• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.87-97
• /
• 2023

Containers are an emerging virtualization technology that can build an isolated environment more lightweight and faster than existing virtual machines. For that reason, many organizations have recently adopted them for their services. Yet, the container architecture has also exposed many security problems since all containers share the same OS kernel. In this work, we focus on the fact that an attacker can abuse host resources to make them unavailable to benign containers-also known as host resource exhaustion attacks. Then, we analyze the impact of host resource exhaustion attacks through real attack scenarios exhausting critical host resources, such as CPU, memory, disk space, process ID, and sockets in Docker, the most popular container platform. We propose five attack scenarios performed in several different host environments and container images. The result shows that three of them put other containers in denial of service.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.11
• /
• pp.1697-1706
• /
• 2013

Protocol analyzer is being used to analyze proper processing of CMD & data when developing SD slave IP. In this thesis, a protocol analyzer was developed for analyzing SD protocol in Windows environment using Visual C++. SD protocol analyzer consists of embedded Linux software for storing SD memory data and MFC program for analyzing this. As for protocol analysis, it has been designed to collect data transmitted from SD memory card to host by Linux software for its analysis by MFC. It was found through the experiment that the CMD type could be confirmed that occurs when reading and writing data to SD memory card using the developed board, and debugging the problems that occur was possible.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.557-560
• /
• 2005

The purpose of this study is to realize DHCP server based on embedded system. To achieve this, embedded Linux was ported in ez Bord-M01 mounted with Intel Strong ARM SA1110 processor, and ethernet-based network was constructed for network function. In this way, this study suggests embedded DHCP server where Window and Linux client hosts are dynamically configurated as network information by dynamically assigning network information in embedded board.

• Journal of The Institute of Information and Telecommunication Facilities Engineering
• /
• v.1 no.1
• /
• pp.6-25
• /
• 2002

In this paper, we have implemented UPnP Devices which emulate a Control Point, a Light Controller, and a Digital TV. The Control Point has been developed on Linux host system by using C language. The UPnP Devices emulating the Digital TV and Light Controller are running on embedded linux developer board. For the development of UPnP Devices, UPnP SDK API Vl.04 made by Intel Co. Ltd. has been ported on Assabet Linux Reference board to implement the UPnP protocol. After we analyze and design some services of Digital TV device, we have applied UPnP Device program to those devices. UPnP SDK vl .04 consists of APIs which support HTTP, SSDP, SOAP, GENA and XML DOM Level-1 that are cores of UPnP protocol. The C program written for the UPnP Control Point has been compiled and executed on Linux-based PC. The embedded system running on Embedded Linux OS has been connected all together through Ethernet which allows IP-based communications. Under this environment, the UPnP programs are being executed on each device. Control Point, when in operational mode, discovers UPnP Devices on the network and displays the device list on the consol. By selecting one of the functionalities of the device services that are displayed on the Control Point, the controllability has been accomplished. The experiment that we performed in this thesis have revealed that the Control Point and UPnP Devices have supported the protocols including SSDP, SOAP, GENA, and DHCP.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.5
• /
• pp.257-266
• /
• 2006

Recently TCP/IP Offload Engine (TOE) technology, which processes TCP/IP on a network adapter instead of the host CPU, has become an important approach to reduce TCP/IP processing overhead in the host CPU. There have been two approaches to implementing TOE: software TOE, in which TCP/IP is processed by an embedded processor on a network adapter; and hardware TOE, in which all TCP/IP functions are implemented by hardware. This paper proposes a hybrid TOE that combines software and hardware functions in the TOE. In the hybrid TOE, functions that cannot have guaranteed performance on an embedded processor because of heavy load are implemented by hardware. Other functions that do not impose as much load are implemented by software on embedded processors. The hybrid TOE guarantees network performance near that of hardware TOE and it has the advantage of flexibility, because it is easy to add new functions or offload upper-level protocols of TCP/IP. In this paper, we developed a prototype board with an FPGA and an ARM processor to implement a hybrid TOE prototype. We implemented the hardware modules on the FPGA and the software modules on the ARM processor. We also developed a coprocessing mechanism between the hardware and software modules. Experimental results proved that the hybrid TOE prototype can greatly reduce the load on a host CPU and we analyzed the effects of the coprocessing mechanism. Finally, we analyzed important features that are required to implement a complete hybrid TOE and we predict its performance.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.23 no.1
• /
• pp.125-131
• /
• 2009

In this paper, we proposed the remote visual monitoring system on mobile robot platform. The proposed system is composed of ARM9 core PXA255 processor, micro CMOS camera and wireless network and the captured visual image is transmitted via 803.11b/g wireless LAN(WLAN) for remote visual monitoring operations. Robot platform maneuvering command is transmitted via WLAN from host and the $640{\times}480$, $320{\times}240$ pixel fixed visual image is transmitted to host at the rate of $3{\sim}10$ frames per second. Experimental system is implemented on Linux OS base and tested for remote visual monitoring operation and verified the proposed objects.

