Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Security Improvement of File System Filter Driver in Windows Embedded OS

  • Seong, Yeon Sang (Dept. of Computer Science Engineering, Chungnam National University) ;
  • Cho, Chaeho (Dept. of Computer Science Engineering, Chungnam National University) ;
  • Jun, Young Pyo (Software Division, Yonsei University MIRAE Campus) ;
  • Won, Yoojae (Dept. of Computer Science Engineering, Chungnam National University)
  • Received : 2020.03.20
  • Accepted : 2020.10.11
  • Published : 2021.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

Keywords

Acknowledgement

This work was supported by Institute for Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2019-0-01343, Training Key Talents in Industrial Convergence Security).

References

  1. S. S. Park, "A study on the whitelist-based process control method for security of POS system," M.S. thesis, Department of Information Security, Sungkyunkwan University, Seoul, Korea, 2016.
  2. K. Srinivasan, C. Y. Chang, C. H. Huang, M. H. Chang, A. Sharma, and A. Ankur, "An efficient implementation of mobile raspberry Pi Hadoop clusters for robust and augmented computing performance," Journal of Information Processing Systems, vol. 14, no. 4, pp. 989-1009, 2018. https://doi.org/10.3745/jips.01.0031
  3. Telecommunications Technology Association, "Security requirements of the POS system (TTAK.KO12.0181)," 2011 [Online]. Available: http://www.tta.or.kr/data/ttas_view.jsp?totalSu=643&by=desc&order=publish_date&rn=1&pk_num=TTAK.KO-12.0181&nowSu=251.
  4. AhnLab, "POS threat, flaw attack," 2015 [Online]. Available: https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?menu_dist=2&curPage=1&seq=23403.
  5. I. Fratric, "Microsoft Edge: Default Flash click2play whitelist is insecure," 2019 [Online]. Available: https://bugs.chromium.org/p/project-zero/issues/detail?id=1722.
  6. S. G. Hong, "Study on strengthening document security using file system driver," PhD dissertation, ChungAng University, Seoul, Korea, 2011.
  7. S. J. Kim, "A study of effective rootkit-detection based on Windows system," Master's thesis, Konkuk University, Seoul, Korea, 2008
  8. Microsoft," File Systems driver design guide," 2020 [Online]. Available: http://msdn.microsoft.com/kokr/windows/hardware/gg462968.
  9. G. S. Mahmood, D. J. Huang, and B. A. Jaleel, "A secure cloud computing system by using encryption and access control model," Journal of Information Processing Systems, vol. 15, no. 3, pp. 538-549, 2019. https://doi.org/10.3745/jips.03.0117
  10. K. Fan, X. Yao, X. Fan, Y. Wang, and M. Chen, "A new usage control protocol for data protection of cloud environment," EURASIP Journal on Information Security, vol. 2016, article no. 7, 2016. https://doi.org/10.1186/s13635-016-0031-6
  11. S. P. Hong, "Design and implementation of mandatory access control based on Linux kernel," Master's thesis, Hanseo University, Seosan, Korea, 2001.
  12. B. S. Choi, "Design and implementation of secure Linux kernel based on RBAC mechanism," Master's thesis, Hannam University, Daejeon, Korea, 2004.
  13. J. N. Kim, S. W. Sohn, and C. H. Lee, "Test on the security and performance on the basis of the access control policy implemented by secure OS," The KIPS Transactions: Part D, vol. 10, no. 5, pp. 773-780, 2003.
  14. D. E. Bell and L. J. La Padula, "Secure computer system: Unified exposition and multics interpretation," MITRE Corp., Bedford, MA, Technical Report No. 2997, 1976.
  15. Y. Jing, J. H. Kim, and D. W. Jeong, "a universal model for policy-based access control-enabled ubiquitous computing," Journal of Information Processing Systems, vol. 2, no. 1, pp. 28-33, 2006. https://doi.org/10.3745/JIPS.2006.2.1.028
  16. A. Rafique, D. Van Landuyt, E. Truyen, V. Reniers, and W. Joosen, "SCOPE: self-adaptive and policy-based data management middleware for federated clouds," Journal of Internet Services and Applications, vol. 10, article no. 2, 2019. https://doi.org/10.1186/s13174-018-0101-8
  17. Red Hat Enterprise Linux 7, "SELinux User's and Administrator's Guide," 2021 [Online]. Available: https://access.redhat.com/documentation/enus/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/index.
  18. C. Bodei, P. Degano, F. Nielson, and H. R. Nielson, "Static analysis of processes for no read-up and no writedown," in Foundations of Software Science and Computation Structure. Heidelberg, Germany: Springer, 1999, pp. 120-134.
  19. H. Yoo, J. H. Yun, and T. Shon, "Whitelist-based anomaly detection for industrial control system security," The Journal of Korean Institute of Communications and Information Sciences, vol. 38, no. 8, pp. 641-653, 2013.
  20. Microsoft, "CVE-2019-0641: Microsoft Edge Security Feature Bypass Vulnerability," 2019 [Online]. Available: https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2019-0641.
  21. S. Parkinson, S. Khan, J. Bray, and D. Shreef, "Creeper: a tool for detecting permission creep in file system access controls," Cybersecurity, vol. 2, article no. 14, 2019. https://doi.org/10.1186/s42400-019-0031-1