Windows file driver filter5/17/2023 ![]() Furthermore, a security policy using the whitelist is effective from the administrator’s point of view because the security administrator manages only the whitelist policy. In addition, this method is useful because the industrial environment generally does not require high computer performance, resulting in high memory efficiency. The whitelist method is efficient because conventional file system filter driver security systems based on the whitelist execute only limited programs due to the nature of the industrial environment. Therefore, there is a need for a security system with enhanced confidentiality to compensate for the vulnerability of security solutions based on the whitelist. These security solutions are based on discretionary access control (DAC) models, which are vulnerable because they only consider the target subject to be accessed, without considering the access rights of the file target object. File system filter driver security solutions based on the whitelist can cause serious problems, if the access rights of the whitelist are captured by hackers. ![]() If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. For this vulnerability, CVE 2019-0641, the Microsoft Security Response Center did not respond to questions on the whitelist but issued a statement that the problematic part would be removed at earliest. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. Therefore, domestic and foreign IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises. ![]() Although antivirus software has been used to address these threats, it is unsuitable for tackling new types of malicious code, and there is a possibility of computer resource-related issues in low-end systems or environments where the network speed is limited. In an incident at Target Corporation in the United States in December 2013, a hacker inserted malicious code in the network where the point-of-sale (POS) system was installed through the internal business network and executed it in the POS system to capture crucial information. Thus, the Windows embedded OS has been targeted by hackers. Among the industrial OSs, Microsoft Windows embedded OS is used in a considerable proportion of industrial devices. Recently, several industrial operating system (OS) functions such as task processing, user interface, network and communication, and services have been improved, providing numerous opportunities in various fields. The advancements in IT technology have enabled all the industrial sectors to establish smart industrial environments. Keywords: Access Control, File System Filter Driver, Mandatory Access Control, Whitelist, Windows Embedded OS The access control method does not base the security policy on the whitelist instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. ![]() File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Abstract: IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. ![]()
0 Comments
Leave a Reply. |