• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.07a
• /
• pp.263-266
• /
• 2022

최근 프로세서 제조공정의 급속한 발전으로 프로세서의 종류에 상관없이 같은 운영체제를 설치 할 수 있게 되었다. 하지만 근본적으로 프로세서의 종류에 따라 차이점이 있고, 동작방식이 다르기 때문에 포렌식 할 경우 같은 운영체제라도 다른 결과가 나올 수 있다. 본 논문은 디지털포렌식을 이용하여 CISC 프로세서의 Windows 운영체제와 RISC 프로세서의 Windows운영체제를 비교하고, 프로세서 방식에 따른 차이점을 통해 후속 연구 방향을 제시한다.

• Journal of Internet Computing and Services
• /
• v.15 no.5
• /
• pp.133-139
• /
• 2014

Recently the Microsoft Windows OS(operating system) is widely used for the internet banking, games etc. The kernel functions provided by the Windows OS can perform memory accesses, keyboard input/output inspection, and graphics output of any processes. Thus, many hacking programs utilizes those for memory hacking, keyboard hacking, and making illegal automation tools for game programs. Existing protection mechanisms make decisions for existence of hacking programs by inspecting some kernel data structures and the initial parts of kernel functions. In this paper, we point out drawbacks of existing methods and propose a new solution. Our method can remedy those by modifying the system service dispatcher code. If the dispatcher code is utilized by a hacking program, existing protection methods cannot detect illegal operations. Thus, we suggest that protection methods should investigate the modification of the dispatcher code as well as kernel data structures and the initial parts of kernel functions.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.21-27
• /
• 2009

In the environment of development of network bandwidth and intrusion technology there is limit to the pattern analysis of all massed packets through the existing pattern matching method by the intrusion detection system. To detect the packets efficiently when they are received fragmented, it has been presented the matching method only the pattern of packets consisting with the operation system such as Esnort. Pattern matching performance is improved through the use of NMAP, the basic mechanism od Esnort, by scanning the operation system of the same network system and appling pattern match selectively scanned information and the same operation system as the received packets. However, it can be appeared the case of disregarding the receivied packets depending on the diversity of the kind of operation systems and recognition mistake of operation system of nmap. In this paper, we present and verify the improved intrusion detection system shortening the pattern matching time by the creation of hashy table through the pattern hash of intrusion detection system independently with the users system environment .in the state of flux.

• Review of KIISC
• /
• v.26 no.1
• /
• pp.48-53
• /
• 2016

최근 들어 보안사고의 대응 방식이 네트워크 보안이나 운영체제 보안과 같은 전통적인 방법에서 벋어나 개발생명주기보안이나 SW 공급망 보안으로 확대되고 있다. 이러한 흐름에서 주목받는 것이 BSIMM과 같은 소프트웨어 보안성숙도 모델이다. 보안성숙도 모델은 소프트웨어 시스템의 보안성 향상을 위해 관리자와 개발자가 중점을 두어야 할 부분을 스스로 평가할 수 있도록 하는 프레임워크이다. 본 고에서는 BSIMM을 통해 보안성숙도 모형이 갖는 특징을 소개하며, 이의 활용에 대해 살펴본다.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.153-160
• /
• 2006

The control system is accomplishing very important role in our life currently as the national critical Infrastructure and large scale industry plant. We manage SCADA system to manage generally the control system interconnected with the information system. The operating system of SCADA is changing also to the well-known OS like Windows or UNIX for offer various convenience and facility to the user. We offered the reason why such change of the system makes so that it is exposed to cyber terror. In the traditional SCADA system is managed safely by an isolated network system physically. It is the trend to increase gradually though a cyber terror possibility is thinner on a control system than a information system but the cyber terror gives a nation or community wide damage influence of large scale if it happens. Therefore this paper presents a security safeguard plan about SCADA system and helps prepare systematic security strategy and enhance the security level implement.

