• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.861-870
• /
• 2014

According to the intelligence of the malicious code to extract the executable file in physical memory is emerging as an import researh issue. In previous physical memory studies on executable file extraction which is targeting running files, they are not extracted as same as original file saved in disc. Therefore, we need a method that can extract files as same as original one saved in disc and also can analyze file-information loaded in physical memory. In this paper, we provide a method that executable file extraction by analyzing information of Windows kernel file object. Also we analyze the characteristic of physical memory loaded file data from the experiment and we demonstrate superiority because the suggested method can effectively extract more of original file data than the existing method.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.14 no.5
• /
• pp.249-258
• /
• 2019

In the cyber-physical system, big data collected from numerous sensors and IoT devices is transferred to the Cloud for processing and analysis. When transferring data to the Cloud, merging data into one single file is more efficient than using the data in the form of split files. However, current merging and splitting operations are performed at the user-level and require many I / O requests to memory and storage devices, which is very inefficient and time-consuming. To solve this problem, this paper proposes kernel-level partitioning and combining operations. At the kernel level, splitting and merging files can be done with very little overhead by modifying the file system metadata. We have designed the proposed algorithm in detail and implemented it in the Linux Ext4 file system. In our experiments with the real Cloud storage system, our technique has achieved a transfer time of up to only 17% compared to the case of transferring split files. It also confirmed that the time required can be reduced by up to 0.5% compared to the existing user-level method.

• Journal of KIISE:Computer Systems and Theory
• /
• v.34 no.8
• /
• pp.348-366
• /
• 2007

Capacity of modem storage devices is becoming larger than yesterday and integration of disk is increasing. It refers that physical errors can damage a lot of digital information on storage devices. So we propose file system test framework in this paper to test integrity and robustness of file systems. We develop the tool for generating bad sectors on disks and the tool which creates all physical errors defined in storage devices. We also develop the tool for immediately monitoring the condition of read and write execution on storage devices. So, by integrating those tools, we develop FORT, test framework for confirming robustness of file system. We analyze robustness of ext3 file systems by FORT. Lastly, we present draft of intelligent system merging file system and device driver's layer architecture.

• Journal of Information Processing Systems
• /
• v.14 no.5
• /
• pp.1150-1166
• /
• 2018

This paper presents a physical storage design method for image access structures using transformation techniques of multidimensional file organizations in image information systems. Physical storage design is the process of determining the access structures to provide optimal query processing performance for a given set of queries. So far, there has been no such attempt in the image information system. We first show that the number of pages to be accessed decreases as the shape of the given retrieval query region and that of the data page region become similar in the transformed domain space. Using these properties, we propose a method for finding an optimal image access structure by controlling the shapes of the page regions. For the performance evaluation, we have performed many experiments with a multidimensional file organization using transformation techniques. The results indicate that our proposed method is at least one to maximum five times faster than the conventional method according to the query pattern within the scope of the experiments. The result confirms that the proposed physical storage design method is useful in a practical way.

• Journal of Korean Library and Information Science Society
• /
• v.16
• /
• pp.99-128
• /
• 1989

The purpose of this study is to examine the problems of the each cataloging rules about the physical description area that generated the greatest controversy in the cataloging of microcomputer software, and to suggest solutions of these problems. The results of the study can be summarized as follows: 1. Because the physical description area of materials is to identify the physical attributes of the carrier, file description might better described in the material specific details area. 2. Integrated software that related file is linked together need to be used terms that represented any type of software 3. It is desirable that the term 'computer' is to be used as a modifier to devide the carrier of microcomputer and other non book materials. 4. System requirements would better described in a note area rather than physical, description area. 5. It is desirable that other physical details such as recording density, tracks, etc., is to describe in the physical description area, since such information is to represent specifics of the carrier.

• International Journal of Internet, Broadcasting and Communication
• /
• v.11 no.3
• /
• pp.64-70
• /
• 2019

Video files of video devices such as black box and CCTV may be damaged due to repetitive file read / write and physical environment factors. Even though there are available parts of video information, it may happen that playback can't be performed due to damage of some information. To playback the remaining video information normally, it is necessary to recover damaged areas of the files. For this, it is necessary to accurately check the damage range of the files. In this paper, we propose the design and implementation of a tool which detects damaged areas of a video file and recovers the usable area of the file to playback. The proposed tool can analyze and recover without additional information by analyzing common information of video container format and can check detailed damaged ranges with chunks. It is possible to perform recovery just only with the target file and reference file without any other information such as codec specification.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.2
• /
• pp.98-113
• /
• 2009

Conventional file systems for harddisk drive cannot be applied to NAND flash memory, because the physical characteristics of NAND flash memory differs from those of harddisk drive. To address this problem, various file systems with better reliability and efficiency have also been developed recently. However, those file systems have inherent overheads for updating the file's metadata pages, because those file systems save file's meta-data and data separately. Furthermore, those file systems have a critical reliability problem: file systems fail when either a page in meta-data of a file system or a file itself fails. In this paper, we propose a self-description page technique and In Memory Core File System technique to address these efficiency and reliability problems, and develop SDFS(Self-Description File System) newly. SDFS can be safely recovered, although some pages fail, and improves write and read performance by 36% and 15%, respectively, and reduces mounting time by 1/20 compared with YAFFS2.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1013-1022
• /
• 2017

Windows hibernation is a function that stores data of physical memory on a non-volatile media and then restores the memory data from the non-volatile media to the physical memory when the system is powered on. Since the hibernation file has memory data in a static state, when the attacker collects it, key information in the system's physical memory may be leaked. Because Windows does not support protection for hibernation files only, we need to protect the memory that is written to the hibernate file. In this paper, we propose a method to encrypt the physical memory data in the hibernation file to protect the memory data of the processes recorded in the hibernation file. Hibernating procedure is analyzed to encrypt the memory data at the hibernating and the encryption process for hibernation memory is implemented to operate transparently for each process. Experimental results show that the hibernation process memory encryption tool showed about 2.7 times overhead due to the crypt cost. This overhead is necessary to prevent the attacker from exposing the plaintext memory data of the process.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.3
• /
• pp.251-255
• /
• 2008

In most file systems, if a file is deleted, only the metadata of the file is deleted or modified and the file's data is still stored on the physical media. Some users require that deleted files no longer be accessible. This requirement is more important in embedded systems that employ flash memory as a storage medium. In this paper, we propose a secure deletion method for NAND flash file system and apply the method to YAFFS. Our method uses encryption to delete files and forces all keys of a specific file to be stored in the same block. Therefore, only one erase operation is required to securely delete a file. Our simulation results show that the amortized number of block erases is smaller than the simple encryption method. Even though we apply our method only to the YAFFS, our method can be easily applied to other NAND flash file systems.

• Journal of Korea Multimedia Society
• /
• v.8 no.5
• /
• pp.721-728
• /
• 2005

A virtual machine is a conceptual computer with a logical system configuration, made of software unlike physical systems made of hardware. Virtual machine technology for embedded systems is a requisite software technology for download solutions such as mobile devices, digital TVs, etc. At present, a research of virtual machines for embedded systems named EVM(Embedded Virtual Machine) is in progress. As a part of the research, we define the EFF(Executable File Format) as a file format for embedded systems. We also prove completeness of EFF by structurally mapping class file widely used to EFF.