-
1.发明授权公开(公告)号:US10802863B2
公开(公告)日:2020-10-13
申请号:US15975932
申请日:2018-05-10
Inventor: Hyunyi Yi , Sung-Jin Kim , Woomin Hwang , Seong-Joong Kim , Chulwoo Lee , Byung-Joon Kim , Hyoung-Chun Kim
Abstract: An apparatus and method for storing an audit trail in response to execution of a virtual-machine process. The method for storing an audit trail, performed by the apparatus for storing an audit trail in response to execution of a virtual-machine process, includes detecting execution of a process inside a virtual machine, determining whether the executed process is a monitoring target process and determining a type of the process, activating one or more monitoring events for monitoring at least one of an upload, a download and a drop by the process based on a result of the determination, and storing information about occurrence of the activated monitoring event as an audit trail.
-
公开(公告)号:US11893106B2
公开(公告)日:2024-02-06
申请号:US16944480
申请日:2020-07-31
Inventor: Sung-Jin Kim , Hyunyi Yi , Chulwoo Lee , Woomin Hwang , Byungjoon Kim
IPC: G06F21/53
CPC classification number: G06F21/53 , G06F2221/034
Abstract: An apparatus and method for generating a system call whitelist for an application container. The method may include determining whether a container is based on machine code or non-machine code by analyzing the internal configuration of the running container, identifying system calls included in an application through binary static analysis or static analysis of source code selected depending on the determination of whether the container is based on machine code or non-machine code, and generating a whitelist based on the numbers of all of the identified system calls.
-
公开(公告)号:US10776491B2
公开(公告)日:2020-09-15
申请号:US15938017
申请日:2018-03-28
Inventor: Sung-Jin Kim , Hyunyi Yi , Seong-Joong Kim , Woomin Hwang , Byung-Joon Kim , Chulwoo Lee , Hyoung-Chun Kim
Abstract: An apparatus and method for collecting an audit trail in a virtual machine boot process, the audit-trail-collecting apparatus including an event detection unit for detecting a software interrupt event, a register state information extraction unit for extracting state information of a CPU register corresponding to a detection time of the software interrupt event, a monitoring unit for monitoring a change in a vector value corresponding to the software interrupt event in an interrupt vector table, a threat occurrence detection unit for detecting a threat occurrence in a virtual machine boot process based on at least one of the CPU register state information and a monitored result, and an audit trail collection unit for storing an audit trail corresponding to at least one of the CPU register state information and the monitored result when the threat occurrence is detected in the virtual machine boot process.
-
Patent Agency Ranking
公开(公告)号:US11159577B2
公开(公告)日:2021-10-26
申请号:US16555026
申请日:2019-08-29
Inventor: Hyunyi Yi , Sung-Jin Kim , Chulwoo Lee , Woomin Hwang , Byungjoon Kim
IPC: H04L29/06
Abstract: A method for interworking of a security tool and a cloud platform includes checking whether there is a record of confirming or applying security related to a target identifier when a cloud platform client calls a platform interface module, determining whether to interwork with the security tool when the record of confirming or applying security related to the target identifier is not present, requesting a resource required for running the security tool to the cloud platform when the security tool is invoked, and obtaining the resource from the cloud platform and storing the same.
-
公开(公告)号:US10965679B2
公开(公告)日:2021-03-30
申请号:US15938003
申请日:2018-03-28
Inventor: Woomin Hwang , Hyunyi Yi , Sung-Jin Kim , Seong-Joong Kim , Chulwoo Lee , Byung-Joon Kim , Hyoung-Chun Kim
IPC: H04L29/06 , G06F9/455 , G06F16/13 , G06F16/172 , G06F16/182 , G06F16/17
Abstract: An apparatus for monitoring file access in a virtual machine in a cloud-computing system based on a virtualized environment includes a hypervisor for implementing at least one virtual machine and managing the virtual machine by monitoring a task in which a the virtual machine accesses a file loaded from storage to memory, the storage storing data including environment information of the virtual machine.
-
公开(公告)号:US10534653B2
公开(公告)日:2020-01-14
申请号:US15810790
申请日:2017-11-13
Inventor: Woomin Hwang , Sung-Jin Kim , Byung-Joon Kim , Hyunyi Yi , Chulwoo Lee , Hyoung-Chun Kim
Abstract: A hypervisor-based virtual machine isolation apparatus and method. The hypervisor-based virtual machine isolation method performed by the hypervisor-based virtual machine isolation apparatus includes when a hypervisor starts to run virtual machines, allocating one or more colors to each of the virtual machines, allocating a page frame corresponding to the allocated colors to the corresponding virtual machine, allocating an accessible core depending on the colors of the virtual machine, and performing isolation between virtual machines corresponding to an identical color by changing a temporal/spatial scheduling order between the virtual machines corresponding to the identical color.
-
公开(公告)号:US11669622B2
公开(公告)日:2023-06-06
申请号:US16991362
申请日:2020-08-12
Inventor: Hyunyi Yi , Sung-Jin Kim , Chulwoo Lee , Woomin Hwang , Byungjoon Kim
IPC: G06F21/57
CPC classification number: G06F21/577 , G06F2221/033
Abstract: A method and apparatus for providing security visibility into a container image. The method includes generating a software list by analyzing layers forming a container image, generating a vulnerability check result based on the software list, and generating a container image content report based on the software list and the vulnerability check result.
-
公开(公告)号:US11449600B2
公开(公告)日:2022-09-20
申请号:US16411354
申请日:2019-05-14
Inventor: Sung-Jin Kim , Hyunyi Yi , Chulwoo Lee , Woomin Hwang , Hyoung-Chun Kim
Abstract: An operation method of a system for generating a security profile of a security instance includes extracting executable code and a library file from a container, thereby identifying a target to be analyzed; performing binary static analysis for the executable code and the library file in order to generate a system call list; and generating a Secure Computing Mode (SECCOMP) security profile based on the system call list.
-
-
-
-
-
-
-
Search Results
8
records
(took 0.017 seconds)
