• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.89-100
• /
• 2011

Physical memory analysis has been an issue on a field of live forensic analysis in digital forensics until now. It is very useful to make the result of analysis more reliable, because record of user behavior and data can be founded on physical memory although process is hided. But most memory analysis focuses on windows based system. Because the diversity of target system to be analyzed rises up, it is very important to analyze physical memory based on other OS, not Windows. Mac OS X, has second market share in Operating System, is operated by loading kernel image to physical memory area. In this paper, We propose a methodology for physical memory analysis on Mac OS X using symbol information in kernel image, and acquire a process information, mounted device information, kernel information, kernel extensions(eg. KEXT) and system call entry for detecting system call hooking. In additional to the methodology, we prove that physical memory analysis is very useful though experimental study.

• Proceedings of the Korea Contents Association Conference
• /
• 2009.05a
• /
• pp.510-514
• /
• 2009

This program was developed in Visual C + +, the Windows operating system has security features within the files and directories. File and directory security, encryption / decryption operations yirueojimyeo file security can be round, to know the value of the key and security password I need to know the directory is designed to be decrypted. In addition, ECB, CBC algorithm and 3DES, SEED algorithms and methods, and encryption. De0 can not run that created the file extension, as has been developed to allow for double security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.251-258
• /
• 2017

Most malware, including Ransomware, is built for the Windows operating system. This is because it is more harmful to target an operating system with a high share. But in recent years, MacOS's operating system share has steadily increased. As people become more and more used, the number of malicious code running on the MacOS operating system is increasing. Ransomware has been known to Korea since 2015, and damage cases are gradually increasing. MacOS is no longer free from Ransomware, as Ransomware for MacOS was discovered in March 2016. In order to cope with future Ransomware, this paper used Ransomware's modified file extension to detect Ransomware. We have studied how to detect and block Ransomware processes by distinguishing between extensions changed by the user and extensions changed by the Ransomware process.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.1038-1041
• /
• 2007

어플리케이션 또는 네트워크 레벨의 외곽 방어에 의한 보안 기능의 한계로 인하여 운영체제 내부 보안에 대한 필요성이 증대되고 있다. 그에 따라 시스템상에서의 또는 시스템에 의한 행동을 제어하기 위한 차세대 보안솔루션으로 보안 운영체제가 부각되고 있다. 이에 본 논문에서는 안전한 운영체제 구축을 위한 보안 요구 사항의 기준이 될 수 있는 다중등급 보안에 의한 윈도우 서버 보안 강화 기술을 소개하고 본 논문에서 설계하고 구현한 보안 커널의 기능을 중심으로 기술한다. 또한 기존의 전형적인 보안레이블을 확장하여 추가적으로 제어할 수 있도록 수정된 보안 모델을 제시한다.

• The KIPS Transactions:PartC
• /
• v.15C no.3
• /
• pp.141-148
• /
• 2008

Windows Vista published by Microsoft provides more powerful security mechanisms than previous Windows operating systems. In the forensics point of view, new security mechanisms make it more difficult to get data related to the criminals in a storage device. In this paper, we analyze BitLocker introduced as an new security mechanism in Windows Vista. Also, compared to the previous Windows operating systems, the changes and security issues of UAC and EFS in Windows Vista are discussed in the forensics point of view. Futhermore, we discuss other characteristics of Windows Vista useful for forensic examinations.

• The Journal of the Korea Contents Association
• /
• v.11 no.7
• /
• pp.51-59
• /
• 2011

Intelligent service robots leading the future market are robots which assist humans physically, mentally, and emotionally. Since intelligent service robots operate in a tightly coupled manner with humans, their safe operation should be an inevitable consideration. For this safety, real-time capabilities are necessary to execute certain services periodically. Currently, most robot components are being developed based on Windows for the sake of development convenience. However, since Windows does not support real-time, there is no option but to use expensive third-party software such as RTX and INTime. Also since most robot components are usually execute in user-level, we need to research how to support real-time in user-level. In this paper, we design and implement how to support real-time for components running in user-level on Windows using RTiK which actually supports real-time in kernel level on Windows.

• The Journal of the Korea Contents Association
• /
• v.15 no.4
• /
• pp.17-28
• /
• 2015

The applications program that running on Operating System has high dependence. Because environment of OS and standard libraries that supports are different. For those reason, Applications that perform the same function should be implemented in accordance with the new operating system. This results in a temporal and economic waste not only in subsequent maintenance of application but also in management. Even though, to solve this problem Cygwin or MinGW has been distributed, they do not support the portability of the application but provide a virtual environment and the tool. Therefore, in this paper, we design the wrapper format interface middleware using the POSIX and standard C library to support the application performing the same function on virtual environment and without code modification. The middleware can be selectively loading the API that is classified by basic and extend. This allows to managing the application size efficiently. Also, perform the comparative experiments and performance evaluation for application, on equipped with the Interface Middleware Linux, Unix, Windows and on Cygwin.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.574-576
• /
• 2010

This paper describes constructing methods of environments for the App development using v smart-phones which are widespread rapidly. Various smart-phones and operating systems are used all over the world. In this paper, we will deal with three kinds of smart-phones, that is Windows Mobile Phone(recently Windows Phone7), iPhone and Android Phone using respective operating systems which are widespread in the domestic market.

• KSCI Review
• /
• v.12 no.2
• /
• pp.25-46
• /
• 2004

$\bullet$ Windows CE 5.0 $\triangleright$ 사용자 환경에 맞도록 수정/확장 $\triangleright$ 최적의 개발 생산성 제공 $\triangleright$ 네트워크/멀티미디어 기능 $\triangleright$ 안전된 운영체제 성능 $\triangleright$ Window CE 개발방법 $\triangleright$ 다양한 선택사항 $\triangleright$ 각각의 방법에 따른 장단점 $\triangleright$ 상황에 따른 방법의 결정

• The Journal of the Korea Contents Association
• /
• v.17 no.10
• /
• pp.1-8
• /
• 2017

As the recent advancement of military equipment has been accelerated, it is becoming more important to act as an inspection device that verifies the performance of equipment in real time. Most of the inspection equipments were developed on the Windows OS based system. considering development convenience and development period. However, sice the data communication between these models occurs asynchronously, there is a problem that it is difficult to guarantee real-time performance of the window-based inspection equiment. To solve these problems, we use real-time commercial solutions to guarantee the real-time performance of Windows-based inspection equipment. In this paper, we propose a method of designing and implementing the inspection equipment software based on Real-Time implanted Kernel-Multi Processor (RTiK-MP) operating in Windows environment. In addition, real-time performance data accuracy was measured through a high-speed communication tool and interlocking test to verify the performance of the inspection device based on the real-time porting kernel.