication network

Provided are a method and a system capable of efficiently detecting security vulnerability of program. The method includes: generating binary information including route information indicating an execution route of a program on a first test case; acquiring first crash information including the first test case and the route information when a crash of the first test case occurs; restoring a control flow graph based on the binary information; calculating complexity of the restored control flow graph; determining whether the complexity is less than a threshold value; only when a result of the determination indicates that the complexity is less than a threshold value, performing: executing a route detection on the route information; generating a second test case by executing the route detection; and acquiring a second crash information including the second test case and the route information.

Method for automatically detecting security vulnerability based on hybrid fuzzing, and apparatus thereof

Provided are a method and a system capable of efficiently detecting security vulnerability of program. The system for detecting the security vulnerability according to an embodiment of the present invention includes a vulnerability detecting module that acquires crash information, a binary analysis module that determines priority of binary information and whether to execute the route detection, and a route detecting module that executes the route detection to generate a new test case.

Provided are a binary vulnerability analysis method performed by a computing device is provided, and the binary vulnerability analysis method includes a primary execution step of recording a symbolic constraint of a vulnerability associated with an execution flow path causing a crash to a target binary to be analyzed and a suspicious element on the execution flow path by performing taint analysis through a primary execution of the target binary; and a secondary execution step of performing a secondary execution, which is a symbolic execution, on the execution flow path and, if an instruction satisfying the symbolic constraint is found, determining that the vulnerability exists in the target binary by comparing the suspicious element and the found instruction.

Growing community of inventors

Jeollanam-do, South Korea

Hwan Kuk Kim