국립중앙도서관 "우편 복사 서비스"로 연결 됩니다.
Since sensitive data (e.g., user credentials, biometric data, personal data, and digital contents) are typically used in an application, protecting such data is essential to store and manage them in a secure manner. Therefore, misuse of cryptography i...
다국어 입력
あ
ぁ
か
が
さ
ざ
た
だ
な
は
ば
ぱ
ま
や
ゃ
ら
わ
ゎ
ん
い
ぃ
き
ぎ
し
じ
ち
ぢ
に
ひ
び
ぴ
み
り
う
ぅ
く
ぐ
す
ず
つ
づ
っ
ぬ
ふ
ぶ
ぷ
む
ゆ
ゅ
る
え
ぇ
け
げ
せ
ぜ
て
で
ね
へ
べ
ぺ
め
れ
お
ぉ
こ
ご
そ
ぞ
と
ど
の
ほ
ぼ
ぽ
も
よ
ょ
ろ
を
ア
ァ
カ
サ
ザ
タ
ダ
ナ
ハ
バ
パ
マ
ヤ
ャ
ラ
ワ
ヮ
ン
イ
ィ
キ
ギ
シ
ジ
チ
ヂ
ニ
ヒ
ビ
ピ
ミ
リ
ウ
ゥ
ク
グ
ス
ズ
ツ
ヅ
ッ
ヌ
フ
ブ
プ
ム
ユ
ュ
ル
エ
ェ
ケ
ゲ
セ
ゼ
テ
デ
ヘ
ベ
ペ
メ
レ
オ
ォ
コ
ゴ
ソ
ゾ
ト
ド
ノ
ホ
ボ
ポ
モ
ヨ
ョ
ロ
ヲ
―
http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
예시)
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
А
Б
В
Г
Д
Е
Ё
Ж
З
И
Й
К
Л
М
Н
О
П
Р
С
Т
У
Ф
Х
Ц
Ч
Ш
Щ
Ъ
Ы
Ь
Э
Ю
Я
а
б
в
г
д
е
ё
ж
з
и
й
к
л
м
н
о
п
р
с
т
у
ф
х
ц
ч
ш
щ
ъ
ы
ь
э
ю
я
′
″
℃
Å
¢
£
¥
¤
℉
‰
$
%
F
₩
㎕
㎖
㎗
ℓ
㎘
㏄
㎣
㎤
㎥
㎦
㎙
㎚
㎛
㎜
㎝
㎞
㎟
㎠
㎡
㎢
㏊
㎍
㎎
㎏
㏏
㎈
㎉
㏈
㎧
㎨
㎰
㎱
㎲
㎳
㎴
㎵
㎶
㎷
㎸
㎹
㎀
㎁
㎂
㎃
㎄
㎺
㎻
㎽
㎾
㎿
㎐
㎑
㎒
㎓
㎔
Ω
㏀
㏁
㎊
㎋
㎌
㏖
㏅
㎭
㎮
㎯
㏛
㎩
㎪
㎫
㎬
㏝
㏐
㏓
㏃
㏉
㏜
㏆
RISS 인기검색어
Automated Cryptography Usage Analysis using Dynamic Taint Tracking = 동적 오염추적을 이용한 자동화된 암호 사용 분석
한글로보기https://www.riss.kr/link?id=T14911020
- 저자
-
발행사항
서울 : 성균관대학교 일반대학원, 2018
-
학위논문사항
학위논문(석사) -- 성균관대학교 일반대학원 , DMC공학과 , 2018. 8
-
발행연도
2018
-
작성언어
영어
- 주제어
-
발행국(도시)
서울
-
형태사항
56 ; 26 cm
-
일반주기명
지도교수: 김형식
-
UCI식별코드
I804:11040-000000141280
- DOI식별코드
-
소장기관
- 성균관대학교 중앙학술정보관
- 성균관대학교 중앙학술정보관
-
0
상세조회 -
0
다운로드
부가정보
다국어 초록 (Multilingual Abstract)
Since sensitive data (e.g., user credentials, biometric data, personal data, and digital contents) are typically used in an application, protecting such data is essential to store and manage them in a secure manner. Therefore, misuse of cryptography is becoming one of the most common issues in secure software development. However, it is not straightforward to analyze how sensitive data is protected well in a device.
In this paper, we propose a novel approach to track the entire flow of all sensitive data including input data and cryptographically transformed data by only executing binary using dynamic taint analysis.
We have developed a prototype system called CRAY (Crypto-RAY) and demonstrated that CRAY can analyze entire cryptography usages in runtime and detect four types of cryptographic misuses (e.g., Weak algorithm and weak option, Hardcoded key and IV, Insufficient iteration in PBKDF, and Leak without encryption). We also propose a method called tag-merge trace to solve the multi-tag limitation of the existing taint analysis. The performance experiment shows that CRAY can use a large number of taint tags to track a plenty of input data (e.g. binary image, file, socket, and stdin) without any significant runtime overhead, while the state-of-the-art taint tracking tool can only use a small number of taint tags due to memory consumption and performance slowdown.
목차 (Table of Contents)
- 1. Introduction 1
- 2. Related work 4
- 2.1. Static analysis 4
- 2.2. Dynamic analysis 5
- 3. Background 8
- 1. Introduction 1
- 2. Related work 4
- 2.1. Static analysis 4
- 2.2. Dynamic analysis 5
- 3. Background 8
- 3.1. Mistakes in cryptography usage 8
- 3.2. Limitations in previous approaches 10
- 4. Design 16
- 4.1. Architecture 17
- 4.2. Crypto API modeling 18
- 4.3. Data tracking in runtime 21
- 4.4. Multi-tag taint propagation 24
- 4.5. Data flow and cryptography usage analysis 27
- 5. Evaluation 31
- 5.1. Cryptographic misuse analysis 32
- 5.2. Performance 35
- 6. Conclusions 39
- 6.1. Limitations 39
- 6.2. Future work 40
- References 41
- Korean Abstract 44
분석정보
연관 공개강의(KOCW)
이 자료와 함께 이용한 RISS 자료
나만을 위한 추천자료
