公开(公告)号：US20240160725A1

公开(公告)日：2024-05-16

申请号：US18349450

申请日：2023-07-10

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： GAE-IL AN ,  Dong-Wook KANG ,  HONG-IL JU

IPC: G06F21/54 ,  G06F21/55

CPC classification number: G06F21/54 ,  G06F21/554

Abstract: Disclosed herein are an apparatus and method for injecting control flow integrity security code based on a location. The apparatus identifies an indirect function call in input program code, generates indirect function call location information by analyzing the identified indirect function call, and injects control flow integrity security code into the program code using the generated indirect function call location information.

公开(公告)号：US20220374525A1

公开(公告)日：2022-11-24

申请号：US17525604

申请日：2021-11-12

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： GAE-IL AN ,  Yang-Seo CHOI

IPC: G06F21/57 ,  G06N7/02 ,  G06F3/06

Abstract: Disclosed herein are an apparatus and a method for detecting a vulnerability to a nonvolatile memory attack. The apparatus for detecting a vulnerability to a nonvolatile memory attack includes memory for storing at least one program, and a processor for executing the program, wherein the program includes a fuzzer unit for sending a fuzzing message to fuzzing target software, a nonvolatile memory write control unit for, when a request to write data to a nonvolatile memory is received from the fuzzing target software, transferring nonvolatile memory write data to an attack vulnerability detection unit, and the attack vulnerability detection unit for, when the nonvolatile memory write data is received from the nonvolatile memory write control unit, searching for a vulnerability to a nonvolatile memory attack based on a result of determining whether the nonvolatile memory write data is normal based on a model pre-trained in a normal state.