Design and implementation of the safety application execution control system using the white-listing

Abstract

The leakage of import files through cyber-attacks begins from the malicious codes installed in the personal computers and there is an increasing need of developing technology to block the activities of malicious codes by detecting and identifying process through integrated analyses. In this study, we suggest the endpoint application program controlling method that enables a more secure protection of PC not only from the malicious codes but also from the exploit attacks based on the vulnerabilities of the OS or the application program by applying various integration of protection technologies such as the whte-list-based application program execution control method to verify integrity, media control, registq protection, impodant file manipulation prevention and the process access inverse connection IPRort control. Also, we suggest a method of measuring and leaming the riskiness of the agent application program before registering the user-proven safe application programs on the whte-list. The system with the white-list based endpoint application program control method comists of the following three parts. The agent blocking the execution of unauthorized programs that is not on the whte-list or the unidentified programs when running an application program, the event server that delivers the execution or stop orders of the application program and the monitoring console for the policy operation management whte-list registration and the application program management. The realized system blocks the execution of the unauthorized programs that are not registered on the white-list and the unidentified executive files through the execution control agent, when running an application program. For the performance evaluation of the realized system, after installing the verification agent and measuring the memory usage, booting speed the execution program loadng speed at the endpoint and security, the performance comparison with the conventional commercial system was conducted to verify the excellence of the proposed system.