公开(公告)号：US20180121660A1

公开(公告)日：2018-05-03

申请号：US15799807

申请日：2017-10-31

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Byeong-Cheol CHOI ,  Jong-Seop PARK ,  Jung-Chan NA ,  Seung-Hun JIN

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/034

Abstract: Disclosed herein are an apparatus and method for dynamic binary analysis on a hardware board. The method for dynamic binary analysis on a hardware board is performed using an apparatus for dynamic binary analysis on the hardware board, and includes generating information required for dynamic binary analysis based on information collected while interfacing with an embedded device, disassembling, by a software processing unit, the information required for dynamic binary analysis by receiving the information from a hardware processing unit while interfacing with the hardware processing unit, selecting a core platform of the embedded device based on results of the disassembly, and analyzing security vulnerabilities in the embedded device by performing dynamic binary analysis of the core platform.

公开(公告)号：US20160248591A1

公开(公告)日：2016-08-25

申请号：US15050133

申请日：2016-02-22

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Byeong-Cheol CHOI ,  Jung-Chan NA

IPC: H04L9/32 ,  H04L9/08 ,  G06F21/16 ,  H04L29/06

CPC classification number: G06F21/16 ,  G06F21/572 ,  H04L9/3242 ,  H04L2209/608

Abstract: Disclosed herein are a firmware watermarking method, firmware based on the method, and an apparatus for performing firmware watermarking, which can provide a basis for legally preparing for firmware modification attacks by embedding a watermark for original firmware in nonvolatile memory at the time of manufacturing embedded devices. The presented method is a firmware watermarking method performed by an apparatus for performing the firmware watermarking method, the method including generating an original watermark for firmware, and embedding the generated original watermark in the firmware.

Abstract translation: 这里公开的是固件水印方法，基于该方法的固件和用于执行固件水印的装置，其可以通过在制造嵌入时嵌入非易失性存储器中的原始固件的水印来提供用于固件修改攻击的合法准备的基础 设备。 所提出的方法是由用于执行固件水印方法的装置执行的固件水印方法，该方法包括生成用于固件的原始水印，以及将生成的原始水印嵌入到固件中。

公开(公告)号：US20160094517A1

公开(公告)日：2016-03-31

申请号：US14797562

申请日：2015-07-13

Applicant: Electronics and Telecommunications Research Institute

Inventor： Dong-Ho KANG ,  Byoung-Koo KIM ,  Jung-Chan NA ,  Hyun-Sook CHO

IPC: H04L29/06

CPC classification number: H04L63/0236 ,  H04L63/105 ,  H04L63/1425

Abstract: An apparatus and method for blocking abnormal communication are disclosed herein. The apparatus for blocking abnormal communication includes a packet collection unit, a packet analysis unit, and an access control unit. The packet collection unit collects a packet via a network device. The packet analysis unit generates a system rule, a communication flow rule, and a packet characteristic rule based on the packet from the packet collection unit. The access control unit determines whether to block the packet by determining whether the packet from the packet collection unit satisfies the system rule, the communication flow rule and the packet characteristic rule.

Abstract translation: 本文公开了一种用于阻止异常通信的装置和方法。 用于阻止异常通信的装置包括分组收集单元，分组分析单元和访问控制单元。 分组收集单元经由网络设备收集分组。 分组分析单元基于来自分组收集单元的分组生成系统规则，通信流规则和分组特征规则。 访问控制单元通过确定来自分组收集单元的分组是否满足系统规则，通信流规则和分组特征规则来确定是否阻止分组。

公开(公告)号：US20140298399A1

公开(公告)日：2014-10-02

申请号：US13927794

申请日：2013-06-26

Applicant: Electronics and Telecommunications Research Institute

Inventor： Youngjun HEO ,  Seon-Gyoung SOHN ,  Dong Ho KANG ,  Byoung-Koo KIM ,  Jung-Chan NA ,  Ik Kyun KIM

IPC: H04L29/06

CPC classification number: H04L63/1416

Abstract: An apparatus for detecting an abnormality sign in a control system, the control system comprising control equipments, network equipments, security equipments or server equipments, the apparatus includes an information collection module configured to collect system information, network information, security event information or transaction information in interworking with a control equipments, network equipments, security equipments or server equipments. The apparatus includes storage module that stores the information collected by the information collection module. The apparatus includes an abnormality detection module configured to analyze a correlation between the collected information and a prescribed security policy to detect whether there is an abnormality sign in the control system.

Abstract translation: 一种用于检测控制系统中的异常信号的装置，所述控制系统包括控制设备，网络设备，安全设备或服务器设备，所述设备包括：信息收集模块，用于收集系统信息，网络信息，安全事件信息或交易信息 与控制设备，网络设备，安全设备或服务器设备相互配合。 该装置包括存储由信息收集模块收集的信息的存储模块。 该装置包括：异常检测模块，被配置为分析所收集的信息与规定的安全策略之间的相关性，以检测控制系统中是否存在异常信号。