연구동향 분석
박사

명령어 가상 실행을 이용한 적시 프로세스 메모리 암호화 연구 = A Study on JIT-based Process Memory Encryption using Instruction Set Emulation

이경호 2018년

논문상세정보
인용/피인용
' 명령어 가상 실행을 이용한 적시 프로세스 메모리 암호화 연구 = A Study on JIT-based Process Memory Encryption using Instruction Set Emulation' 의 주제별 논문영향력
논문영향력 선정 방법
논문영향력 요약
주제
  • 컴퓨터 프로그래밍,프로그램,자료
  • 데이터 보호
  • 메모리 노출 공격
  • 메모리 암호화
  • 명령어 가상 실행
동일주제 총논문수 논문피인용 총횟수 주제별 논문영향력의 평균
1,007 0

0.0%

' 명령어 가상 실행을 이용한 적시 프로세스 메모리 암호화 연구 = A Study on JIT-based Process Memory Encryption using Instruction Set Emulation' 의 참고문헌

  • 파일 오브젝트 분석 기반 개선된 물리 메모리 실행 파일 추출 방법
  • [ZHU11] D. Y. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall, “Taint Eraser: Protecting sensitive data leaks using application-level ta int tracking,” ACM SIGOPS Oper. Syst. Rev., vol. 45, no. 1, pp. 142–154, 2011.
  • [ZHU02] X. Zhuang and H. H. S. Lee, “HIDE : Hardware-support for Lea kage-Immune Dynamic Execution,” pp. 1–14, 2002.
  • [WIT10] Witherden, Freddie, libforensic1394. https://freddie.witherden.org/ tools/libforensic1394/, 2010
  • [WIN17] Windows driver developer doc team, Matt Stroshane, "Introducti on to File System Filter Drivers", https://docs.microsoft.com/enus/ windows-hardware/drivers/ifs/introduction-to-file-system-filt er-drivers, 2017
  • [VOL17b] Volatility Foundation, "Crash Address Space", https://github.com /volatilityfoundation/volatility/wiki/Crash-Address-Space, 2017
  • [VOL17a] The Volatility Foundation. Volatility foundation. 2017. http://ww w. volatilityfoundation.org/.
  • [VID10] T. Vidas, “Volatile memory acquisition via warm boot memory su rvivability,” Proc. Annu. Hawaii Int. Conf. Syst. Sci., pp. 1–6, 20 10.
  • [TRI14] N. Trivedi, “Study on Pagefile . sys in Windows System,” vol. 1 6, no. 2, pp. 11–16, 2014.
  • [SYL16] J. T. Sylve, V. Marziale, and G. G. Richard, “Modern windows hi bernation file analysis,” Digit. Investig., pp. 1–7, 2016.
  • [SUI07] M. Suiche, “Hibernation Fun n Profit,” Black Hat, 2007.
  • [STU13] St ttgen, J., & Cohen, M. (2013). Anti-forensic resilient memory acquisition. Digital Investigation. http://doi.org/10.1016/j.diin.201 3.06.012
  • [SNO13] K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, an d A.-R. Sadeghi, “Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization,” in Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 2013, pp. 57 4–588.
  • [SIM10] Simon, M. Recovery of Skype Application Activity Data From Ph ysical Memory. http://doi.org/10.1109/ARES.2010.73, 2010
  • [SES07] A. Seshadri and M. Luk, “SecVisor : A Tiny Hypervisor for Lifet ime Kernel Code Integrity.”, 2007
  • [PET10] P. A. H. Peterson, “Cryptkeeper: Improving security with encryp ted RAM,” 2010 IEEE Int. Conf. Technol. Homel. Secur. HST 20 10, pp. 120–126, 2010.
  • [PET04] Petroni, Nick L.; Fraser, Timothy; Molina, Jesus; Arbaugh, Willia m A. Copilot – A Coprocessor-Based Kernel Runtime Integrity Monitor. In Proceedings of the 13th USENIX Security Symposiu m, 2004.
  • [OLA12b] F. Olajide, N. Savage, G. Akmayeva, and C. Shoniregun, “Extra cting Forensically Relevant Information from Windows Applicatio n,” IEEE Int. Conf. Inf. Soc., pp. 423–428, 2012.
  • [OLA12a] F. Olajide, N. Savage, G. Akmayeva, and C. Shoniregun, “Identif ying and Finding Forensic Evidence From Windows Application,” J. Internet Technol. Secur. Trans., vol. 1, no. 4, pp. 117–122, 2 012.
  • [MUL11] T. M ller, F. C. Freiling, and A. Dewald, “TRESOR runs encrypt ion securely outside RAM,” Proceeding SEC’11 Proc. 20th USE NIX Conf. Secur., p. 17, 2011.
  • [MSDc] MSDN, “Process Working Set”, https://msdn.microsoft.com/en-us/l ibrary/windows/desktop/ms684891(v=vs.85).aspx
