公开(公告)号：US20240320308A1

公开(公告)日：2024-09-26

申请号：US18218320

申请日：2023-07-05

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Woomin HWANG ,  Sung-Jin KIM ,  Inhyeok JANG ,  Byung Chul BAE ,  Byungjoon KIM

IPC: G06F21/14 ,  G06F21/60 ,  G06F21/74

CPC classification number: G06F21/14 ,  G06F21/602 ,  G06F21/74

Abstract: Disclosed herein are an apparatus and method for code randomization in a confidential execution region based on Intel Software Guard eXtensions (SGX) for a user application and a shared library. The method may include initializing a confidential execution region by executing an SGX enclave shared object file generated and distributed by a publisher device, loading an encrypted payload into memory, acquiring a decryption key for decrypting the encrypted payload, decrypting the payload, and placing the decrypted payload in the confidential execution region in units of basic blocks with reference to metadata distributed by the publisher device.

公开(公告)号：US20230376591A1

公开(公告)日：2023-11-23

申请号：US17953498

申请日：2022-09-27

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin KIM ,  In-Hyeok JANG ,  Woo-Min HWANG ,  Byung-Chul BAE ,  Byung-Joon KIM

IPC: G06F21/55 ,  G06F21/53

CPC classification number: G06F21/554 ,  G06F21/53 ,  G06F2221/034

Abstract: Disclosed herein is a method for processing a security event in a container virtualization environment. The method may include collecting designated security events in a kernel space, storing the collected security events in a security event storage module in real time, and providing a security manager with the security event corresponding to a query request from a security event management module, among the security events stored in the security event storage module.

公开(公告)号：US20160092679A1

公开(公告)日：2016-03-31

申请号：US14791729

申请日：2015-07-06

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin KIM ,  ByungJoon KIM ,  ChulWoo LEE ,  HyoungChun KIM

IPC: G06F21/55 ,  G06F21/56

CPC classification number: G06F21/552 ,  G06F21/53

Abstract: An inspection and recovery method and apparatus for handling virtual machine vulnerability, which inspect the security status of a virtual machine in a hypervisor domain, and recover a main system file or limit the use of a virtual machine suspected of being damaged due to hacking depending on the results of inspection, thus providing a secure virtual machine use environment for cloud computing. In the presented method, collection target information and inspection criteria including vulnerability inspection criteria, recovery criteria, and hacking damage criteria are updated. Then, the collection target information is collected from the virtual disk and virtual memory of each virtual machine. Vulnerability is inspected in conformity with the inspection criteria, based on the collected information. A damaged main system file depending on inspection results is recovered based on recovery criteria.

Abstract translation: 一种用于处理虚拟机漏洞的检查和恢复方法和装置，用于检查虚拟机管理程序域中的虚拟机的安全状态，并恢复主系统文件或限制由于黑客而遭到破坏的虚拟机的使用，这取决于 检查结果，从而为云计算提供安全的虚拟机使用环境。 在提出的方法中，更新了收集目标信息和检查标准，包括漏洞检查标准，恢复标准和黑客损害标准。 然后，从每个虚拟机的虚拟盘和虚拟存储器收集收集目标信息。 根据收集到的信息，检查符合检验标准的漏洞。 根据检查结果，损坏的主系统文件将根据恢复标准进行恢复。

公开(公告)号：US20150237027A1

公开(公告)日：2015-08-20

申请号：US14466971

申请日：2014-08-23

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin KIM ,  ChulWoo LEE ,  ByungJoon KIM ,  HyoungChun KIM

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/205

Abstract: An apparatus, method and system for context-aware security control in a cloud environment are provided. The apparatus includes an authentication header inspection unit and a packet data processing unit. The authentication header inspection unit generates an authentication header based on the received context information and key of a user, compares the generated authentication header with the authentication header of packet data received from a remote user terminal, and outputs the results of the comparison. The packet data processing unit performs one of the transmission, modulation and discarding of packet data from the cloud server of a cloud service network based on the results of the comparison by the authentication header inspection unit.

