• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.251-258
• /
• 2017

Most malware, including Ransomware, is built for the Windows operating system. This is because it is more harmful to target an operating system with a high share. But in recent years, MacOS's operating system share has steadily increased. As people become more and more used, the number of malicious code running on the MacOS operating system is increasing. Ransomware has been known to Korea since 2015, and damage cases are gradually increasing. MacOS is no longer free from Ransomware, as Ransomware for MacOS was discovered in March 2016. In order to cope with future Ransomware, this paper used Ransomware's modified file extension to detect Ransomware. We have studied how to detect and block Ransomware processes by distinguishing between extensions changed by the user and extensions changed by the Ransomware process.

• Journal of Korea Society of Industrial Information Systems
• /
• v.21 no.6
• /
• pp.31-39
• /
• 2016

In this paper, we propose a new system for wireless remote control over single-tasking operating systems such as Microsoft's disk operating system(DOS). In order to control a DOS device in a windows operating system, the proposed architecture uses a video transmitter, a virtual network driver, and a wireless keyboard module. Analysis shows that the proposed system, over 15Mbps wireless LAN(802.11n), can transmit at least 10 to 15 video frames, achieves speed up to a maximum of 8Mbps roughly, and is able to satisfy real time processing with respect to key input. Therefore, the proposed system is well suited to a remote control solution based on DOS devices.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.9
• /
• pp.916-920
• /
• 2008

The personal workspace consists of user- specified computing environment such as user profile, applications and their configurations, and user data. Mobile computing devices (i.e., cellular phones, PDAs, laptop computers, and Ultra Mobile PC) are getting smaller and lighter to provide personal work-space ubiquitously. However, various personal work-space mobility solutions (c.f. VMWare Pocket ACE[1], Mojopac[2], u-PC[3], etc.) are appeared with the advance of virtualization technology and portable storage technology. The personal workspace can be loaded at public PC using above solutions. Especially, we proposed a framework called ubiquitous personal computing environment (u-PC) that supports mobility of personal workspace based on wireless iSCSI network storage in our previous work. However, previous u-PC could support limited applications, because it uses IRP (I/O Request Packet) forwarding technique at filter driver level on Windows operating system. In this paper, we implement OS-level virtualization technology using system call hooking on Windows operating system. It supports personal workspace mobility and covers previous u-PC limitation. Also, it overcomes personal workspace loading overhead that is limitation of other solutions (i.e., VMWare Pocket ACE, Mojopac, etc). We implement a prototype consisting of Windows XP-based host PC and Linux-based mobile device connected via WiNET protocol of UWB. We leverage several use~case models of our framework for proving its usability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.591-603
• /
• 2018

Windows Event Log is a format that records system log in Windows operating system and methodically manages information about system operation. An event can be caused by system itself or by user's specific actions, and some event logs can be used for corporate security audits, malware detection and so on. In this paper, we choose actions related to corporate security audit and malware detection (External storage connection, Application install, Shared folder usage, Printer usage, Remote connection/disconnection, File/Registry manipulation, Process creation, DNS query, Windows service, PC startup/shutdown, Log on/off, Power saving mode, Network connection/disconnection, Event log deletion and System time change), which can be detected through event log analysis and classify event IDs that occur in each situation. Also, the existing event log tools only include functions related to the EVTX file parse and it is difficult to track user's behavior when used in a forensic investigation. So we implemented new analysis tool in this study which parses EVTX files and user behaviors.

• Journal of the Korea Society for Simulation
• /
• v.3 no.2
• /
• pp.69-76
• /
• 1994

Traditionally, simulation-based learning games which are known as flight-simulators have been constructed as a black-box game. Within a black-box game, game-players can view and modify only a part of model parameters. Game-players cannot change the structure of a simulation model. In a black-box game, game-players cannot understand and learn the system structure which is responsible for the system behavior. In this paper, the multi-tasking at the level of operating systems is exploited to enhance the transparency of simulation-based learning game. The white-box game or transparent-box game allows game-players ot view and modify the model structure. The multi-tasking solution for white-box learning game is implemented with Smalltalk language on MS-/windows operating system.

