• 제목/요약/키워드: Secure Execution

검색결과 122건 처리시간 0.027초

SEE 분야의 연구 및 기술 동향 (Recent Trends in Research and Technology of Secure Execution Environment)

  • 백광호;강동호;김기영
    • 전자통신동향분석
    • /
    • 제22권5호
    • /
    • pp.152-158
    • /
    • 2007
  • Secure execution environment는 안전한 컴퓨팅 시스템의 실행환경을 의미한다. 컴퓨터 시스템을 포함해서 프로세서를 가지고 있는 모든 종류의 단말이 secure execution enviroment 관련 연구의 대상이 될 수 있다. 기본적인 컴퓨팅 환경의 보안 수준을 높여주는 secure execution enviroment는 이미 많은 연구가 진행된 분야로 본 문서에서는 이와 관련된 연구 및 기술개발 동향에 대해서 알아본다. 또한 대학교에서 진행된 대표적인 프로젝트와 프로세서 제조업체의 기술 동향 및 관련된 산업 표준화 동향을 살펴보고 비교 분석하는 것을 목표로 한다.

Free-Roaming 실행 환경에서 절단공격으로부터 이동에이전트의 안전한 실행 보장 기법 (Secure Execution Assurance Mechanism of Mobile Agent from Truncation Attack in Free-Roaming Environments)

  • 정창렬;이성근
    • 한국정보통신학회논문지
    • /
    • 제14권1호
    • /
    • pp.97-108
    • /
    • 2010
  • Free-roaming 이동 에이전트의 데이터 보호는 이동성과 호스트 간 매핑으로 인해 보안에 대한 심각한 위협으로 완전히 해결되지 못한 문제이다. 특히 절단공격을 방어하는 측면에서 그렇다. 그러므로 사용자 중심의 응용 기술에 에이전트가 이용될 때 에이전트의 안전한 실행 보장은 필수적이다. 본 논문에서는 에이전트의 실행 중 악의적인 호스트에 의해 발생하는 보안 위협으로부터 안전한 실행을 보장한다. 그리고 공격자에 의해서 선의의 호스트가 악의적으로 남용되는 것으로부터 에이전트 실행을 보장하도록 하는 연쇄적으로 두 개의 호스트와 다음 두 개의 호스트간에 체인관계 형성이 가능하기 때문에 안정성이 보장된다. 이는 안전한 이동에이전트 실행보장을 위한 실행 추적 프로토콜 메커니즘을 제안한다. 그리고 보안 분석을 통해 안전성을 분석한다.

A Survey of Trusted Execution Environment Security

  • Yoon, Hyundo;Hur, Junbeom
    • 한국정보처리학회:학술대회논문집
    • /
    • 한국정보처리학회 2019년도 춘계학술발표대회
    • /
    • pp.168-169
    • /
    • 2019
  • Trusted Execution Environment(TEE), such as Intel SGX, AMD Secure Processor and ARM TrustZone, has recently been a rising issue. Trusted Execution Environment provides a secure and independent code execution, hardware-based, environment for untrusted OS. In this paper, we show that Trusted Execution Environment's research trends on its vulnerability and attack models. We classify the previous attack models, and summarize mitigations for each TEE environment.

SoC Virtual Platform with Secure Key Generation Module for Embedded Secure Devices

  • Seung-Ho Lim;Hyeok-Jin Lim;Seong-Cheon Park
    • Journal of Information Processing Systems
    • /
    • 제20권1호
    • /
    • pp.116-130
    • /
    • 2024
  • In the Internet-of-Things (IoT) or blockchain-based network systems, secure keys may be stored in individual devices; thus, individual devices should protect data by performing secure operations on the data transmitted and received over networks. Typically, secure functions, such as a physical unclonable function (PUF) and fully homomorphic encryption (FHE), are useful for generating safe keys and distributing data in a network. However, to provide these functions in embedded devices for IoT or blockchain systems, proper inspection is required for designing and implementing embedded system-on-chip (SoC) modules through overhead and performance analysis. In this paper, a virtual platform (SoC VP) was developed that includes a secure key generation module with a PUF and FHE. The SoC VP platform was implemented using SystemC, which enables the execution and verification of various aspects of the secure key generation module at the electronic system level and analyzes the system-level execution time, memory footprint, and performance, such as randomness and uniqueness. We experimentally verified the secure key generation module, and estimated the execution of the PUF key and FHE encryption based on the unit time of each module.

