Korea Internet & Security Agency

Soo Jin Yoon

Tae Eun Kim

Jee Soo Jurn

Hwan Kuk Kim

Geon Bae Na

Sang Hwan Oh

Han Chul Bae

Hwan Mook Kim

Dae Il Jang

Jong Ki Kim

Woung Jang

Jong Hun Jung

Hyun Rok Choo

There is provided a method of patching a binary having vulnerability which is performed by a computing device. The method comprises loading a first binary to be patched, into a memory, generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary, executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.

Method and apparatus for patching binary having vulnerability

Provided are a method and a system capable of efficiently detecting security vulnerability of program. The method includes: generating binary information including route information indicating an execution route of a program on a first test case; acquiring first crash information including the first test case and the route information when a crash of the first test case occurs; restoring a control flow graph based on the binary information; calculating complexity of the restored control flow graph; determining whether the complexity is less than a threshold value; only when a result of the determination indicates that the complexity is less than a threshold value, performing: executing a route detection on the route information; generating a second test case by executing the route detection; and acquiring a second crash information including the second test case and the route information.

Method for automatically detecting security vulnerability based on hybrid fuzzing, and apparatus thereof

Provided are a method and a system capable of efficiently detecting security vulnerability of program. The system for detecting the security vulnerability according to an embodiment of the present invention includes a vulnerability detecting module that acquires crash information, a binary analysis module that determines priority of binary information and whether to execute the route detection, and a route detecting module that executes the route detection to generate a new test case.

Provided are a binary vulnerability analysis method performed by a computing device is provided, and the binary vulnerability analysis method includes a primary execution step of recording a symbolic constraint of a vulnerability associated with an execution flow path causing a crash to a target binary to be analyzed and a suspicious element on the execution flow path by performing taint analysis through a primary execution of the target binary; and a secondary execution step of performing a secondary execution, which is a symbolic execution, on the execution flow path and, if an instruction satisfying the symbolic constraint is found, determining that the vulnerability exists in the target binary by comparing the suspicious element and the found instruction.

Method and apparatus for identifying security vulnerability in binary and location of cause of security vulnerability

Provided are an apparatus, a system and a method for detecting and preventing malicious scripts. The apparatus for detecting and preventing malicious scripts includes a signature management unit managing a first signature including code pattern information of previously-detected malicious scripts, a script analysis unit receiving the first signature from the signature management unit and analyzing a first script, which is included in a web page, using the first signature, and a script processing unit receiving analysis result data from the script analysis unit and processing the first script according to the analysis result data.

Apparatus, system and method for detecting and preventing malicious scripts using code pattern-based static analysis and API flow-based dynamic analysis

Growing community of inventors

Naju-si, South Korea

Soo Jin Yoon