원문정보
초록
영어
We examine the weaknesses of the existing OOXML-based MS-Word file structure, and analyze how data concealment and forgery are performed in MS-Word digital documents. In case of forgery by including hidden information in MS-Word digital document, there is no difference in opening the file with the MS-Word Processor. However, the computer system may be malfunctioned by malware or shell code hidden in the digital document. If a malicious image file or ZIP file is hidden in the document by using the structural vulnerability of the MS-Word document, it may be infected by ransomware that encrypts the entire file on the disk even if the MS-Word file is normally executed. Therefore, it is necessary to analyze forgery and alteration of digital document through internal structure analysis of MS-Word file. In this paper, we designed and implemented a mechanism to detect this efficiently and automatic detection software, and presented a method to proactively respond to attacks such as ransomware exploiting MS-Word security vulnerabilities.
목차
1. Introduction
2. OOXML based MS-Word File Structure
3. Forgery Analysis on MS-Word File
3.1 Forgery Analysis Through Verification of Internal Structure MS-Word File
3.2 Data Hiding in Slack Space on OOXML based MS-Word File
3.3 Data Hiding in File comment fields on OOXML based MS-Word File
4. Comparison and Implementation
4.1 Comparison of Forgery Methods on OOXML based MS-Word File
4.2 Implementation of MS-Word Forgery Analyzer
5. Conclusions
Acknowledgment
References