대리자를 통한 원격증명 검증 및 보안 연결 성립 방법 (Method for Delegating Remote Attestation Verification and Establishing a Secure Channel)

  • 이경룡;조영필;유준승;백윤흥
    • 한국정보처리학회:학술대회논문집
    • /
    • 한국정보처리학회 2021년도 추계학술발표대회
    • /
    • pp.267-269
    • /
    • 2021
  • Trusted Execution Environment(TEE) is an execution environment provided by CPU hardware to gain guarantee that the execution context is as expected by the execution requester. Remote attestation of the execution context naturally arises from the concept of TEEs. Many implementations of TEEs use cryptographic remote attestation methods. Though the implementation of attestation may be simple, the implementation of verification may be very complex and heavy. By using a server delegating the verification process of attestation information, one may produce lightweight binaries that may verify peers and establish a secure channel with verified peers.

Design and Implementation of Software Vulnerability Analysis Algorithm through Static Data Access Analysis

  • Lim, Hyun-il
    • 한국컴퓨터정보학회논문지
    • /
    • 제20권8호
    • /
    • pp.69-75
    • /
    • 2015
  • Nowadays, software plays various roles in applications in wide areas. However, the security problems caused by software vulnerabilities increase. So, it is necessary to improve software security and safety in software execution. In this paper, we propose an approach to improve the safety of software execution by managing information used in software through static data access analysis. The approach can detect the exposures of secure data in software execution by analyzing information property and flows through static data access analysis. In this paper, we implemented and experimented the proposed approach with a base language, and verify that the proposed approach can effectively detect the exposures of secure information. The proposed approach can be applied in several areas for improving software safety by analysing vulnerabilities from information flows in software execution.

가상화를 이용한 모바일 플랫폼 보안성 향상 기술 (Enhancing Mobile Platform Security with Virtualization Technologies)

  • 김정한;김지홍;신은환;엄영익
    • 정보보호학회논문지
    • /
    • 제21권1호
    • /
    • pp.201-212
    • /
    • 2011
  • 모바일 장치의 성능 향상과 네트워크 인프라의 확산 그리고 개방형 어플리케이션의 등장으로 스마트폰이 빠르게 보급되고 있다. 이러한 모바일 환경의 변화는 다양한 선 작용과 동시에 보안 문제를 야기하고 있다. 이를 해결하기 위한 다양한 방법 중 하나로 가상화를 이용한 보안 기술이 주목받고 있다. 이에 본 논문에서는 가상화를 이용한 모바일 플랫폼 보안성 형상 기술을 제안한다. 제안하는 Secure execution 기술과 프로세스 은닉 기술을 통하여 가상 머신 보호 및 프로세스 보호가 가능함으로써 보다 더 안전한 모바일 환경을 제공한다.

A White-box Implementation of SEED

  • Kim, Jinsu
    • 한국정보기술학회 영문논문지
    • /
    • 제9권2호
    • /
    • pp.115-123
    • /
    • 2019
  • White-box cryptography is an implementation technique in order to protect secret keys of cryptographic algorithms in the white-box attack model, which is the setting that an adversary has full access to the implementation of the cryptographic algorithm and full control over their execution. This concept was introduced in 2002 by Chow et al., and since then, there have been many proposals for secure implementations. While there have been many approaches to construct a secure white-box implementation for the ciphers with SPN structures, there was no notable result about the white-box implementation for the block ciphers with Feistel structure after white-box DES implementation was broken. In this paper, we propose a secure white-box implementation for a block cipher SEED with Feistel structure, which can prevent the previous known attacks for white-box implementations. Our proposal is simple and practical: it is performed by only 3,376 table lookups during each execution and the total size of tables is 762.5 KB.

A Fully Distributed Secure Approach using Nondeterministic Encryption for Database Security in Cloud

  • Srinu Banothu;A. Govardhan;Karnam Madhavi
    • International Journal of Computer Science & Network Security
    • /
    • 제24권1호
    • /
    • pp.140-150
    • /
    • 2024
  • Database-as-a-Service is one of the prime services provided by Cloud Computing. It provides data storage and management services to individuals, enterprises and organizations on pay and uses basis. In which any enterprise or organization can outsource its databases to the Cloud Service Provider (CSP) and query the data whenever and wherever required through any devices connected to the internet. The advantage of this service is that enterprises or organizations can reduce the cost of establishing and maintaining infrastructure locally. However, there exist some database security, privacychallenges and query performance issues to access data, to overcome these issues, in our recent research, developed a database security model using a deterministic encryption scheme, which improved query execution performance and database security level.As this model is implemented using a deterministic encryption scheme, it may suffer from chosen plain text attack, to overcome this issue. In this paper, we proposed a new model for cloud database security using nondeterministic encryption, order preserving encryption, homomorphic encryptionand database distribution schemes, andour proposed model supports execution of queries with equality check, range condition and aggregate operations on encrypted cloud database without decryption. This model is more secure with optimal query execution performance.