Joonun Jang (Samsung Research), Huy Kang Kim(Korea University)

Automated building greybox fuzzing environment for C/C++ library

Conference - ACSAC 2019 (https://www.acsac.org)

Tae Un Kang (kang1190 at daum.net) and Huy Kang Kim (cenda at korea.ac.kr)

We developed a data analysis program that can be used on all vehicle models.

This program make entry barriers of automotive security research lower.

Sun-Ho Ji and Huy Kang Kim

We propose a framework for effective hidden malware detection through an automated deobfuscation regardless of advanced obfuscation techniques with overriding JavaScript functions and a separate JavaScript interpreter through to improve jsunpack-n.

Sanghoon Jeon and Huy Kang Kim

Abstract

Owing to the advances in automated hacking and analysis technologies in recent years, numerous software security vulnerabilities have been announced. Software vulnerabilities are increasing rapidly, whereas methods to analyze and cope with them depend on manual analyses, which result in a slow response. In recent years, studies concerning the prediction of vulnerabilities or the detection of patterns of previous vulnerabilities have been conducted by applying deep learning algorithms in an automated vulnerability search based on source code. However, existing methods target only certain security vulnerabilities or make limited use of source code to compile information. Few studies have been conducted on methods that represent source code as an embedding vector. Thus, this study proposes a deep learning-based automated vulnerability analysis system (AutoVAS) that effectively represents source code as embedding vectors by using datasets from various projects in the National Vulnerability Database (NVD) and Software Assurance Reference Database (SARD). To evaluate AutoVAS, we present and share a dataset for deep learning models. Experimental results show that AutoVAS achieves a false negative rate (FNR) of 3.62%, a false positive rate (FPR) of 1.88%, and an F1-score of 96.11%, which represent lower FNR and FPR values than those achieved by other approaches. We further apply AutoVAS to nine open-source projects and detect eleven vulnerabilities, most of which are missed by the other approaches we experimented with. Notably, we discovered three zero-day vulnerabilities, two of which were patched after being informed by AutoVAS. The other vulnerability received the Common Vulnerabilities and Exposures (CVE) ID after being detected by AutoVAS.

Source code: https://github.com/kppw99/AutoVAS

Sanghoon Jeon and Huy Kang Kim

Abstract

As the game industry is moving from PC to smartphone platforms, security problems related to mobile games are becoming critical. Considering the characteristics of mobile games such as having short life-cycles and high communication costs, the server/network-side security technologies designed for PC games are not appropriate for mobile games. In this study, we propose TZMon, a client-side game protection mechanism based on the ARM TrustZone, which protects the confidentiality and integrity of mobile games. TZMon is composed of application integrity protocol, secure update protocol, data hiding protocol, and timer synchronization protocol. To adequately safeguard game codes and data, TZMon is designed considering an environment of frequent communications with the game server, a standalone operation environment, and an unreliable environment using a rooted OS. Furthermore, flexibility is provided to game application developers who apply security policies by using the Java Native Interface (JNI). In this study, we use Android and the Open Portable Trusted Execution Environment (OPTEE) as the OS platforms for Normal World and Secure World, respectively. After implementing a fullfeatured prototype of TZMon, we apply it to several open-source mobile games. We prove through the experiments that the application of the proposed TZMon does not cause any noticeable performance degradation and can detect major cheating techniques of mobile games.

Source code: https://github.com/kppw99/tzMon