Filters








10 Hits in 0.72 sec

libmpk: Software Abstraction for Intel Memory Protection Keys [article]

Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, Taesoo Kim
2018 arXiv   pre-print
Intel memory protection keys (MPK) is a new hardware feature to support thread-local permission control on groups of pages without requiring modification of page tables. Unfortunately, its current hardware implementation and software supports suffer from security, scalability, and semantic-gap problems: (1) MPK is vulnerable to protection-key-use-after-free and protection-key corruption; (2) MPK does not scale due to hardware limitations; and (3) MPK is not perfectly compatible with mprotect()
more » ... le with mprotect() because it does not support permission synchronization across threads. In this paper, we propose libmpk, a software abstraction for MPK. libmpk virtualizes protection keys to eliminate the protection-key-use-after-free and protection-key corruption problems while supporting a tremendous number of memory page groups. libmpk also prevents unauthorized writes to its metadata and supports inter-thread key synchronization. We apply libmpk to three real-world applications: OpenSSL, JavaScript JIT compiler, and Memcached for memory protection and isolation. An evaluation shows that libmpk introduces negligible performance overhead (<1%) compared with insecure versions, and improves their performance by 8.1x over secure equivalents using mprotect(). The source code of libmpk will be publicly available and maintained as an open source project.
arXiv:1811.07276v1 fatcat:gsewvmrnubegfeuvotsgmovday

Vigilare

Hyungon Moon, Hojoon Lee, Jihoon Lee, Kihwan Kim, Yunheung Paek, Brent Byunghoon Kang
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
In this paper, we present Vigilare system, a kernel integrity monitor that is architected to snoop the bus traffic of the host system from a separate independent hardware. This snoop-based monitoring enabled by the Vigilare system, overcomes the limitations of the snapshot-based monitoring employed in previous kernel integrity monitoring solutions. Being based on inspecting snapshots collected over a certain interval, the previous hardware-based monitoring solutions cannot detect transient
more » ... tect transient attacks that can occur in between snapshots. We implemented a prototype of the Vigilare system on Gaisler's grlib-based system-on-a-chip (SoC) by adding Snooper hardware connections module to the host system for bus snooping. To evaluate the benefit of snoopbased monitoring, we also implemented similar SoC with a snapshot-based monitor to be compared with. The Vigilare system detected all the transient attacks without performance degradation while the snapshot-based monitor could not detect all the attacks and induced considerable performance degradation as much as 10% in our tuned STREAM benchmark test.
doi:10.1145/2382196.2382202 dblp:conf/ccs/MoonLLKPK12 fatcat:gc7gf72yazg5hctm2d2dzjft5m

HDFI: Hardware-Assisted Data-Flow Isolation

Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, Yunheung Paek
2016 2016 IEEE Symposium on Security and Privacy (SP)  
Memory corruption vulnerabilities are the root cause of many modern attacks. Existing defense mechanisms are inadequate; in general, the software-based approaches are not efficient and the hardware-based approaches are not flexible. In this paper, we present hardware-assisted data-flow isolation, or, HDFI, a new fine-grained data isolation mechanism that is broadly applicable and very efficient. HDFI enforces isolation at the machine word granularity by virtually extending each memory unit with
more » ... ch memory unit with an additional tag that is defined by dataflow. This capability allows HDFI to enforce a variety of security models such as the Biba Integrity Model and the Bell-LaPadula Model. We implemented HDFI by extending the RISC-V instruction set architecture (ISA) and instantiating it on the Xilinx Zynq ZC706 evaluation board. We ran several benchmarks including the SPEC CINT 2000 benchmark suite. Evaluation results show that the performance overhead caused by our modification to the hardware is low (< 2%). We also developed or ported several security mechanisms to leverage HDFI, including stack protection, standard library enhancement, virtual function table protection, code pointer protection, kernel data protection, and information leak prevention. Our results show that HDFI is easy to use, imposes low performance overhead, and allows us to create more elegant and more secure solutions.
doi:10.1109/sp.2016.9 dblp:conf/sp/SongMAYLKLP16 fatcat:ludpja4munaybeq7owpvy5b2fq

Detecting and Preventing Kernel Rootkit Attacks with Bus Snooping

Hyungon Moon, Hojoon Lee, Ingoo Heo, Kihwan Kim, Yunheung Paek, Brent Byunghoon Kang
2017 IEEE Transactions on Dependable and Secure Computing  
Moon, I. Heo, and Y. Paek are with Seoul National University. • H. Lee, K. Kim and B. Kang are with Korea Advanced Institute of Technology. Fig. 7 . 7 Performance degradation due to each monitor.  ...  PLACE PHOTO HERE Hyungon Moon received B.S. degrees in Electrical Engineering and in Mathematical Science from Seoul National University, Korea, in 2010.  ... 
doi:10.1109/tdsc.2015.2443803 fatcat:mqiysvfngjdmfczs3mlqnxnuui

Efficient Kernel Integrity Monitor Design for Commodity Mobile Application Processors

Ingoo Heo, Daehee Jang, Hyungon Moon, Hansu Cho, Seungwook Lee, Brent Byunghoon Kang, Yunheung Paek
2015 JSTS Journal of Semiconductor Technology and Science  
To overcome the limitations, Moon et al. [8] propose Vigilare, a kernel integrity monitor that makes use of snooping techniques for detecting the transient attack with low performance overhead.  ... 
doi:10.5573/jsts.2015.15.1.048 fatcat:3bj2jw2ginfhrequwrfjacvxtm

Experimental Analysis on Hydroplaning Inhibition by Air Jetting Devices
공기 분사 장치에 의한 수막 형성 억제 특성 분석

