• KIISE Transactions on Computing Practices
• /
• v.20 no.12
• /
• pp.632-639
• /
• 2014

In this paper, we propose a PC's self-monitoring system for protecting illegal outflow of important personal files, which are managed in the Windows environment PC. This paper is based on the idea that it should be a read (access) file operation in order to outflow files through the network. To compare the information (name, some content) obtained from all operations of the reading of the 'Windows File System Driver' and captured transmission packets of mini port of 'Windows NDIS (Network Driver Interface Specification) Driver', and, if two pieces of information match, this system will determine the transmission to user. In this paper, tentatively, we developed a function to gather file information about file read operation and developed a function for transmission packet capture. This demonstration implementation showed that the proposed process has validity and the proposed process verified that it does not significantly affect the PC's performance.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• The KIPS Transactions:PartA
• /
• v.11A no.3
• /
• pp.139-148
• /
• 2004

The number of applications of small embedded systems such as PDAs, electronic note books, etc. based on Kinux, have increased. Due to the monolithic characteristic of Linux kernel, it is not suitable to satisfy the various kinds of embedded application requirement. To assist the shortcoming of monolithic kernel, we implement uJFFS 113th file system as an application program process which runs in user space. This solution consists of a file system and a flash device driver, and makes Linux kernel smaller by separating the file system from the kernel. uJFFS consists of ujffs_fs that plays a part of file system and ujffs_drv that controls a flash device. Which provides the same user interface as Linux does. A Device driver for the physical device is implemented in user pace, which prevents kernel failures from file system errors. So uJFFS can increase stability of the system.

• Journal of KIISE:Computer Systems and Theory
• /
• v.36 no.3
• /
• pp.171-180
• /
• 2009

Slowly, but surely, we are seeing the emergence of a variety of embedded systems that are employing Storage Class RAM (SCRAM) such as FeRAM, MRAM and PRAM, SCRAM not only has DRAM-characteristic, that is, random byte-unit access capability, but also Disk-characteristic, that is, non-volatility. In this paper, we propose a new software architecture that allows SCRAM to be used both for main memory and for secondary storage simultaneously- The proposed software architecture has two core modules, one is a SCRAM driver and the other is a SCRAM manager. The SCRAM driver takes care of SCRAM directly and exports low level interfaces required for upper layer software modules including traditional file systems, buddy systems and our SCRAM manager. The SCRAM manager treats file objects and memory objects as a single object and deals with them in a unified way so that they can be interchanged without copy overheads. Experiments conducted on real embedded board with FeRAM have shown that the SCRAM driver indeed supports both the traditional F AT file system and buddy system seamlessly. The results also have revealed that the SCRAM manager makes effective use of both characteristics of SCRAM and performs an order of magnitude better than the traditional file system and buddy system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.6B
• /
• pp.325-333
• /
• 2007

An OS requires the device driver to control hardware IPs at application level. Development of a device driver requires specific acknowledge for target hardware and OS. In this paper, we present a system which generates a device driver together with an interface circuit. In the proposed system, an efficient device driver is generated by selecting a basic device driver skeleton, a function module code, and a header file table from the pre-constructed library and an interface circuit is constructed such that the generated device driver operates correctly. The proposed system is evaluated by generating a TFT-LCD device driver on the ARM922T core with 3.5 inch Samsung TFT-LCD in ARM-Linux environment. Experiment result shows that the writing time on the LCD is decreased by 1.12% and the compiled code size is increased by 0.17% compared to the manually generated one. The automatically generated device driver has no performance degradation in the latency of hardware control at the application program level. The system development time can be reduced using the proposed device driver generation system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.357-367
• /
• 2018

As information technology of modern society develops, various malicious codes with the purpose of seizing or destroying important system information are developing together. Among them, ransomware is a typical malicious code that prevents access to user's resources. Although researches on detecting ransomware performing encryption have been conducted a lot in recent years, no additional methods have been proposed to recover damaged files after an attack. Also, because the similarity comparison technique was used without considering the repeated encryption, it is highly likely to be recognized as a normal behavior. Therefore, this paper implements a filter driver to control the file system and performs a similarity comparison method that is verified based on the analysis of the encryption pattern of the ransomware. We propose a system to detect the malicious process of the accessed process and recover the damaged file based on the cloud storage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.51-60
• /
• 2005

The riles or intellectual property on computer systems have increasingly been exposed to such threats that they can be flowed out by internal users or outer attacks through the network. The File Outflow Monitoring System monitors file outflows at server by making the toe when users copy files on client computers into storage devices or print them, The monitoring system filters I/O Request packet by I/O Manager in kernel level if files are flowed out by copying, while it uses Win32 API hooking if printed. As a result, it has exactly made the log and monitored file outflows, which is proved through testing in Windows 2000 and XP.

• Journal of KIISE:Computer Systems and Theory
• /
• v.34 no.8
• /
• pp.348-366
• /
• 2007

Capacity of modem storage devices is becoming larger than yesterday and integration of disk is increasing. It refers that physical errors can damage a lot of digital information on storage devices. So we propose file system test framework in this paper to test integrity and robustness of file systems. We develop the tool for generating bad sectors on disks and the tool which creates all physical errors defined in storage devices. We also develop the tool for immediately monitoring the condition of read and write execution on storage devices. So, by integrating those tools, we develop FORT, test framework for confirming robustness of file system. We analyze robustness of ext3 file systems by FORT. Lastly, we present draft of intelligent system merging file system and device driver's layer architecture.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.2 no.1
• /
• pp.73-79
• /
• 2009

Analyze semantic of files recorded in the user's computer file system based on C++ program language which pursue modularization program and object-oriented programming language. And this refers to it, it design that clustering semantic of filename with thesaurus for user convenience. WTPM makes User Write Files into Cluster with thesaurus semantic structure and reserved words. WTPM process has designed for Icon file's display Mashup structure and implemented by automation algorithm of classification.

• Proceedings of the KIEE Conference
• /
• 2004.07d
• /
• pp.2429-2431
• /
• 2004

In this paper, we have designed a remote controlable HDR System using all embedded linux board. The system is composed of three parts - a HDR System, a PC client program for remote control and a Nameserver for registering and aquisition of the IP address. The system is built in an embedded board using a linux kernel. With the Linux the system can support networking and file system for a hard disk management In addition, the system embeds a web-server and a ftp-server for remote manipulation and file transfer. And the hardwares of the system are controlled by the linux device driver mechanism. MPEG1/2 technique is used to compress TV tuner signal and external analog video/audio signal. And compressed data is stored in a hard disk. The data stored in the system is accesable through lan or internet. And RTP protocol is used to enable the system to service live stream of instant video/audio input.