公开(公告)号：US09734330B2

公开(公告)日：2017-08-15

申请号：US14791729

申请日：2015-07-06

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin Kim ,  ByungJoon Kim ,  ChulWoo Lee ,  HyoungChun Kim

IPC: G06F21/57 ,  G06F21/55 ,  G06F21/53

CPC classification number: G06F21/552 ,  G06F21/53

Abstract: An inspection and recovery method and apparatus for handling virtual machine vulnerability, which inspect the security status of a virtual machine in a hypervisor domain, and recover a main system file or limit the use of a virtual machine suspected of being damaged due to hacking depending on the results of inspection, thus providing a secure virtual machine use environment for cloud computing. In the presented method, collection target information and inspection criteria including vulnerability inspection criteria, recovery criteria, and hacking damage criteria are updated. Then, the collection target information is collected from the virtual disk and virtual memory of each virtual machine. Vulnerability is inspected in conformity with the inspection criteria, based on the collected information. A damaged main system file depending on inspection results is recovered based on recovery criteria.

公开(公告)号：US09294463B2

公开(公告)日：2016-03-22

申请号：US14466971

申请日：2014-08-23

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin Kim ,  ChulWoo Lee ,  ByungJoon Kim ,  HyoungChun Kim

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/205

Abstract: An apparatus, method and system for context-aware security control in a cloud environment are provided. The apparatus includes an authentication header inspection unit and a packet data processing unit. The authentication header inspection unit generates an authentication header based on the received context information and key of a user, compares the generated authentication header with the authentication header of packet data received from a remote user terminal, and outputs the results of the comparison. The packet data processing unit performs one of the transmission, modulation and discarding of packet data from the cloud server of a cloud service network based on the results of the comparison by the authentication header inspection unit.

Abstract translation: 提供了一种用于云环境中的上下文感知安全控制的装置，方法和系统。 该装置包括认证报头检查单元和分组数据处理单元。 认证报头检查部基于接收的用户的上下文信息和密钥生成认证报头，将生成的认证报头与从远程用户终端接收到的分组数据的认证报头进行比较，并输出比较结果。 分组数据处理单元基于认证报头检查单元的比较结果，从云服务网络的云服务器执行分组数据的传输，调制和丢弃之一。

公开(公告)号：US11893106B2

公开(公告)日：2024-02-06

申请号：US16944480

申请日：2020-07-31

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin Kim ,  Hyunyi Yi ,  Chulwoo Lee ,  Woomin Hwang ,  Byungjoon Kim

IPC: G06F21/53

CPC classification number: G06F21/53 ,  G06F2221/034

Abstract: An apparatus and method for generating a system call whitelist for an application container. The method may include determining whether a container is based on machine code or non-machine code by analyzing the internal configuration of the running container, identifying system calls included in an application through binary static analysis or static analysis of source code selected depending on the determination of whether the container is based on machine code or non-machine code, and generating a whitelist based on the numbers of all of the identified system calls.

公开(公告)号：US10776491B2

公开(公告)日：2020-09-15

申请号：US15938017

申请日：2018-03-28

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin Kim ,  Hyunyi Yi ,  Seong-Joong Kim ,  Woomin Hwang ,  Byung-Joon Kim ,  Chulwoo Lee ,  Hyoung-Chun Kim

IPC: G06F21/55 ,  G06F21/57 ,  G06F9/455 ,  G06F21/53 ,  G06F21/56

Abstract: An apparatus and method for collecting an audit trail in a virtual machine boot process, the audit-trail-collecting apparatus including an event detection unit for detecting a software interrupt event, a register state information extraction unit for extracting state information of a CPU register corresponding to a detection time of the software interrupt event, a monitoring unit for monitoring a change in a vector value corresponding to the software interrupt event in an interrupt vector table, a threat occurrence detection unit for detecting a threat occurrence in a virtual machine boot process based on at least one of the CPU register state information and a monitored result, and an audit trail collection unit for storing an audit trail corresponding to at least one of the CPU register state information and the monitored result when the threat occurrence is detected in the virtual machine boot process.

公开(公告)号：US11669622B2

公开(公告)日：2023-06-06

申请号：US16991362

申请日：2020-08-12

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Hyunyi Yi ,  Sung-Jin Kim ,  Chulwoo Lee ,  Woomin Hwang ,  Byungjoon Kim

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/033

Abstract: A method and apparatus for providing security visibility into a container image. The method includes generating a software list by analyzing layers forming a container image, generating a vulnerability check result based on the software list, and generating a container image content report based on the software list and the vulnerability check result.

公开(公告)号：US11449600B2

公开(公告)日：2022-09-20

申请号：US16411354

申请日：2019-05-14

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin Kim ,  Hyunyi Yi ,  Chulwoo Lee ,  Woomin Hwang ,  Hyoung-Chun Kim

IPC: G06F21/53 ,  G06F9/455

Abstract: An operation method of a system for generating a security profile of a security instance includes extracting executable code and a library file from a container, thereby identifying a target to be analyzed; performing binary static analysis for the executable code and the library file in order to generate a system call list; and generating a Secure Computing Mode (SECCOMP) security profile based on the system call list.

公开(公告)号：US10027691B2

公开(公告)日：2018-07-17

申请号：US14791929

申请日：2015-07-06

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Sung-Jin Kim ,  ByungJoon Kim ,  HyoungChun Kim

IPC: H04L29/06

Abstract: An apparatus and method for performing a real-time network antivirus function, which can perform, at high speed, real-time antivirus scanning on a transmission file in a network to be protected and blocking of a malicious file. The apparatus includes a packet processing unit for parsing input packets and outputting a transmission data stream, a packet-based checksum calculation unit for calculating a checksum of the transmission data stream for each packet, and outputting a signature included in the transmission data stream when a last packet of the transmission data stream is input, a virus scanning unit for performing virus scanning based on the signature, a detection and blocking unit for blocking each input packet or transmitting it to a destination, based on result of the virus scanning unit, and a caching unit for updating a blacklist, based on result of the detection and blocking unit.