• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.89-100
• /
• 2011

Physical memory analysis has been an issue on a field of live forensic analysis in digital forensics until now. It is very useful to make the result of analysis more reliable, because record of user behavior and data can be founded on physical memory although process is hided. But most memory analysis focuses on windows based system. Because the diversity of target system to be analyzed rises up, it is very important to analyze physical memory based on other OS, not Windows. Mac OS X, has second market share in Operating System, is operated by loading kernel image to physical memory area. In this paper, We propose a methodology for physical memory analysis on Mac OS X using symbol information in kernel image, and acquire a process information, mounted device information, kernel information, kernel extensions(eg. KEXT) and system call entry for detecting system call hooking. In additional to the methodology, we prove that physical memory analysis is very useful though experimental study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.753-760
• /
• 2023

KakaoTalk has the highest market share among domestic messengers. As such, KakaoTalk's conversation content is an important evidence in digital forensics, and the conversation is stored in the form of an encrypted database on a user's device. In addition, macOS has the characteristic that it is difficult to access because the disk encryption function is basically activated. The decryption method of the KakaoTalk database for Windows has been studied, but the decryption method has not been studied for KakaoTalk for macOS. In this paper, research the decryption method of the KakaoTalk database for macOS and a way to Brute-Force plan using the characteristics of KakaoTalk's UserID and compare it with KakaoTalk for Windows to examine the commonalities and differences. The results of this paper are expected to be used to analyze users' actions and events when investigating crimes using macOS.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.44 no.4 s.316
• /
• pp.10-20
• /
• 2007

In this paper, we propose the reference implementation of WIPI runtime engine supporting various platforms such as REX OS, Qplus and Windows. We describe the architecture of WIPI runtime engine according to each platform, and introduce the method for avoiding repetitive develoment. And we explain the implementation of a linker and a loader on REX OS and describe the runtime engine structure on Qplus, a kind of embedded linux. And we introduce the implementation of the Jlet/MIDlet emulator based on a Java virtual machine and the Clet emulator based on Windows. Finally we verify the interoperability and the perfection of the proposed reference implementation through the result of the HCT and the PCT and the normal operation of the example programs.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.91-105
• /
• 2010

With the release Apple's iPhone, smartphone is enjoying a tremendous popularity. Security experts pointed the smartphone security risks and KCC(Korea Communications Commission) published safety rules for smartphone users. In this paper we surveyed market and product trends of smartphone and analyzed the security technology of smartphoen OS including Symbian, iPhone OS, Windows Mobile and Android.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.931-933
• /
• 2005

Windows CE는 Microsoft사의 Windows 운영체제 가운데서 가장 작은 운영체제로서 일반 데스크톱 Windows 커널을 수용할 수 없는 소형/임베디드 장비에서 주로 사용되어진다. 현재 Windows CE에서 사용되고 있는 부트로더로는 E-boot(Ethernet bootloader)가 있으며 RAM 이미지와 플래시 이미지 다운로드 기능을 제공한다. E-boot의 문제점으로는 플래시 메모리상에서 부팅을 수행하기 때문에 NOR 타입의 플래시만을 지원하여, 컴팩트 플래시와 같은 NAND 타입의 플래시 지원하지 않는다. 이는 OS Binary 이미지의 용량이 NOR 플래시를 초과할 경우에 수행이 불가능하다는 문제를 발생시킨다. 따라서 본 논문에서는 기존의 E-boot를 수정하여 NDR 플래시보다 상대적으로 가격이 저렴하고 휴대성이 좋은 컴팩트 플래시 메모리를 이용하여 부팅이 가능한 부트로더를 구현한다. 또한 컴팩트 플래시 지원을 위한 새로운 읽기/쓰기 메카니즘을 소개한다.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2011.07a
• /
• pp.325-326
• /
• 2011

최근, 다수의 3D 콘텐츠가 개발되고 있으며 이러한 3D 콘텐츠는 스테레오 카메라를 이용하여 촬영되고 있다. 그러나 대부분의 3D 콘텐츠는 제작자의 개인적인 경험에 바탕을 두고 제작되고 있어, 일괄적인 기준이 모호한 상황이다. 이에 본 논문에서는 제공된 정보로부터 정확한 3D 정보들을 계산해주는 3D 계산기를 제안한다. 제안된 3D 계산기는 제작자의 선택을 돕고자, 주어진 정보로부터 정확한 기기의 위치, 받침대의 위치, 시차, 카메라와 렌즈의 떨어진 거리등을 계산해준다. 따라서, 제안된 3D 계산기는 촬영 대상 물체가 실제 영화관이나 3D Display 상에서 어떻게 보여지는지를 미리 계산하여 보여줌으로써, 3D 콘텐츠를 제작함에 있어 제작시간을 줄이고 제작자의 의도를 정확하게 반영할 수 있도록 도와준다. 제안된 3D 계산기는 windows OS, iOS, 그리고 android OS 등 다수의 OS에서 사용 가능하도록 다수의 OS상에서 포팅이 되어 있다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.4
• /
• pp.143-151
• /
• 2010

In this paper, We designed the robot controller with Linux OS, Cygwin under the Marvell Monahan PXA320 embedded platform. Cygwin is a collection of tools for using the Linux-like environment for commercially released x86 32 bit and 64 bit versions of Windows and is a DLL that acts as a Linux API emulation layer providing substantial Linux API functionality. TinyOS-2. x is a component based embedded OS by UC Berkeley and is an open-source OS designed for interfacing the sensor application with specific C-language. The results of experiment are described to show the improvement of sensor interfacing functionality under the PXA320 embedded RTOS platform.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.3
• /
• pp.1-10
• /
• 2011

In this paper, we implemented the Android NDK porting application with Eclipse(JDK) ADT and TinyOS 2.0. TinyOS and Cygwin are component based embedded system and an Open-source basis for interfacing with sensor application from H-mote. Cygwin is a collection of tools for using the Linux environment for commercially released with x86 32 bit and 64 bit versions of Windows. TinyOS-2. x is a component based embedded OS by UC Berkeley and is an Open-source OS designed for interfacing the sensor application with specific C-language. The results of Android porting experiment are described to show the improvement of sensor interfacing functionality under the PXA320 embedded RTOS platform. We will further more develop the software programming of Android porting under Embedded platform and enhance the functionality of the Android SDK with mobile gaming and kernel programming under sensor interfacing activity.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.43-46
• /
• 2010

시스템을 구축하여 운용하다 보면 하드웨어 또는 DBMS 업그레이드를 위해 데이터베이스를 이동할 필요가 있게 된다. 그 상황은 동일 OS 동일 DBMS 로 이동, 스토리지 환경의 변화에 의한 이동, 상이한 OS 동일한 DBMS 로 이동, 상이한 OS 상이한 DBMS 로 이동 등이 있다. 본 연구에서는 동일 OS 동일 DBMS 로 이동 상황 즉 Windows Server, SQL Server 환경에서 하드웨어 업그레이드 및 SQL Server 및 OS 버전 업그레이드를 하는 방법에 국한하여 실제 시뮬레이션을 통해 장단점 및 서비스 중지 시간을 확인해보려 한다.