• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.26-28
• /
• 2023

현대 시스템의 크기와 복잡도 증가로 인하여 시스템의 여러 구성 요소들이 공유하는 메모리에 대한 최소 특권의 원칙 적용의 필요성이 대두되었다. 제 3 자 라이브러리, 다중 쓰레드 등의 각 구성 요소들이 접근할 수 있는 메모리 권한을 다르게 적용함으로써 구성 요소들 중 하나에서의 취약점이 전체 시스템을 위협하는 것을 방지함과 동시에 각 요소들 간 효율적인 메모리 공유를 가능케 하기 때문이다. 본 논문에서는 공유 메모리에 대한 최소 특권의 원칙 적용 기법들의 분석과 더불어 각 기법들이 가지는 한계점을 제시한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6139-6160
• /
• 2018

For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.