Digital Library[ Search Result ]

Search : [ author: Damho Lee ] (2)

Input Data Description using Stratified Context-Free Grammar

Taehwan Kim, Damho Lee, Hyunji Seo, Changwoo Pyo

http://doi.org/10.5626/JOK.2019.46.4.321

This paper defines Data Description Language (DDL) based on a context-free grammar that describes syntactic characteristics of input from multiple input files or devices. Each input file or device has its input description, which is connected to its upper-level input description to form a hierarchy. We also developed a method generating input data using DDL. To demonstrate DDL’s utility, we have compared our method with two others using the metrics of basic block coverage and input generation times. For 37 programs of Coreutils, our method generated valid input faster by O(103) times, and the coverage was higher by 25.44% than KLEE. Compared to the method of single context-free grammars, ours took 1.52 times, but basic block coverage was larger by 6.59%. Currently, we use DDL for generating regular input for dynamic control-flow analysis.

Improvement of Runtime Intrusion Prevention Evaluator (RIPE)

Hyungyu Lee, Damho Lee, Taehwan Kim, Donghwang Cho, Sanghoon Lee, Hoonkyu Kim, Changwoo Pyo

http://doi.org/

Runtime Intrusion Prevention Evaluator (RIPE), published in 2011, is a benchmark suite for evaluating mitigation techniques against 850 attack patterns using only buffer overflow. Since RIPE is built as a single process, defense and attack routines cannot help sharing process states and address space layouts when RIPE is tested. As a result, attack routines can access the memory space for defense routines without restriction. We separate RIPE into two independent processes of defense and attacks so that mitigations based on confidentiality such as address space layout randomization are properly evaluated. In addition, we add an execution mode to test robustness against brute force attacks. Finally, we extend RIPE by adding 38 attack forms to perform format string attacks and virtual table (vtable) hijacking attacks. The revised RIPE contributes to the diversification of attack patterns and precise evaluation of the effectiveness of mitigations.


Search




Journal of KIISE

  • ISSN : 2383-630X(Print)
  • ISSN : 2383-6296(Electronic)
  • KCI Accredited Journal

Editorial Office

  • Tel. +82-2-588-9240
  • Fax. +82-2-521-1352
  • E-mail. chwoo@kiise.or.kr