• Journal of information and communication convergence engineering
• /
• v.12 no.3
• /
• pp.154-160
• /
• 2014

The address resolution protocol (ARP) provides dynamic mapping between two different forms of addresses: the 32-bit Internet protocol (IP) address of the network layer and the 48-bit medium access control (MAC) address of the data link layer. A host computer finds the MAC address of the default gateway or the other hosts on the same subnet by using ARP and can then send IP packets. However, ARP can be used for network attacks, which are one of the most prevalent types of network attacks today. In this study, a new ARP algorithm that can prevent IP spoofing attacks is proposed. The proposed ARP algorithm is a broadcast ARP reply and an ARP notification. The broadcast ARP reply was used for checking whether the ARP information was forged. The broadcast ARP notification was used for preventing a normal host's ARP table from being poisoned. The proposed algorithm is backward compatible with the current ARP protocol and dynamically prevents any ARP spoofing attacks. In this study, the proposed ARP algorithm was implemented on the Linux operating system; here, we present the test results with respect to the prevention of ARP spoofing attacks.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.289-291
• /
• 2004

정보시스템에 대한 침입탐지는 네트워크 기반의 침입탐지시스템에 의존하였으나, 네트워크 규모의 확대와 암호사용의 증가로 인하여 호스트 기반의 침입탐지시스템을 중심으로 연구되고 있다. 본 논문에서는 CB(Check-Box)에 규정된 정책을 이용한 호스트 기반의 침입탐지 시스템을 설계하여 이를 실험하였다. 침입탐지 실험을 위한 시스템호출 기술은 커널에 프로세스들의 특성을 자세하게 정의하고, 이를 실행할 수 있도록 기반을 구축함으로서 가능하게 하였다. 이러한 기법의 특성은 실행 가능한 프로세스가 시스템에 자원에 정당하게 접근할 수 있는 정책을 자세하게 규정해야 하며, 규정을 기술하기 위한 언어는 보안영역을 효과적으로 표현하고 번역될 수 있어야 한다. 본 연구는 Linux의 커널에서 침입탐지기법에 대한 모형을 제시하고, 공격에 대한 탐지와 탐지결과를 검증할 수 있는 정책을 설정하였다. 제안된 시스템은 커널의 변화에 대한 영향력을 최소화하도록 함으로서 새로운 커널을 쉽게 설치할 수 있기 때문에 정책에 의한 호스트기반의 침입탐지시스템은 운영 탐지 분석을 통하여 침입을 예방할 수 있는 방안을 마련할 수 있다.

• The KIPS Transactions:PartC
• /
• v.8C no.6
• /
• pp.775-782
• /
• 2001

Recently the use of Linux OS is increasing to tremendous figures. But due to the fact that Linux is distributed on an open-source policy, the need of security is an upcoming question which leads to widespread development of security on a Linux based environment. Cryptography, however, can cause various problems because of difficulty of key management. A lot of researchers have been concentrating on the key recovery technique to eliminate the reverse effect of using these kinds of security and to promote positive aspects of using it. In this thesis I am suggesting an mechanism based on the key recovery technique, as a method to save time in recovery and resetting a disconnection between two end-users through IPSec (IP Security) protocols in a VPN (Virtual Private Network) environment. The main idea of the newly suggested mechanism, KRFSH (Key Recovery Field Storage Header), is to store the information of the session in advance for the case of losing the session information essential to establish a tunnel connection between a SG and a host in the VPN environment, and so if necessary to use the pre-stored information for recovery. This mechanism is loaded on the IPSec based FreeS/WAN program (Linux environment), and so the VPN problem mentioned above is resolved.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.540-543
• /
• 2004

Address Resolution Protocol (ARP) cache poisoning is a MAC layer attack that can only be carried out when an attacker is connected to the same local network as the target machines. ARP is not a new problem, but wireless network introduces a new attack point and more vulnerable to the attack. The attack on wireless network cannot be detected by current detection tool installed on wired network. In order to detect the ARP poisoning attack, there must be a ARP poisoning detection tool for wireless LAN environment. This paper proposes linux-based ARP poisoning detection system equipped with wireless LAN card and Host AP device driver