Input-Output Example-Guided Data Deobfuscation on Binary

Data obfuscation is usually used by malicious software to avoid detection and reverse analysis. When analyzing the malware, such obfuscations have to be removed to restore the program into an easier understandable form (deobfuscation). The deobfuscation based on program synthesis provides a good solution for treating the target program as a black box. Thus, deobfuscation becomes a problem of finding the shortest instruction sequence to synthesize a program with the same input-output behavior as the target program. Existing work has two limitations: assuming that obfuscated code snippets in the target program are known and using a stochastic search algorithm resulting in low efficiency. In this paper, we propose fine-grained obfuscation detection for locating obfuscated code snippets by machine learning. Besides, we also combine the program synthesis and a heuristic search algorithm of Nested Monte Carlo Search. We have applied a prototype implementation of our ideas to data obfuscation in different tools, including OLLVM and Tigress. Our experimental results suggest that this approach is highly effective in locating and deobfuscating the binaries with data obfuscation, with an accuracy of at least 90.34%. Compared with the state-of-the-art deobfuscation technique, our approach’s efficiency has increased by 75%, with the success rate increasing by 5%.

Constructing software countermeasures against instruction manipulation attacks: an approach based on vulnerability evaluation using fault simulator

Fault injection attacks (FIA), which cause information leakage by injecting intentional faults into the data or operations of devices, are one of the most powerful methods compromising the security of confidential data stored on these devices. Previous studies related to FIA report that attackers can skip instructions running on many devices through many means of fault injection. Most existing anti-FIA countermeasures on software are designed to secure against instruction skip (IS). On the other hand, recent studies report that attackers can use laser fault injection to manipulate instructions running on devices as they want. Although the previous studies have shown that instruction manipulation (IM) could attack the existing countermeasures against IS, no effective countermeasures against IM have been proposed. This paper is the first work tackling this problem, aiming to construct software-based countermeasures against IM faults. Evaluating program vulnerabilities to IM faults is required to consider countermeasures against IM faults. We propose three IM simulation environments for that aim and compare them to reveal their performance difference. GDB (GNU debugger)-based simulator that we newly propose in this paper outperforms the QEMU-based simulator that we presented in AICCSA:1–8, 2020 in advance, in terms of evaluation time at most $$\times$$ × 400 faster. Evaluating a target program using the proposed IM simulators reveals that the IM faults leading to attack successes are classified into four classes. We propose secure coding techniques as countermeasures against IMs of each four classes and show the effectiveness of the countermeasures using the IM simulators.

ROP Defense Using Trie Graph for System Security

Most Intrusion Detection Systems (IDS) / Intrusion Prevention Systems (IPS) cannot defend the attacks from a Return Oriented Program (ROP) which applies code reusing and exploiting techniques without the need for code injection. Malicious attackers chain a short sequence as a gadget and execute this gadget as an arbitrary (Turing-complete) behavior in the target program. Lots of ROP defense tools have been developed with satisfactory performance and low costs overhead, but malicious attackers can evade ROP tools. Therefore, it needs security researchers to continually improve existing ROP defense tools, because the defense ability of target devices, such as smartphones is weak, and such devices are being increasingly targeted. Our contribution in this paper is to propose an ROP defense method that has provided a better performance of defense against ROP attacks than existing ROP defense tools.

ROP Defense Using Trie Graph For System Security

Most Intrusion Detection Systems (IDS) / Intrusion Prevention Systems (IPS) cannot defend the attacks from a Return Oriented Program (ROP) which applies code reusing and exploiting techniques without the need for code injection. Malicious attackers chain a short sequence as a gadget and execute this gadget as an arbitrary (Turing-complete) behavior in the target program. Lots of ROP defense tools have been developed with satisfactory performance and low costs overhead, but malicious attackers can evade ROP tools. Therefore, it needs security researchers to continually improve existing ROP defense tools, because the defense ability of target devices, such as smartphones is weak, and such devices are being increasingly targeted. Our contribution in this paper is to propose an ROP defense method that has provided a better performance of defense against ROP attacks than existing ROP defense tools.

Current situation of “One Commune One Product” (OCOP) Program implementation in Vietnam

Vietnam has implemented the OCOP Program through the “One Commune One Product” initiative since 2006. This program, however, “bloomed” until 2018, thanks to the involvement of localities across the country. The OCOP Program aims at rural economic development and focuses on increasing internal strength and adding value to local products. Also, it is the solution and task in the implementation of the National Target Program on the New Rural Development. In this research, we are going to analyze the current situation of the OCOP Program implementation in Vietnam and from that, give some recommendations for enhancing the program's effectiveness.

The concept of land use and protection in modern conditions of social development of Ukraine

The crisis situation in the use of land resources in both agrarian and non-agrarian spheres of land use in Ukraine is stated. One of the main reasons for this situation is identified the lack of a perfect system of legal documents that would really regulate scientifically sound environmentally and economically acceptable land use. The concept of land use and protection in the conditions of development of the digital economy and society in Ukraine which can be used for development of the corresponding state target program is substantiated. The concept defines the guiding direction in the organization and implementation of processes of sustainable land use, protection of lands from depletion, degradation and pollution in market conditions with high priority of monitoring of land and land relations by automated information-analytical systems and remote sensing of the Earth. The principles and approaches to the development of the state target program of land use and protection are proposed. Options for solving the problem of ensuring the rational use and protection of land are outlined and analysed. The directions, ways, stages of realisation, innovative component and expected results and efficiency of execution of the state target program of use and protection of lands on the basis of the developed concept are defined. Keywords: land resources, rational use of land resources, land monitoring, land and soil protection measures