  • [MSDb] MSDN, ZwMapViewOfSection, https://msdn.microsoft.com/en-us/lib rary/windows/hardware/ff566481(v=vs.85).aspx
  • [MSDa] MSDN, "MmMapIoSpace", https://msdn.microsoft.com/en-us/library /windows/hardware/ff554618(v=vs.85).aspx
  • [MAR14d] Mark E. Russinovich, David A. Solomon, Alex Ionescu, “Windo ws Internals 6th Edition,” acorn publishing Co, Volume 2, pp. 4 08-419, 2014.
  • [MAR14c] Mark E. Russinovich, David A. Solomon, Alex Ionescu, “Windo ws Internals 6th Edition,” acorn publishing Co, Volume 2, pp. 4 08-419, 2014.
  • [MAR14b] Mark E. Russinovich, David A. Solomon, Alex Ionescu, “Windo ws Internals 6th Edition,” acorn publishing Co, Volume 2, pp. 1 50-153, 2014.
  • [MAR14a] Mark E. Russinovich, David A. Solomon, Alex Ionescu, “Windo ws Internals 6th Edition,” acorn publishing Co, Volume 2, pp. 3 74-376, 2014.
  • [MAR13] Maartmann-Moe, Carsten, Inception. http://www.breaknenter.org/ projects/inception/, 2013.
  • [LUK05] C.-K. Luk, R. Cohn, R.Muth, H. Patil, A.Klauser, G. Lowney, S.W al- lace, V. J. Reddi, and K. Hazelwood. Pin: Building Customize d Program Analysis Tools with Dynamic Instrumentation, 2005
  • [LIF09] L. Su, S. Courcambeck, P. Guillemin, C. Schwarz, and R. Pacalet, “SecBus: Operating System controlled hierarchical page-based memory bus protection,” 2009 Des. Autom. Test Eur. Conf. Exh ib., pp. 570–573, 2009.
  • [KOR07] J. D. Kornblum, “Using every part of the buffalo in Windows me mory analysis,” Digit. Investig., vol. 4, no. 1, pp. 24–29, 2007.
  • [KEM12] V. P. Kemerlis, G. Portokalidis, K. Jee, A. D. Keromytis, “Libdf t: Practical Dynamic Data Flow Tracking for Commodity System s,” Proc. 8th ACM SIGPLAN/SIGOPS Conf. Virtual Exec. Enviro n. - VEE ’12, vol. 47, no. 7, p. 121, 2012.
  • [KAN11] Kannan, J., Altekar, G., Maniatis, P., & Chun, B.-G., Making pro grams forget: enforcing lifetime for sensitive data. Proc. of the 13th USENIX Conference on Hot Topics in Operating Systems, 23–27, 2011
  • [JIA13] J. Sun, H. Chen, C. Chang, and X. Li, “KERNEL CODE INTEGRIT Y PROTECTION BASED ON A VIRTUALIZED MEMORY ARCHIT ECTURE,” vol. 32, pp. 295–311, 2013.
  • [JAK09] Jake Edge, “Sanitizing kernel memory”, http://lwn.net/Articles/33 4747/, 2009
  • [IQB09] Iqbal, H., Forensic Analysis of Physical Memory and Page File, 2 009
  • [INT17] Intel, Intel 64 and IA-32 Architectures Software Developer’s M anual Volume 3, 2017
  • [HUA02] A. Huang, “Keeping Secrets In Hardware,” CHES2002, pp. 213– 227, 2002.
  • [HOF11] O. S. Hofmann, A. M. Dunn, I. Roy, and E. Witchel, “Ensuring O perating System Kernel Integrity with OSck,” Evaluation. 2011
  • [HEW14] Hewlett-Packard Corporation, Intel Corporation, Microsoft Corpo ration, Phoenix Technologies Ltd., Toshiba Corporation, "Advanc ed Configuration and Power Interface Specification", 2014.
  • [HER14] Hermann, Uwe, "Physical memory attacks via Firewire/DMA - P art 1: Overview and Mitigation". http://www.hermann-uwe.de/blo g/physical-memory-attacks-via-firewire-dma-part-1-overviewand- mitigation, 2014.
  • [HEJ09] Hejazi, S. M., Talhi, C., & Debbabi, M., Extraction of forensically sensitive information from windows physical memory. Digital Inv estigation, 6(SUPPL.), 2009
  • [HAR11] A. F. Harvey and Data Acquisition Division Staff, "DMA Fundam entals on Various PC Platforms", 2011
  • [HAL08] Halderman, J. A., Schoen, S. D., Heninger, N., Clarkson, W., Pau l, W., Calandrino, J. a., … Felten, E. W. (2008). Lest We Reme mber: Cold Boot Attacks on Encryption Keys. USENIX Security Symposium, 1–16. http://doi.org/10.1145/1506409.1506429