• Journal of Internet Computing and Services
• /
• v.15 no.5
• /
• pp.133-139
• /
• 2014

Recently the Microsoft Windows OS(operating system) is widely used for the internet banking, games etc. The kernel functions provided by the Windows OS can perform memory accesses, keyboard input/output inspection, and graphics output of any processes. Thus, many hacking programs utilizes those for memory hacking, keyboard hacking, and making illegal automation tools for game programs. Existing protection mechanisms make decisions for existence of hacking programs by inspecting some kernel data structures and the initial parts of kernel functions. In this paper, we point out drawbacks of existing methods and propose a new solution. Our method can remedy those by modifying the system service dispatcher code. If the dispatcher code is utilized by a hacking program, existing protection methods cannot detect illegal operations. Thus, we suggest that protection methods should investigate the modification of the dispatcher code as well as kernel data structures and the initial parts of kernel functions.

• IE interfaces
• /
• v.12 no.4
• /
• pp.575-585
• /
• 1999

This study develops and operating software for a model plant. The model plant consists of an AS/RS system, two machining centers, an assembly line, and supplementary material handling equipments. Devices of each component are connected with the IBS RT24 DIO 16/16-T I/O module. Each I/O module communicates digital signals with the INTERBUS controller board via SUB-D 9 Connector cable. This study is a previous stage for developing an educational CIM software. Petri Nets is used for modelling the storage/retrieval of the AS/RS system, the flow of workpieces and the assembly line for parts. The operating software is coded with Microsoft Visual $C^{++}$ 5.0 and Interbus Library which is a software driver for the controller board. The operating software can be run on a MS Windows 95. Microsoft Access is used for the implementation of databases for BOM, AS/RS, and parts.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.1003-1008
• /
• 2017

The Internet of Things has attracted considerable research attention in recent years. In order for the new IoT technology to be widely used, the reliability and protection of information is required. IoT systems are very vulnerable to physical security due to their easy accessibility. Along with the development of SoC technology, many operating systems have been developed and many new operating systems have been introduced. In this paper, we describe the vulnerability analysis results for operating systems running on the ARMv7 Thumb Architecture hardware platform. For the recently introduced "Windows 10 IoT Core" operating system, I implemented the Zero-Day Attack by implanting the penetration code developed through the research into a specific IoT system. The virus detection test for the resulting penetration code was validated by referral to the "virustotal" site.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.472-475
• /
• 2005

This paper present a robot controller developed for shipbuilding yard. Since shipbuilding process handles large work pieces and has dusty and noisy environment, the developed controller has separated architecture into main control part and servo control part. Main control part is located in control room while servo control part is located near robot with work pieces. Commutation between two parts is done through SynqNet and RS485. Air purging system is adapted to servo control part for better reliability. We aimed open architecture in both hardware and software architecture. For open hardware architecture, we employed Compact PCI (cPCI) because it is widely used bus system and very reliable. Since lots of commercial boards are available with cPCI interface, upgrade and reconfiguration is easy. For open software architecture, Windows XP�� Embedded is selected as operating system (OS), because it is very popular OS and most hardware vender supports device driver for the windows XP.

• Journal of the Korean Society for Precision Engineering
• /
• v.20 no.1
• /
• pp.107-117
• /
• 2003

Polishing a die that has free-form surfaces is a time-consuming and tedious job, and requires a considerable amount of high-precision skill. In order to reduce the polishing time and cope with the shortage of skilled workers, an automatic polishing robot system was developed. The polishing robot system is composed of two subsystems, a three-axis machining center and a two-axis polishing head. The machining center is controlled by a FANUC controller, and the polishing head by DSP controller. The system has five degrees of freedom and is able to keep the polishing tool normal to the die surface during operation. To easily operate the developed polishing robot system, this study developed an integrated operating program in the Windows environment. The program consists of five modules: a polishing data generation module, a code separation module, a polishing module, a graphic simulator module, and a teaching module. And, the automatic teaching system was developed to easily obtain teaching data and it consists of a three dimensional joystick and a proximity sensor. Also, to evaluate the performance of the integrated operating program and the polishing robot system, polishing experiments of a die of shadow mask were carried out.