• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.1-12
• /
• 2006

Malicious codes have been widely documented and detected in information security breach occurrences of Microsoft Windows platform. Legacy information security systems are particularly vulnerable to breaches, due to Window kernel-based malicious codes, that penetrate existing protection and remain undetected. To date there has not been enough quality study into and information sharing about Windows kernel and inner code mechanisms, and this is the core reason for the success of these codes into entering systems and remaining undetected. This paper focus on classification and formalization of type target and mechanism of various Windows kernel-based attacks, and will present suggestions for effective response methodologies in the categories of, "Kernel memory protection", "Process & driver protection" and "File system & registry protection". An effective Windows kernel protection system will be presented through the collection and analysis of Windows kernel and inside mechanisms, and through suggestions for the implementation methodologies of unreleased and new Windows kernel protection skill. Results presented in this paper will explain that the suggested system be highly effective and has more accurate for intrusion detection ratios, then the current legacy security systems (i.e., virus vaccines and Windows IPS, etc) intrusion detection ratios. So, It is expected that the suggested system provides a good solution to prevent IT infrastructure from complicated and intelligent Windows kernel attacks.

• Journal of Advanced Navigation Technology
• /
• v.13 no.6
• /
• pp.884-893
• /
• 2009

Recently, malicious attacks for Windows operate through Window API hooking in the Windows Kernel. This paper presents the API hooking attack and protection techniques based on Windows kernel. Also this paper develops a detection tool for Windows API hooking that enables to detect dll files which are operated in the kernel. Proposed tool can detect behaviors that imports from dll files or exports to dll files such as kernel32.dll, snmpapi.dll, ntdll.dll and advapidll.dll, etc.. Test results show that the tool can check name, location, and behavior of API in testing system.

• The Journal of Information Technology
• /
• v.8 no.4
• /
• pp.91-102
• /
• 2005

In this paper, development of embedded system based on Windows CE 5.0 which released recently is studied. Embedded softwares for the target board using S3C2410A SOC based on ARM920T core are composed of (1) BSP(Board Support Package) contains an OAL(OEM Adaptation Layer) which includes a boot loader for initializing and customizing target hardware, device drivers, and a corresponding set of configuration files (2) Windows CE 5.0 kernel (3) SDK and MP3 test application. Particularly, PB(Platform Builder) provides the efficient functions to build, test and debug the BSP and CE kernel. It is looked forward to being widely spread that Windows CE 5.0 will be utilized at smart devices such as PMP, CNS and DMB phone which inevitably require a display device.

• Journal of Institute of Control, Robotics and Systems
• /
• v.17 no.1
• /
• pp.38-46
• /
• 2011

The OPRoS (Open Platform for Robotic Service) framework provides uniform operating environment for service robots. As an OPRoS-based service robot has to support real-time as well as non-real-time applications, application of Windows NT kernel based operating system can be restrictive. On the other hand, various benefits such as rich library and device support and abundant developer pool can be enjoyed when service robots are built on Windows NT. The paper presents a user-mode component scheduler of OPRoS, which can provide near real-time scheduling service on Windows NT based on the restricted real-time features of Windows NT kernel. The component scheduler thread with the highest real-time priority in Windows NT system acquires CPU control. And then the component scheduler suspends and resumes each periodic component executors based on its priority and precedence dependency so that the component executors are scheduled in the preemptive manner. We show experiment analysis on the performance limitations of the proposed scheduling technique. The analysis and experimental results show that the proposed scheduler guarantees highly reliable timing down to the resolution of 10ms.

• Journal of Internet Computing and Services
• /
• v.15 no.5
• /
• pp.133-139
• /
• 2014

Recently the Microsoft Windows OS(operating system) is widely used for the internet banking, games etc. The kernel functions provided by the Windows OS can perform memory accesses, keyboard input/output inspection, and graphics output of any processes. Thus, many hacking programs utilizes those for memory hacking, keyboard hacking, and making illegal automation tools for game programs. Existing protection mechanisms make decisions for existence of hacking programs by inspecting some kernel data structures and the initial parts of kernel functions. In this paper, we point out drawbacks of existing methods and propose a new solution. Our method can remedy those by modifying the system service dispatcher code. If the dispatcher code is utilized by a hacking program, existing protection methods cannot detect illegal operations. Thus, we suggest that protection methods should investigate the modification of the dispatcher code as well as kernel data structures and the initial parts of kernel functions.

