Browse > Article

Research on User Data Leakage Prevention through Memory Initialization  

Yang, Dae-Yeop (Graduate School of Information Security, Korea University)
Chung, Man-Hyun (Graduate School of Information Security, Korea University)
Cho, Jae-Ik (Graduate School of Information Security, Korea University)
Shon, Tae-Shik (Division of Information and Computer Engineering, Ajou University)
Moon, Jong-Sub (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Institute of Electronics Engineers of Korea TC / v.49, no.7, 2012 , pp. 71-79 More about this Journal
Abstract
As advances in computer technology, dissemination of smartphones and tablet PCs has increased and digital media has become easily accessible. The performance of computer hardware is improved and the form of hardware is changed, but basically the change in mechanism was not occurred. Typically, the data used in the program is resident in memory during the operation because of the operating system efficiency. So, these data in memory is accessible through the memory dumps or real-time memory analysis. The user's personal information or confidential data may be leaked by exploiting data; thus, the countermeasures should be provided. In this paper, we proposed the method that minimizes user's data leakage through finding the physical memory address of the process using virtual memory address, and initializing memory data of the process.
Keywords
Memory Dump; Memory Initialization; User Data Leakage Prevention;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Hargreaves, C., Chivers, H., , "Recovery of Encryption Keys from Memory Using a Linear Scan," Availability, Reliability and Security, Third International Conference, pp.1369-1376, Barcelona, Spain, March 2008.
2 Themida, http://www.oreans.com/themida.php
3 Windows ISV Software Security Defenses, http://msdn.microsoft.com/en-us/library/bb430720.aspx
4 한지성, 이상진, "라이브 포렌식을 위한 윈도우즈 물리 메모리 분석 도구", 정보보호학회논문지, 제21권, 제2호, 71-82쪽, 2011년 4월
5 이석희, 김현상, 이상진, 임종인, "윈도우 시스템에서 디지털 포렌식 관점의 메모리 정보 수집 및 분석 방법에 관한 고찰", 정보보호학회논문지, 제16권, 제1호, 2006년 2월
6 Harlan Carvey, windows forensic analysis 2/e, Syngress, pp.107, 2009.
7 B. Carrier, J. Grand, "A Hardware-based Memory Acquisition Procedure for Digital Investigations", Digital Investigation, Vol. 1, Issue 1, pp. 50-60, February 2004.   DOI   ScienceOn
8 WinDD, http://www.moonsols.com/windows-memory-toolkit.
9 MDD(Mantech's Memory DD), http://www.mantech.com/
10 Crash dump, http://support.microsoft.com/kb/927069
11 Forcing a System Crash from the Keyboard, http://msdn.microsoft.com/en-us/library/windows/hardware/ff545499(v=vs.85).aspx
12 VMWare, VMWare, Inc., http://www.vmware.com/
13 Brett Shavers, Virtual Forensics, A discussion of Virtual Machines Related to Forensics Analysis, http://www.forensicfocus.com/downloads/virtual-machines-forensics-analysis.pdf
14 Matthieu Suiche, Windows hibernation file for fun 'n' profit, http://www.blackhat.com/presentations/bh-usa-08/Suiche/BH_US_08_Suiche_Windows_hibernation.pdf
15 R.B. van Baar, W. Alink, A.R. van Ballegooij, Forensic memory analysis: Files mapped in memory, Digital Investigation, Volume 5, pp. S52-S57, Supplement, September 2008.   DOI
16 Brendan Dolan-Gavitt. "The VAD Tree: A Process-eye View of Physical Memory", Digital Investigation 4, pp.62-64, September 2007.   DOI
17 Wireshark, http://www.wireshark.org/