Kwangsoo Ko, Jungwoo Moon, Hyungon Yoon, Simon Song
2015 Journal of the Korean Society of Visualization  
매년 장마철에는 수막현상으로 인한 교통사고가 빈번하게 발생한다. 본 연구는 수막 형성 억제를 위해 타이어 앞부분 에 설치되는 공기 분사 장치의 성능을 평가하는 것으로서, 공기 분사에 의한 수막 형성 억제를 모사할 수 있는 실험 장치를 제작하고, 수막 형성 억제 과정을 가시화하여 공기 분사 장치의 성능을 파악하고자 한다. 실험 변수로서 노즐의 형상 3가지와 수막에 대한 분사각 3가지에 대해 상세히 그 영향을 조사하였으며, 그 결과 분사각은 10도(지면에 대해서는 80도), 노즐 형상은 일자형일 때 수막 억제 효과가 가장 큰 것으로 파악되었다.
doi:10.5407/jksv.2015.13.2.033 fatcat:uyifcnanrnd3fmmv5xdm6ud3pu

KI-Mon ARM: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object

Hojoon Lee, Hyungon Moon, Ingoo Heo, Daehee Jang, Jinsoo Jang, Kihwan Kim, Yunheung Paek, Brent Kang
2017 IEEE Transactions on Dependable and Secure Computing  
Recently, in line with Copilot [29] , Moon et al. presented Vigilare [26] , which introduces the concept of snoop-based monitoring for static immutable regions of operating system kernels using SoC hardware  ... 
doi:10.1109/tdsc.2017.2679710 fatcat:hhbtwtvrrna3pizwhuoisx5gq4

Study on a Standardized Rockfall-Protection Fence for Various Rockfall Impact Energy using Finite Element Analysis

Hyungon Park, Hyunick Jang, Bumjoo Kim, Jiho Moon
2020 Journal of the Computational Structural Engineering Institute of Korea  
한국전산구조공학회 논문집 제33권 제5호(2020.10) 297 1. 서 론 대한민국은 국토의 절반이상이 산악지형이며 국토개발에 따른 자연사면을 변형시키는 빈도도 증가하고 있어 사면의 낙 석 발생 위험이 증가하고 있다(Kim et al., 2015a). 낙석에 따른 위험도를 감소시키기 위하여 낙석방지시설 설치가 늘어나고 있으며 이 중 낙석방지울타리는 전체 낙석방지시설의 약 20% 를 차지하고 있다(KICT, 1999). 낙석방지울타리는 낙석방지 시설 중 보호공법에 해당하며 낙석방지울타리 외에 보호공법 으로는 낙석방지망, 낙석방지옹벽, 피암터널이 있다. 국내의 낙석방지울타리는 12.5m의 높이에서 질량 400kg이 자유낙하할 때 발생하는 낙석에너지인 50kJ에 저항할 수 있도 록 제시되었다(MOLIT, 2008). 이러한 낙석방지울타리는 중간 및 단부지주, 와이어로프, 철망 및 간격유지대로 구성되어 있 으며 형태는 Fig. 1과 같다. 앞서 언급한 바와 같이 다양한 형태의 인공사면이
more » ... 바와 같이 다양한 형태의 인공사면이 증가하고 있으며 이에 따라 낙석방지울타리 설계를 위한 낙석에너지도 증가하고 있다. 예를 들어, Kim 등(2005)에 따르면 국내에서는 효과적인 낙석방호를 위하여는 낙석방지울타리의 에너지 흡 수 능력이 약 90kJ~100kJ이 필요하다고 보고하고 있다. 또한, Han 등(2016)은 국내 절토사면의 평균 낙석에너지가 약 100kJ 이라고 보고하고 있으며, 이에 상응하는 낙석방지울타리를 Abstract Korea has many mountainous regions, and slope collapse that can lead to damage in road facilities and loss of lives often occurs. Rockfall-protection facilities are necessary to reduce such damages. Among these facilities, the standard Korean rockfall-protection fence is designed to resist 50 kJ of rockfall impact energy. However, the range of rockfall energy significantly varies depending on the condition of the slope, and it sometimes reaches up to 100 kJ. Thus, providing several types of standardized rockfall-protection fence is necessary to address the different rockfall impact energy for efficient response to rockfalls. This paper presents a study on standardized rockfall-protection fence for various rockfall impact energy using finite-element analysis. According to the results, standardized rockfall-protection fences against rockfall impact energy of 30 and 100 kJ were proposed and have been verified.
doi:10.7734/coseik.2020.33.5.297 fatcat:lhm2n6riebe23aj2u2w3pggvee

A Kernel Rootkit Detection Approach Based on Virtualization and Machine Learning

Donghai Tian, Rui Ma, Xiaoqi Jia, Changzhen Hu
2019 IEEE Access  
Hyungon Moon et al. [18] utilize Snooper hardware for snoop-based kernel monitoring. Hojoon Lee et al. [16] propose a hardware-assisted event-triggered kernel monitoring mechanism.  ... 
doi:10.1109/access.2019.2928060 fatcat:472ejc5fvbftteyruf6vkggeh4

Natural hand interaction for augmented reality [article]

Thammathip Piumsomboon, University Of Canterbury
2015
By lowering the friction of the ground, user can play air hockey with virtual objects, using a hand or other tangible object as a mallet, or simulate an environment in space or on the moon.  ...  Thank you to my colleagues in the HITLab NZ who helped me with my publications (Gun, David, and Hyungon) along with other current and past HITLab NZ colleagues and staffs who have provided me with their  ... 
doi:10.26021/1571 fatcat:vexdpzysr5ez7fne6intpwvgwu