• The Journal of the Korea Contents Association
• /
• v.20 no.10
• /
• pp.14-24
• /
• 2020

Real-time performance is to return the exact result value to the correct cycle, or to perform the specified work at a certain cycle. Windows does not support real-time performance, so it supports real-time performance using expensive third parties such as RTX and INtime. This paper aims to support real-time performance of Windows through RTiK, a real-time kernel that operates in the form of a device driver in Windows. In Windows 7, RTiK used a timer using local APIC supported by x86 hardware. However, due to the Kernel Patch Protection (KPP) on Windows 10, it became impossible to use a local APIC timer. Therefore, a timer is implemented to inform the determined cycle using Local APIC IPI, and performance measurement is performed to confirm that the cycle operates normally within the error range. This enables real-time performance on Windows 10.

• Journal of Korea Multimedia Society
• /
• v.24 no.2
• /
• pp.199-207
• /
• 2021

It is very important to support real-time on the inspection equipment based on Windows. In particular, in the system using MIL-STD-1553B communication, which is widely used in military weapon systems, real-time is required for inspection equipment that uses mostly platforms based on Windows such as Industrial PCs. However, in order to use a complete real-time operating system such as VxWorks, the purchase cost is expensive and the implementation is complicated on the system, so it is not suitable for inspection equipment that requires simple functions to just check go or no-go. Therefore, in this paper, a Real-Time implanted Kernel(RTiK) in the Windows kernel is implanted in order to improve these defects, and real-time performance is implemented for periodically MIL-STD-1553B communication by Deferred Procedure Call(DPC) of Windows. Also, it was verified that the period of up to 2ms was guaranteed with a RDTSC into the EDX:EAX registers for measuring the periodicity.

• Korean Journal of Computational Design and Engineering
• /
• v.6 no.4
• /
• pp.271-276
• /
• 2001

A geometric kernel is the library of core mathematical functions that defines and stores 3D shapes in response to users'commands. We developed a light geometric kernel suitable to develop CAD/CAM application systems. The kernel contains geometric objects, such as points, curves and surfaces and a minimal set of functions for each type but does not contain lots of modeling and handling functions that are useful to create and maintain complex shapes from an idea sketch. The kernel was developed on MS-Windows NT using C++ with STL(Standard Template Library) but it is compatible with UNIX environments. This paper describes the structure of the kernel including several components: base, math, point sequence curve, geometry, translators. The base kernel gives portability to applications and the math kernel contains basic arithmetic and their classes, such as vector and matrix. The geometry kernel contains points, parametric curves, and parametric surfaces. A neutral fie format and programming and document styles are also presented in this paper.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.9
• /
• pp.1947-1954
• /
• 2011

There are various attacks such as tampering, bypassing and spoofing which are caused with system-wide vulnerabilities of Windows operating system. The underlying operating system is responsible for protecting application-space mechanisms against such attacks. This paper provides the implementation of mandatory access control known as multi-level security (MLS) rating with TCSEC-B1 level on th kernel of Windows$^{TM}$. By adding especially the protection feature against tampering memory of processes to the security kernel, this implementation meets the responsibility against system-wide vulnerabilities.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.6
• /
• pp.2801-2806
• /
• 2011

During data transmissions via Bluetooth networks, data to be encrypted, or plain text between the application layer and the device layer, can be hacked similar to a key-logger by the major function hooking technique of Windows Kernel Driver. In this paper, we introduce an improved protection module which provides data encryption transmission by modifying the data transmission driver of the Bluetooth device layer, and also suggest a self-protecting scheme which prevents data exposure by various hacking tools. We implement the protection module to verify the confidentiality guarantee. Our protection module which provides data encryption with minimal latency can be expected the widespread utilization in Bluetooth data transmission.