• Review of KIISC
• /
• v.21 no.1
• /
• pp.38-43
• /
• 2011

스마트폰은 어플리케이션 마켓의 활성화와 SNS 서비스의 이용이 증가하면서 사람들에게 많은 관심을 받고 있는 휴대기기이다. 스마트폰은 사용자의 기호에 따라 어플리케이션을 설치하여 개인화 할 수 있는 특징을 지녔다. 따라서 스마트폰은 사용자에 따라 다량의 개인 정보를 저장하고 있을 수 있으며, 카메라 모듈, GPS 모듈과 같이 상황 정보를 감지할 수 있는 센서들을 내장하고 있어 신뢰할 수 있는 강한 보안 서비스가 요구된다. 윈도우즈 폰 7은 기존의 윈도우즈 시스템이나 Xbox LIVE, Zune, Windows Azure 등과 연동할 수 있는 특징을 가진 모바일 운영체제이다. 본 논문에서는 모바일 운영체제 중 국내에 아직 잘 알려지지 않은 윈도우즈 폰 7의 보안 체계에 대해 분석한다.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.79-86
• /
• 2004

In general, operating system is offering the security function of OS level to support several web services. However, it is true that security side of OS level is weak from many parts. Specially, it is needed to audit/trace function in security kernel level to satisfy security more than B2 level that define in TCSEC(Trusted Computer System Evaluation Criteria). So we need to create audit data at system call invocation for this, and do to create audit data of equal format about almost event and supply information to do traceback late. This Paper Proposes audit/trace system module that use LKM(Loadable Kernel Module) technique. It is applicable without alteration about existing linux kernel to ensure safe evidence. It offers interface that can utilize external audit data such as intrusion detection system, and also offers safe role based system that is divided system administrator and security administrator These data will going to utilize to computer forensics' data that legal confrontation is Possible.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.3-8
• /
• 2022

Security threats occur from the outside, but more often from the inside. In particular, since the internal user knows about the information service, the security threat damage caused by the internal user is greater. In this environment, the actions of all users accessing information services should be monitored and recorded in real-time. However, the current operating system records only the logs of system and application execution, so there is a limit to monitoring user behavior in real-time. In such a security environment, damage may occur due to user's unauthorized actions. To solve this problem, this study proposes an architecture that monitors user behavior in real-time in a Linux environment. As a result of verifying the function to confirm the effectiveness of the proposed architecture, the console input values and output angles of all users who have access to the operating system are monitored in real-time and stored. Although the performance of the proposed architecture is somewhat slower than the identification and authentication functions provided by the operating system, it was confirmed that the performance was not at a level that users would recognize, and thus it was judged to be sufficiently effective. However, since this study focuses on monitoring the console behavior, it is impossible to monitor the behavior of user applications running in the background, so additional research is needed.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.23-32
• /
• 2023

Container-based virtualization has attracted many attentions as an alternative to virtual machine technology because it can be used more lightly by sharing the host operating system instead of individual guest operating systems. However, this advantage may owe some vulnerabilities. In particular, excessive resource use of some containers can affect other containers, which is known as the noisy neighbor problem, so that the important property of isolation may not be guaranteed. The noisy neighbor problem can threat the availability of containers, so we need to consider the noisy neighbor problem as a security problem. In this paper, we investigate vulnerabilities on guarantee of isolation incurred by the noisy neighbor problem in container-based virtualization. For this we first analyze the structure of container-based virtualization environments. Then we present vulnerabilities in 3 functional layers and general directions for solutions with limitations.

• Journal of the Korean Data Analysis Society
• /
• v.20 no.6
• /
• pp.3117-3126
• /
• 2018

The operating system update is a basic step to maintain a safe internet use environment. This study analyzed whether the implementation of the operating system update was related to gender and age group during the violation accident prevention act in relation to information protection on the internet, and tried to verify the validity of these factors by analyzing the influence of gender and age group. In this study, logistic regression analysis was conducted based on the information security survey data surveyed by the Korea Internet & Security Agency in 2016. As a result, gender and age were surveyed as factors related to the implementation of operating system updates. As a result of analyzing the impact on the implementation of operating system updates by gender, it is estimated that the odds are 0.419 times higher for women than for men. According to the analysis of the operating system update by age group based on the 50s, which is a vulnerable group of information, the result is that the odds are 13.266 times higher in the 20s than the 50s.