• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.6
• /
• pp.123-129
• /
• 2013

Android file system is vulnerable to the external access of system resources via its arbitrary access mode and need user's control for SD and UMS medias due to its open architecture. In response to the device control, there is a drawback that its controlability is valid only in the case of embedded linux kernel with VDC function. Hence the solution is to directly implement VDC through system call, with another security module for device storage than system module being added to android system. In this paper the new method of android storage access control for personal information is proposed via VDC for mount system of storage. The access method for SD and UMS were implemented using VDC and mount mechanism. This access control system has been designed to control the granted users in kernel level if files are flowed out by copying. As a result, it was proved through testing that the access control system has exactly detected the write access operation.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.387-396
• /
• 2003

Many studies have been done on secure kernel and encryption filesystem for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policy like ACL, MAC, RBAC and so on, but cannot protect user or system data from stealing backup media or disk itself. In addition to access control policy, there are many studies on encryption filesystem that encrypt file data within system level. However few studies have been done on combining access control policy and encryption filesystem. In this paper we proposed a new encryption filesystem that provides a transparency to the user by integrating encryption service into virtual filesystem layer within secure kernel that has various access control policies. Proposed encryption filesystem can provide a simple encryption key management architecture by using encryption keys based on classes of MAC policy and overcome a limit of physical data security of access control policy for stealing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.357-367
• /
• 2018

As information technology of modern society develops, various malicious codes with the purpose of seizing or destroying important system information are developing together. Among them, ransomware is a typical malicious code that prevents access to user's resources. Although researches on detecting ransomware performing encryption have been conducted a lot in recent years, no additional methods have been proposed to recover damaged files after an attack. Also, because the similarity comparison technique was used without considering the repeated encryption, it is highly likely to be recognized as a normal behavior. Therefore, this paper implements a filter driver to control the file system and performs a similarity comparison method that is verified based on the analysis of the encryption pattern of the ransomware. We propose a system to detect the malicious process of the accessed process and recover the damaged file based on the cloud storage.

• Journal of KIISE:Databases
• /
• v.32 no.6
• /
• pp.616-627
• /
• 2005

In the shared storage file system, systems can directly access the shared storage device through specialized data-only subnetwork unlike in the network attached file server system. In this shared-storage architecture, data consistency is maintained by some designated set of lock servers which use control network to send and receive the lock information. Furthermore, lease mechanism is introduced to cope with the control network failure. But when the control network is partitioned, participating systems can no longer make progress after the lease term expires until the network recovers. This paper addresses this limitation and proposes a method that allows partitioned systems to make progress under the partition of control network. The proposed method works in a manner that each participating system is rotationally given a predefined lease term periodically. It is also shown that the proposed mechanism always preserves data consistency.

• Journal of KIISE:Computer Systems and Theory
• /
• v.36 no.4
• /
• pp.247-258
• /
• 2009

Distributed file systems running on a cluster of inexpensive commodity hardware are being recognized as an effective solution to support the explosive growth of storage demand in large-scale Internet service companies. This paper presents the design and implementation of BeanFS, a distributed file system for large-scale e-mail services. BeanFS is adapted to e-mail services as follows. First, the volume-based replication scheme alleviates the metadata management overhead of the central metadata server in dealing with a very large number of small files. Second, BeanFS employs a light-weighted consistency maintenance protocol tailored to simple access patterns of e-mail message. Third, transient and permanent failures are treated separately and recovering from transient failures is done quickly and has less overhead.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.12
• /
• pp.1-8
• /
• 2022

As an efficient file system for SSD(Solid State Drive), F2FS is employed in the kernel of Linux operating system. F2FS applies various methods to improve performance by reflecting the characteristics of flash memory. One of them is improvement of the index structure that contains addresses of data blocks for each file. This paper presents a method for further improving performance by modifying the index structure of F2FS. F2FS manages all index blocks as logical numbers, and an address mapping table is used to find the physical block addresses of index blocks on flash memory. This paper shows performance improvement by applying logical numbers to the last level index blocks only. The count of mapping table search for a data block access is reduced to 1~2 from 1~4.

• Proceedings of the Korean Institute of Communication Sciences Conference
• /
• 1988.10a
• /
• pp.144-147
• /
• 1988

대덕망에 Osi 프로토콜을 구현하기 위한 일련의 작업들은 ETRI의 Osi Group 에 의해서 1985년경부터 시작이 되었다. 현재 Osi의 FTAM(File transfer Access and Managenemt) 프로토콜과 ACSE (Association Control Service Element) presentation 계층 session 계층이 상위계층 프로토콜로 구현되었으며, 상위 계층에서 필요한 통신 서비스를 제공하귀 위해서 transport 계층 및 대덕 man의 통신 서비스를 이용하기 위한 intertiace 들이 구혀되었다. 이러한 interface는 순차적으로 jualring optical cable을 control 하여 대덕 man에 위치한 node들 사이에 Osi 상위계층 프로토콜의 서비스를 제공하게 된다.

• 제어로봇시스템학회:학술대회논문집
• /
• 1989.10a
• /
• pp.520-523
• /
• 1989

MAP(Manufacturing Automation Protocol), Network Protocol for FA has 7 Layer Structure of OSI. Being an Application Layer Protocol for Communication Interfaced with the Actual Programmable Devices, MMS(Manufacturing Message Specification) Consists of Three Factors of Services, Interfaces, and Protocol. For Details, It Classifies with the Followings ; Connection/Context Management, Remote Variable Access, Semaphore Management, File transfer and Management, Program UP/DOWN Load, Remote Program Fxecution. In this Paper Designing MAP Network Station of Programmable Device, we Analyze the Protocol of MMS, and Realize the State Diagram of each Services and Propose the Model of MMS Function Call Instructions.

• Proceedings of the Acoustical Society of Korea Conference
• /
• 1995.06a
• /
• pp.137-140
• /
• 1995

In the paper, CDMA's vocoder algorithm, QCELP, was analyzed. And, 16-bit programmable DSP core for QCELP was designed. When it is used two MACs in DSP, we can implement low-power DSP and estimate decrease of parameter computation speed. Also, we implemented in FIFO memory using register file to increase the access time of the data. This DSP was designed using logic synthesis tool, COMPASS, by top-down design methodology. Therefore, it is possible to cope with rapid change at mobile communication market.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.844-846
• /
• 2003

웹서비스 등 다양한 응용분야에서 리눅스 서버의 사용이 일반화되면서 침입으로 인한 정보 유출 문제 및 다른 시스템으로의 침입 등의 문제를 발생시키고 있다. 한번 침입을 받은 시스템의 경우 시스템 설정이 변경되거나 백도어가 설치되어 쉽게 재침입의 표적이 될 수 있다는 점에서 침입으로 인한 부작용을 최소화하는 것이 필요하다. 본 논문에서는 시스템 침입이 있더라도 시스템 설정을 변경하거나 백도어 설치를 할 수 없도록 제어하기 위한 파일 접근 제어 모듈을 제안한다.