公开(公告)号：US20210174607A1

公开(公告)日：2021-06-10

申请号：US16952856

申请日：2020-11-19

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hong-Il JU ,  Dong-Wook KANG ,  Dae-Won KIM ,  Sang-Woo LEE ,  Jin-Yong LEE ,  Boo-Sun JEON ,  Bo-Heung CHUNG ,  Byeong-Cheol CHOI ,  Joong-Yong CHOI

IPC: G07C5/00 ,  G06F21/64 ,  H04L9/30 ,  H04L9/32 ,  H04L9/08 ,  G07C5/08 ,  B60S5/00

Abstract: Disclosed herein are a method for replacing vehicle parts using an in-vehicle network based on an automotive Ethernet and a system for the same. The method is configured such that a vehicle diagnosis module included in a vehicle performs vehicle self-diagnosis, such that the vehicle and a vehicle manufacturer server perform an authentication process for a new part when a vehicle part is replaced based on a vehicle part replacement agreement procedure between the terminal of a vehicle owner and the maintenance terminal of a vehicle maintenance company, and such that the terminal of the vehicle owner checks whether replacement of the vehicle part is performed normally by requesting an integrity check result from each of the vehicle and the vehicle manufacturer server when the maintenance terminal transmits a part replacement completion message to the terminal of the vehicle owner after completion of the authentication process.

公开(公告)号：US20140297998A1

公开(公告)日：2014-10-02

申请号：US14142458

申请日：2013-12-27

Applicant: Electronics and Telecommunications Research Institute

Inventor： Dong-Wook KANG

IPC: G06F9/44 ,  G06F9/455

CPC classification number: G06F9/4401 ,  G06F9/4406 ,  G06F9/45533 ,  G06F9/45558 ,  G06F2009/45575

Abstract: The present invention relates to a memory virtualization-based snapshot boot apparatus and method. The memory virtualization-based snapshot boot apparatus includes hardware unit including a processor, memory, and storage, the storage storing status information corresponding to an operating system, and a Virtual Machine Monitor (VMM) operated by the processor and configured to operate the operating system by loading the status information into the memory. In accordance with the present invention, technology for loading only a part of a snapshot image and booting a system is implemented using virtualization technology, thus shortening the booting time of the system.

Abstract translation: 本发明涉及基于存储器虚拟化的快照启动装置和方法。 基于存储器虚拟化的快照引导装置包括包括处理器，存储器和存储器的硬件​​单元，与操作系统相对应的存储状态信息，以及由处理器操作的虚拟机监视器（VMM），并被配置为操作操作系统 通过将状态信息加载到存储器中。 根据本发明，使用虚拟化技术实现仅加载一部分快照图像和引导系统的技术，从而缩短系统的启动时间。

公开(公告)号：US20250165619A1

公开(公告)日：2025-05-22

申请号：US18919914

申请日：2024-10-18

Applicant: Electronics and Telecommunications Research Institute

Inventor： Gae-Il AN ,  Dong-Wook KANG ,  Hong-Il JU

IPC: G06F21/57

Abstract: Disclosed herein is a method for security performance evaluation for determining a defensive execution function. The method includes determining performance criteria data for a defensive execution function by performing static analysis of a protection target program, receiving a performance level specification for the defensive execution function, injecting the defensive execution function within a defensive execution function pool into the protection target program, injecting code for measuring the security performance of the defensive execution function into the protection target program, measuring the security performance data of the protection target program, and determining a combination of defensive execution functions within the defensive execution function pool based on the security performance data.

公开(公告)号：US20240160725A1

公开(公告)日：2024-05-16

申请号：US18349450

申请日：2023-07-10

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： GAE-IL AN ,  Dong-Wook KANG ,  HONG-IL JU

IPC: G06F21/54 ,  G06F21/55

CPC classification number: G06F21/54 ,  G06F21/554

Abstract: Disclosed herein are an apparatus and method for injecting control flow integrity security code based on a location. The apparatus identifies an indirect function call in input program code, generates indirect function call location information by analyzing the identified indirect function call, and injects control flow integrity security code into the program code using the generated indirect function call location information.

公开(公告)号：US20240134790A1

公开(公告)日：2024-04-25

申请号：US18363285

申请日：2023-07-31

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Dong-Wook KANG ,  Gae-Il AN ,  Hong-Il JU

IPC: G06F12/02

CPC classification number: G06F12/0253 ,  G06F2212/7205

Abstract: Disclosed herein are a garbage collection method and apparatus. The garbage collection method includes when an area dynamically allocated through a malloc( ) function or a new operator of a standard C library is deallocated through a free( ) function or a delete operator, inserting the deallocated area into a quarantine list, recording a base address and an end address of each of areas inserted into the quarantine list in a CSR_quarantined_chunks register, finding a physical address of a memory page used by a processor and searching data in the memory page for a value included in a quarantined area of the CSR_quarantined_chunks register, when a value included in the quarantined area is not present, setting a state flag bit of the register to 0, and deleting an area which the state flag bit is 0 from the quarantine list, and inserting the area into a free list.

公开(公告)号：US20220269777A1

公开(公告)日：2022-08-25

申请号：US17518373

申请日：2021-11-03

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Dong-Wook KANG ,  Dae-Won KIM ,  Ik-Kyun KIM ,  Sang-Su LEE ,  Jin-Yong LEE ,  Byeong-Cheol CHOI ,  Yong-Je CHOI

IPC: G06F21/54 ,  G06F21/55 ,  G06F9/30

Abstract: Disclosed herein are an apparatus and method for detecting violation of control flow integrity. The apparatus includes memory for storing a program and a processor for executing the program, wherein the processor multiple branch identifier registers to which identifiers of branch targets are written, a set branch identifier instruction configured to command an identifier of a branch target to be written to a branch identifier register at a predetermined sequence number, among the multiple branch identifier registers, and a check branch identifier instruction configured to command a signal indicating detection of a control flow hijacking attack to be issued based on whether a value written to the branch identifier register at the predetermined sequence number is identical to a value of an identifier of a branch target at the predetermined sequence number, wherein the program detects whether a control flow is hijacked based on the multiple branch identifier registers.

公开(公告)号：US20210185070A1

公开(公告)日：2021-06-17

申请号：US17118090

申请日：2020-12-10

Applicant: Electronics and Telecommunications Research Institute

Inventor： Boo-Sun JEON ,  Dong-Wook KANG ,  Dae-Won KIM ,  Sang-Woo LEE ,  Jin-Yong LEE ,  Bo-Heung CHUNG ,  Hong-Il JU ,  Byeong-Cheol CHOI ,  Joong-Yong CHOI

IPC: H04L29/06 ,  G06N20/00 ,  H04L12/66 ,  H04L29/08

Abstract: Disclosed herein are a lightweight intrusion detection method and apparatus for a vehicle network. The lightweight intrusion detection method may include collecting Ethernet packets from a domain gateway of a vehicle that provides a mirroring port, performing a primary intrusion detection check on the Ethernet packets using a rule-based intrusion detection technique, and performing a secondary intrusion detection check on the Ethernet packets using a machine learning-based intrusion detection technique when no intrusion attack is detected as a result of the primary intrusion detection check.