• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• Journal of IKEEE
• /
• v.27 no.3
• /
• pp.239-245
• /
• 2023

Whitelist-based ransomware solution is known as being vulnerable to false impersonation attack using DLL injection attack. To solve this problem, it is proposed to monitor DLL injection attack and to integrate the monitoring result to ransomware solutions. In this paper, we show that attackers can easily bypass the monitoring mechanism and then illegally access files of a target system. It means that whitelist-based ransomware solutions are still vulnerable.

• Journal of IKEEE
• /
• v.26 no.3
• /
• pp.380-388
• /
• 2022

The traditional malware detection technologies collect known malicious programs and analyze their characteristics. Then such a detection technology makes a blacklist based on the analyzed malicious characteristics and checks programs in the user's system based on the blacklist to determine whether each program is malware. However, such an approach can detect known malicious programs, but responding to unknown or variant malware is challenging. In addition, since such detection technologies generally monitor all programs in the system in real-time, there is a disadvantage that they can degrade the system performance. In order to solve such problems, various methods have been proposed to analyze major behaviors of malicious programs and to respond to them. The main characteristic of ransomware is to access and encrypt the user's file. So, a new approach is to produce the whitelist of programs installed in the user's system and allow the only programs listed on the whitelist to access the user's files. However, although it applies such an approach, attackers can still perform malicious behavior by performing a DLL(Dynamic-Link Library) injection attack on a regular program registered on the whitelist. This paper proposes a method to respond effectively to attacks using DLL injection.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.346-349
• /
• 2014

Currently, the growing cyber threat continues, the damage caused by the evolution of malicious code incidents become more bigger. Such advanced attacks as APT using 'zero-day vulnerability' bring easy way to steal sensitive data or personal information. However it has a lot of limitation that the traditional ways of defense like 'access control' with blocking of application ports or signature base detection mechanism. This study is suggesting a way of controlling application activities focusing on keeping integrity of applications, authorization to running programs and changes of files of operating system by hardening of legitimate resources and programs based on 'white-listing' technology which analysis applications' behavior and its usage.

• Journal of the Society of Disaster Information
• /
• v.17 no.4
• /
• pp.897-903
• /
• 2021

Purpose: Recently, ransomware damage that encrypts victim's data through hacking and demands money in exchange for releasing it is increasing domestically and internationally. Accordingly, research and development on various response technologies and solutions are in progress. Method: A secure storage area and a general storage area were created in the same virtual environment, and the sample data was saved by registering the access process. In order to check whether the stored sample data is infringed, the ransomware sample was executed and the hash function of the sample data was checked to see if it was infringed. The access control performance checked whether the sample data was accessed through the same name and storage location as the registered access process. Result: As a result of the experiment, the sample data in the secure storage area maintained data integrity from ransomware and unauthorized processes. Conclusion: Through this study, the creation of a secure storage area and the whitelist-based access control method are evaluated as suitable as a method to protect important data, and it is possible to provide a more secure computing environment through future technology scalability and convergence with existing solutions.

• Korea Trade Review
• /
• v.44 no.6
• /
• pp.327-344
• /
• 2019

This paper explores the hub-and-spoke system as the structure of the global economic network that presents obstacles for international cooperation. With its exclusive jurisdiction and control over the hub, a powerful state can employ coercive economic measures to compel and deter unwanted behavior of rogue states and even its allies. Against this backdrop, this study analyzes the cases of the US blocking access to its market by Chinese Huawei as well as the case of Japan in restricting trade for highly advanced goods to South Korea. This analysis reveals that both measures are forms of secondary boycotts, which affect not only the entities within their jurisdiction but also others located in third countries. In addition, this paper extends its findings to free trade agreements and offers implications on the outward processing scheme for the Gaeseong Industrial Complex in the KORUS FTA and the Korea-China FTA. These events result in a gray-risk for South Korea, a country that aims to resolve North Korea's denuclearization and inter-Korean economic cooperation.