Abstract translation: 提供了一种用于云环境中的上下文感知安全控制的装置，方法和系统。 该装置包括认证报头检查单元和分组数据处理单元。 认证报头检查部基于接收的用户的上下文信息和密钥生成认证报头，将生成的认证报头与从远程用户终端接收到的分组数据的认证报头进行比较，并输出比较结果。 分组数据处理单元基于认证报头检查单元的比较结果，从云服务网络的云服务器执行分组数据的传输，调制和丢弃之一。

公开(公告)号：US20250013556A1

公开(公告)日：2025-01-09

申请号：US18405059

申请日：2024-01-05

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Inhyeok JANG ,  Suh-Ho LEE ,  Sung-Jin KIM ,  Ju-Hyung SON ,  Byungjoon KIM

IPC: G06F11/36

Abstract: Disclosed herein is an apparatus and method for extracting and analyzing runtime software execution information. The apparatus may include a collection unit for collecting execution-related data by tracing functions of an operating system on which software is executed or access to data and an analysis unit for generating required information by analyzing the collected execution-related data.

公开(公告)号：US20210390172A1

公开(公告)日：2021-12-16

申请号：US16944480

申请日：2020-07-31

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin KIM ,  Hyunyi YI ,  Chulwoo LEE ,  Woomin HWANG ,  Byungjoon KIM

IPC: G06F21/53

Abstract: An apparatus and method for generating a system call whitelist for an application container. The method may include determining whether a container is based on machine code or non-machine code by analyzing the internal configuration of the running container, identifying system calls included in an application through binary static analysis or static analysis of source code selected depending on the determination of whether the container is based on machine code or non-machine code, and generating a whitelist based on the numbers of all of the identified system calls.

公开(公告)号：US20190012465A1

公开(公告)日：2019-01-10

申请号：US15938017

申请日：2018-03-28

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin KIM ,  Hyunyi YI ,  Seong-Joong KIM ,  Woomin HWANG ,  Byung-Joon KIM ,  Chulwoo LEE ,  Hyoung-Chun KIM

IPC: G06F21/57 ,  G06F21/55 ,  G06F9/455

CPC classification number: G06F21/575 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/552 ,  G06F21/554 ,  G06F21/566 ,  G06F2009/45575 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2221/034 ,  G06F2221/2101

Abstract: An apparatus and method for collecting an audit trail in a virtual machine boot process, the audit-trail-collecting apparatus including an event detection unit for detecting a software interrupt event, a register state information extraction unit for extracting state information of a CPU register corresponding to a detection time of the software interrupt event, a monitoring unit for monitoring a change in a vector value corresponding to the software interrupt event in an interrupt vector table, a threat occurrence detection unit for detecting a threat occurrence in a virtual machine boot process based on at least one of the CPU register state information and a monitored result, and an audit trail collection unit for storing an audit trail corresponding to at least one of the CPU register state information and the monitored result when the threat occurrence is detected in the virtual machine boot process.

公开(公告)号：US20210382997A1

公开(公告)日：2021-12-09

申请号：US16991362

申请日：2020-08-12

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyunyi YI ,  Sung-Jin KIM ,  Chulwoo LEE ,  Woomin HWANG ,  Byungjoon KIM

IPC: G06F21/57

Abstract: A method and apparatus for providing security visibility into a container image. The method includes generating a software list by analyzing layers forming a container image, generating a vulnerability check result based on the software list, and generating a container image content report based on the software list and the vulnerability check result.

公开(公告)号：US20200285733A1

公开(公告)日：2020-09-10

申请号：US16411354

申请日：2019-05-14

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin KIM ,  Hyunyi YI ,  Chulwoo LEE ,  Woomin HWANG ,  Hyoung-Chun KIM

IPC: G06F21/53 ,  G06F9/455

Abstract: An operation method of a system for generating a security profile of a security instance includes extracting executable code and a library file from a container, thereby identifying a target to be analyzed; performing binary static analysis for the executable code and the library file in order to generate a system call list; and generating a Secure Computing Mode (SECCOMP) security profile based on the system call list.

公开(公告)号：US20180300182A1

公开(公告)日：2018-10-18

申请号：US15810790

申请日：2017-11-13

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Woomin HWANG ,  Sung-Jin KIM ,  Byung-Joon KIM ,  Hyunyi YI ,  Chulwoo LEE ,  Hyoung-Chun KIM

IPC: G06F9/50 ,  G06F9/455

Abstract: A hypervisor-based virtual machine isolation apparatus and method. The hypervisor-based virtual machine isolation method performed by the hypervisor-based virtual machine isolation apparatus includes when a hypervisor starts to run virtual machines, allocating one or more colors to each of the virtual machines, allocating a page frame corresponding to the allocated colors to the corresponding virtual machine, allocating an accessible core depending on the colors of the virtual machine, and performing isolation between virtual machines corresponding to an identical color by changing a temporal/spatial scheduling order between the virtual machines corresponding to the identical color.