[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3745/JIPS.03.0165

Security Improvement of File System Filter Driver in Windows Embedded OS

Seong, Yeon Sang (Dept. of Computer Science Engineering, Chungnam National University)
Cho, Chaeho (Dept. of Computer Science Engineering, Chungnam National University)
Jun, Young Pyo (Software Division, Yonsei University MIRAE Campus)
Won, Yoojae (Dept. of Computer Science Engineering, Chungnam National University)

Publication Information

Journal of Information Processing Systems / v.17, no.4, 2021 , pp. 834-850 More about this Journal

Abstract

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

Keywords

Access Control; File System Filter Driver; Mandatory Access Control; Whitelist; Windows Embedded OS;

Citations & Related Records

Times Cited By KSCI : 1 (Citation Analysis)

Reference
Cited By KSCI

1	Red Hat Enterprise Linux 7, "SELinux User's and Administrator's Guide," 2021 [Online]. Available: https://access.redhat.com/documentation/enus/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/index.
2	H. Yoo, J. H. Yun, and T. Shon, "Whitelist-based anomaly detection for industrial control system security," The Journal of Korean Institute of Communications and Information Sciences, vol. 38, no. 8, pp. 641-653, 2013.
3	Microsoft, "CVE-2019-0641: Microsoft Edge Security Feature Bypass Vulnerability," 2019 [Online]. Available: https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2019-0641.
4	S. Parkinson, S. Khan, J. Bray, and D. Shreef, "Creeper: a tool for detecting permission creep in file system access controls," Cybersecurity, vol. 2, article no. 14, 2019. https://doi.org/10.1186/s42400-019-0031-1 DOI
5	K. Fan, X. Yao, X. Fan, Y. Wang, and M. Chen, "A new usage control protocol for data protection of cloud environment," EURASIP Journal on Information Security, vol. 2016, article no. 7, 2016. https://doi.org/10.1186/s13635-016-0031-6 DOI
6	S. S. Park, "A study on the whitelist-based process control method for security of POS system," M.S. thesis, Department of Information Security, Sungkyunkwan University, Seoul, Korea, 2016.
7	K. Srinivasan, C. Y. Chang, C. H. Huang, M. H. Chang, A. Sharma, and A. Ankur, "An efficient implementation of mobile raspberry Pi Hadoop clusters for robust and augmented computing performance," Journal of Information Processing Systems, vol. 14, no. 4, pp. 989-1009, 2018. DOI
8	Telecommunications Technology Association, "Security requirements of the POS system (TTAK.KO12.0181)," 2011 [Online]. Available: http://www.tta.or.kr/data/ttas_view.jsp?totalSu=643&by=desc&order=publish_date&rn=1&pk_num=TTAK.KO-12.0181&nowSu=251.
9	AhnLab, "POS threat, flaw attack," 2015 [Online]. Available: https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?menu_dist=2&curPage=1&seq=23403.
10	I. Fratric, "Microsoft Edge: Default Flash click2play whitelist is insecure," 2019 [Online]. Available: https://bugs.chromium.org/p/project-zero/issues/detail?id=1722.
11	S. J. Kim, "A study of effective rootkit-detection based on Windows system," Master's thesis, Konkuk University, Seoul, Korea, 2008
12	Microsoft," File Systems driver design guide," 2020 [Online]. Available: http://msdn.microsoft.com/kokr/windows/hardware/gg462968.
13	G. S. Mahmood, D. J. Huang, and B. A. Jaleel, "A secure cloud computing system by using encryption and access control model," Journal of Information Processing Systems, vol. 15, no. 3, pp. 538-549, 2019. DOI
14	S. P. Hong, "Design and implementation of mandatory access control based on Linux kernel," Master's thesis, Hanseo University, Seosan, Korea, 2001.
15	Y. Jing, J. H. Kim, and D. W. Jeong, "a universal model for policy-based access control-enabled ubiquitous computing," Journal of Information Processing Systems, vol. 2, no. 1, pp. 28-33, 2006. DOI
16	B. S. Choi, "Design and implementation of secure Linux kernel based on RBAC mechanism," Master's thesis, Hannam University, Daejeon, Korea, 2004.
17	C. Bodei, P. Degano, F. Nielson, and H. R. Nielson, "Static analysis of processes for no read-up and no writedown," in Foundations of Software Science and Computation Structure. Heidelberg, Germany: Springer, 1999, pp. 120-134.
18	J. N. Kim, S. W. Sohn, and C. H. Lee, "Test on the security and performance on the basis of the access control policy implemented by secure OS," The KIPS Transactions: Part D, vol. 10, no. 5, pp. 773-780, 2003.
19	A. Rafique, D. Van Landuyt, E. Truyen, V. Reniers, and W. Joosen, "SCOPE: self-adaptive and policy-based data management middleware for federated clouds," Journal of Internet Services and Applications, vol. 10, article no. 2, 2019. https://doi.org/10.1186/s13174-018-0101-8 DOI
20	D. E. Bell and L. J. La Padula, "Secure computer system: Unified exposition and multics interpretation," MITRE Corp., Bedford, MA, Technical Report No. 2997, 1976.
21	S. G. Hong, "Study on strengthening document security using file system driver," PhD dissertation, ChungAng University, Seoul, Korea, 2011.