  • [GUE16] S. Gueron, “Memory Encryption for General-Purpose Processor s,” no. December, 2016.
  • [GOT16] J. G tzfried, F. A. U. Erlangen-nuremberg, F. A. U. Erlangen-nu remberg, M. Backes, and S. N rnberger, “RamCrypt : Kernel-ba sed Address Space Encryption for User-mode Processes,” Asia CCS, pp. 919–924, 2016.
  • [GON12] K. Gondi, P. Bisht, and P. Venkatachari, “SWIPE : Eager Erasur e of Sensitive Data in Large Scale Systems Software,” 2012.
  • [ERE03] Erez Zadok, "Writing Stackable Filesystems", https://www.ee.ryer son.ca/~courses/coe518/LinuxJournal/elj2003-109-stackablefilesy stems.pdf, 2003
  • [ENC08] W. Enck, K. Butler, T. Richardson, P. McDaniel, and A. Smith, “Defending against attacks on main memory persistence,” Proc. - Annu. Comput. Secur. Appl. Conf. ACSAC, pp. 65–74, 2008.
  • [DUN12] A. M. Dunn, M. Z. Lee, S. Jana, S. Kim, M. Silberstein, Y. Xu, V. Shmatikov, and E. Witchel, “Eternal Sunshine of the Spotless Machine: Protecting Privacy with Ephemeral Channels.,” Proc. - - USENIX Symp. Oper. Syst. Des. Implement. / USENIX Assoc. USENIX Symp. Oper. Syst. Des. Implement., pp. 61–75, 2012.
  • [DOL09] Dolan-Gavitt, B., "Add Support for Inactive Hiberfiles to Hibinfo, Vola- tilityfoundation/volatility@552c1d8", https://github.com/vola tilityfoundation/volatility/commit/552c1d813b05a0bf8d3d1ec1f64b 3ba5f98403cc, April 2009
  • [DEL12] B. Delpy and B. Delpy, “mimikatz,” PhDays, 2012.
  • [DAR11] DABROWSKI, R., J., MUNSON, AND V., E. Is 100 Millisec- onds Too Fast? In Proceedings of the CHI Conference on Human Fac tors in Computing Systems, vol. 2 of Short talks: in- teraction t echniques, ACM, pp. 317–318. 2011
  • [DAE12], Daeyeop Yang, Manhyun Chung, “Research on User Data Leaka ge Prevention through Memory Initialization”, 2012
  • [COS16] V. Costan and S. Devadas, “Intel SGX Explained,” Cryptol. ePrin t Arch. Rep. 2016/086, p. 108, 2016.
  • [COM17] Comae Technologies, "Hibr2Bin", 2017
  • [COH14] M.Cohen, WIndows Virtual Address Translation and the Pagefile, http://rekall-forensic.blogspot.kr/2014/10/windows-virtual-addres s-translation-and.html, 2014
  • [CHO05] J. Chow, B. Pfaff, T. Garfinkel, and M. Rosenblum, “Shredding y our garbage: Reducing data lifetime through secure deallocatio n,” USENIX Secur. Symp., pp. 331–346, 2005.
  • [CHH11] S. Chhabra, B. Rogers, Y. Solihin, and M. Prvulovic, “SecureME : A Hardware-Software Approach to Full System Security,” Pro c. Int. Conf. Supercomput., pp. 108–119, 2011.
  • [CAR04] Carrier, B.D.; Grand, J. A hardware-based memory acquisition p rocedure for digital investigations. Digital Investigation, Volume 1(1), pp. 50–60, 2004.
  • [BOI06] Boileau, Adam, "Hit by a Bus: Physical Access Attacks with Fire wire". In Proceedings of Ruxcon, 2006
  • [BOC17] The Bochs Project, "Bochs x86 PC emulator - Bochs 2.6.9 rele ased on April 9, 2017", http://bochs.sourceforge.net/, 2017
  • [BIT14] A. Bittau, A. Belay, A. Mashtizadeh, D. Mazieres, and D. Boneh, `“Hacking blind,” in 2014 IEEE Symposium on Security and Priv acy. IEEE, 2014, pp. 227–242.
  • [BES80] BEST, R. Preventing software piracy with crypto-microprocessor s. In Proceedings of the IEEE Spring Compcon. (February 198 0), 466-469.
  • [BEL05] F. Bellard, “QEMU , a Fast and Portable Dynamic Translator,” p p. 41–46, 2005.
  • [BEC05] Becher, Michael; Dornseif, Maximillian; Klein, Christian N. "Fire Wire – All Your Memory Are Belong To Us". In Proceedings of the Annual CanSecWest Applied Security Conference, 2005.
  • [BBN06] BBN Technologies. FRED: Forensic RAM Extraction Device. htt p://www. ir.bbn.com/˜vkawadia/, 2006.