ReFuzz: A Remedy for Saturation in Coverage-Guided Fuzzing

Coverage-guided greybox fuzzing aims at generating random test inputs to trigger vulnerabilities in target programs while achieving high code coverage. In the process, the scale of testing gradually becomes larger and more complex, and eventually, the fuzzer runs into a saturation state where new vulnerabilities are hard to find. In this paper, we propose a fuzzer, ReFuzz, that acts as a complement to existing coverage-guided fuzzers and a remedy for saturation. This approach facilitates the generation of inputs that lead only to covered paths by omitting all other inputs, which is exactly the opposite of what existing fuzzers do. ReFuzz takes the test inputs generated from the regular saturated fuzzing process and continue to explore the target program with the goal of preserving the code coverage. The insight is that coverage-guided fuzzers tend to underplay already covered execution paths during fuzzing when seeking to reach new paths, causing covered paths to be examined insufficiently. In our experiments, ReFuzz discovered tens of new unique crashes that AFL failed to find, of which nine vulnerabilities were submitted and accepted to the CVE database.

Edukasi Literasi Keuangan Dan Pelatihan Komunikasi Terapeutik Di Stik Sint Carolus, Jakarta

ABSTRAK Mahasiswa lulusan kebidanan perlu dipersiapkan untuk terjun ke masyarakat dalam berbinis atau berkarier. Kebutuhan akan pemahaman literasi keuangan dan kemampuan berkomunikasi di tempat mereka akan bekerja sangat dibutuhkan. Karena itu kegiatan ini bertujuan mengedukasi literasi keuangan dan memberikan pelatihan komunikasi terapeutik. Target program ini adalah mahasiswa dan dosen STIK Sint Carolus berjumlah dua puluh orang. Melalui metode tutorial dan diskusi, peserta kegiatan ini menyambut baik dan antusias materi yang disajikan karena relevan dengan kebutuhan mereka saat ini dan masa depan. Mahasiswa mempunyai peluang karier yang besar untuk menjadi wirausahawan dalam bidang pengelolaan klinik kebidanan. Begitu pula mereka akan melayani pasien dan bekerja sama dengan sesama bidan atau dokter untuk menjadi bidan yang terampil. Kegiatan ini menunjukkan adanya minat peserta untuk memahami lebih dalam tentang literasi keuangan dan komunikasi terapeutik. Kata Kunci: Literasi Keuangan, Komunikasi Terapeutik, STIK Sint Carolus. ABSTRACT Students are an asset to be prepared to enter the workplace as a businessman or get the high career. The need for an understanding of financial literacy and the ability to communicate in their world of work is urgently needed. Therefore this activity aims to educate financial literacy and provide therapeutic training. The target of this program is twenty students and lecturers of STIK Sint Carolus. Through tutorial and discussion methods, participants in this activity welcomed and were enthusiastic about the material presented because it was relevant to their needs today and in the future. Students have great career opportunities to become entrepreneurs in the management of midwifery clinics. Likewise, they will serve patients and work together with peers or doctors to become professionals. This activity showed the participants' interest in understanding more deeply about financial literacy and therapeutic communication. Keywords: Financial Literacy, Therapeutic Communication, STIK Sint Carolus.

Formulasi Strategi Pembinaan Remaja Masjid Al-Falah Kelurahan Latsari Tuban

The problem examined by this study is how the process strategy planning in the founding of Islamic Youth of Al-Falah Mosque in Latsari Tuban and what the content of planning the founding strategy. The research aims to illustrate how the Islamic Youth of Al-Falah Mosque in Latsari Tuban does to prepare strategy planning in the founding of Islamic youth and also to find out the content of planning the founding strategy. To describe that two problems, researcher used a qualitative method with case study. The data was dig deep with interview techniques, observation, and documentation. The research provided the following results. First, in strategy planning process, the Islamic Youth of Al-Falah Mosque used external analysis, then formulated vision for the next five years, discussion with core functionaries, then rediscuss to all of organization’s devisions and praying together. Second, the design of Islamic Youth founding strategy was that there was a formulation of a target program of activities, measuring activity program’s and also developes the activity by adding new activity programs.

Pelatihan Pemasaran dan Produksi serta Pendistribusian Makanan di Masa Pandemi Covid-19 pada Usaha Waralaba Makanan di Wilayah Depok Jawa Barat

Dalam mencegah dan menangani kondisi dan dampak wabah Covid-19 di Indonesia, maka dipandang perlu menjaga ketersediaan pangan olahan yang berkualitas bagi masyarakat Indonesia. Dalam melaksanakan praktik pemasaran produksi, distribusi dan ritel pangan olahan, kami sebagai dosen memandang perlu melakukan pelatihan dan penyuluhan tentang pemasaran serta pencegahan penyebaran Covid-19 dan memastikan penerapan sesuai dengan panduan selama masa pandemik Covid-19.Diharapkan dengan diadakannya pelatihan ini, pelaku usaha dapat menerapkan dengan baik sehingga dapat mencegah penyebaran Covid-19, dan penjaminan keamanan dan mutu pangan olahan dapat terus ditingkatkan Pengabdian kepada masyarakat yang akan dilaksanakan fokus pada pelaku usaha waralaba Rafiza Fried Chiken yang tersebar di wilayah Depok Jawa Barat sebagai target program dengan tujuan agar pelaku usaha UMKM mendapatkan pemahaman mengenai pelatihan pemasaran, pengolahan dan pendistribusian makanan yang aman dan berkualitas, sehingga pemahaman tersebut dapat diterapkan dalam kegiatan usaha serta dapat memperbaiki kualitas usaha yang sedang dijalankan.