Original Article
Abstract
References
Information
Purpose: Recently, ransomware damage that encrypts victim's data through hacking and demands money in exchange for releasing it is increasing domestically and internationally. Accordingly, research and development on various response technologies and solutions are in progress. Method: A secure storage area and a general storage area were created in the same virtual environment, and the sample data was saved by registering the access process. In order to check whether the stored sample data is infringed, the ransomware sample was executed and the hash function of the sample data was checked to see if it was infringed. The access control performance checked whether the sample data was accessed through the same name and storage location as the registered access process. Result: As a result of the experiment, the sample data in the secure storage area maintained data integrity from ransomware and unauthorized processes. Conclusion: Through this study, the creation of a secure storage area and the whitelist-based access control method are evaluated as suitable as a method to protect important data, and it is possible to provide a more secure computing environment through future technology scalability and convergence with existing solutions.
연구목적: 최근 국내외에서 해킹으로 피해자의 데이터를 암호화하고 이를 풀어주는 대가로 금전적 대가를 요구하는 랜섬웨어 피해가 증가하고 있다. 이에 다양한 방식의 대응기술과 솔루션에 대한 연구개발이 진행되고 있으며, 본 연구에서는 데이터를 저장하는 저장장치에 대한 보안 연구개발을 통해 근본적인 대응방안을 제시하고자 한다. 연구방법: 동일한 가상환경에 보안 저장영역과 일반 저장영역을 생성하고 접근 프로세스를 등록하여 샘플 데이터를 저장하였다. 저장된 샘플 데이터의 침해 여부를 확인하기 위해 랜섬웨어 샘플을 실행하여 침해 여부를 해당 샘플 데이터의 Hash 함수를 확인하였다. 접근 제어 성능은 등록된 접근 프로세스와 동일한 이름과 저장위치를 통해 샘플 데이터의 접근 여부를 확인하였다. 연구결과: 실험한 결과 보안 저장 영역의 샘플 데이터는 랜섬웨어 및 비인가된 프로세스로부터 데이터의 무결성을 유지하였다. 결론: 본 연구를 통해 보안 저장영역의 생성과 화이트리스트 기반의 접근 제어 방법이 중요한 데이터를 보호하는 방안으로 적합한 것으로 평가되며, 향후 기술의 확장성과 기존 솔루션과의 융합을 통해 보다 안전한 컴퓨팅 환경을 제공할 수 있을 것으로 기대된다.
- Hong, D.Y., Ko, W.S., Im, S.S. (2014). "Virtualization techniques for secure and reliable computing." Journal of The Korea Institute of Information Scientists and Engineers, Vol. 26, No. 10, pp. 50-57.
- Ju, J.H., Ma, S.Y., Moon, J.S., (2014). "Proposal of security requirements for storage virtualization system against clouding computing security threats." Journal of Security Engineering, Vol. 11, No. 6, pp. 469-478. 10.14257/jse.2014.12.08
- Kim, C., Choi. D., Yi. J., Kim. J. (2014). "A study of program execution control based on Whitelist." Proceedings of the Korea Institute of Information and Communication Science Conference, KIICE, Korea, pp. 346-349.
- Kim, J.G., Kim, T.E., Choi, J.W., Kim, W.G., Lee, J.S. (2007). "Vulnerability analysis and research on digital contents storage system." Journal of Information and Security, Vol. 7, No. 4, pp. 36-41.
- Kim, S.Y., Kim, G.Y., Hwang, I.C., Kim, D.S. (2017). "e-forensic tool research for obtaining legal evidence ability of digital evidence by intelligence inspection." 2017, Vol. 13, No. 2, pp. 267-275.
- Kim, S.Y., Hwang, I.C., Kim, D.S. (2021). "A study on next-generation data protection based on non file system for spreading smart factory." Journal of the Society of Disaster Information, Vol. 17, No. 1, pp. 176-183.
- Lee, J.S., Lee, K.H. (2014). "A study on security container to prevent data leaks." Journal of The Korea Institute of Information Security & Cryptology, Vol. 24, No. 6, pp. 1225-1241. 10.13089/JKIISC.2014.24.6.1225
- Publisher :The Korean Society of Disaster Information
- Publisher(Ko) :한국재난정보학회
- Journal Title :Journal of the Society of Disaster Information
- Journal Title(Ko) :한국재난정보학회논문집
- Volume : 17
- No :4
- Pages :897-903
- DOI :https://doi.org/10.15683/kosdi.2021.12.31.897