• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.11
• /
• pp.427-432
• /
• 2014

The Purpose of local system attacks is to acquire administrator's(root) privilege shell through the execution of the malicious program or change the flow of the program. This acquiring shell through attack is still valid approach method and it is difficult to cope with improving each of vulnerability because the attacker can select various forms of attack. Linux allocate a set of credentials when login, in order to manage user permissions. Credentials were issued and managed by the kernel directly, and also the kernel ensures that any change cannot be occurred outside of kernel. But, user's credentials that acquired root privilege through system attacks occurs a phenomenon that does not remain consistent. In this paper we propose a security module to detect a security threats that may cause to users and tasks by analysis user task execution and inconsistency credentials.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.97-103
• /
• 2020

Linux Cgroups takes a fundamental role for sharing system resources among multiple containers on container-based cloud computing environment. Especially for I/O resource, Linux Cgroups supports a mechanism for sharing I/O bandwidth in proportion to I/O weight. However, the current mechanism of Linux Cgroups using BFQ I/O scheduler seriously degrades the I/O performance with high bandwidth storage device such as NVMe SSDs. In this paper, we proposed a new feedback based I/O bandwidth sharing scheme for Linux Cgroups which allocates I/O credits to containers according to I/O weights and adjusts the amount of credits to performance fluctuation of NVMe SSDs. The proposed scheme is implemented on Linux kernel 5.3 and evaluated. The evaluation results show that it can share the I/O bandwidth among multiple containers proportionally to I/O weights while improving I/O performance more than twice as high as the existing scheme.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.6
• /
• pp.1333-1340
• /
• 2005

This paper is based on the study to reduce a system panic state. A panic state could be caused by a programmer or an administrator's careless mistake. The proposed hardening Operating System of this paper stops the process which is running in the kernel with an error. The error process for the value type and the address type of a certain variable have to be restored. Installed with kernel hardening, Operating System checks the recovery possibility of the process first and then restores the process which can be recovered. When it is possible to recover the kernel code with an error, it is to be recovered in ASSERT() function.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.14 no.5
• /
• pp.249-258
• /
• 2019

In the cyber-physical system, big data collected from numerous sensors and IoT devices is transferred to the Cloud for processing and analysis. When transferring data to the Cloud, merging data into one single file is more efficient than using the data in the form of split files. However, current merging and splitting operations are performed at the user-level and require many I / O requests to memory and storage devices, which is very inefficient and time-consuming. To solve this problem, this paper proposes kernel-level partitioning and combining operations. At the kernel level, splitting and merging files can be done with very little overhead by modifying the file system metadata. We have designed the proposed algorithm in detail and implemented it in the Linux Ext4 file system. In our experiments with the real Cloud storage system, our technique has achieved a transfer time of up to only 17% compared to the case of transferring split files. It also confirmed that the time required can be reduced by up to 0.5% compared to the existing user-level method.

• Journal of Internet Computing and Services
• /
• v.12 no.5
• /
• pp.63-72
• /
• 2011

Binary translation is a kind of the emulation method which converts a binary code compiled on the particular instruction set architecture to the new binary code that can be run on another one. It has been mostly used for migrating legacy systems to new architecture. In recent, binary translation is used for instrumenting programs without modifying source code, because it enables inserting additional codes dynamically, For general application, there already exists some instrumentation software using binary translation, such as dynamic binary analyzers and virtual machine monitors. On the other hand, in order to be benefited from binary translation in kernel-level, a few issues, which include system performance, memory management, privileged instructions, and synchronization, should be treated. These matters are derived from the structure of the kernel, and the difference between the kernel and user-level application. In this paper, we present a scheme to apply binary translation and dynamic instrumentation on kernel. We implement it on Linux kernel and demonstrate that kernel-level binary translation adds an insignificant overhead to performance of the system.

• The KIPS Transactions:PartA
• /
• v.9A no.3
• /
• pp.327-332
• /
• 2002

Conventional proxy web cache, which is generally used to caching server, is a content-copy based system. This method focuses on speeding up the phase delivery not improving the webserver performance. However, if immense clients attempt to connect the webserver simultaneously, the proxy web cache cannot achieve the desired result. In this paper, we propose the web accelerator called the SCALA-AX, whitch improves web server performance by accelerating the delivery contents. The SCALA-AX is built in the Linux-based kernel as a kernel modulo and works in combination with the conventional webserver program. The SCALA-AX speeds up the processing rate of the webserver, because it processes the requests using the kernel thread. The SCALA-AX also applies the well-developed cache algorithm to the processing, and thus it obtains the advantage of the caching server without installing additional hardware. A banchmarking test demonstrates that the SCALA-AX improves webserver performance by up to 500％ for content delivery.

• The KIPS Transactions:PartA
• /
• v.8A no.1
• /
• pp.16-26
• /
• 2001

This paper proposes an extended scheduler model that is an extension of the existing model proposed already in [4, 5], which consists of upper layer task scheduler and lower layer scheduling framework. However, in order to support aperiodic task scheduling, the task scheduler has been divided into two parts, such as periodic task control component and aperiodic task control component. Thus, the proposed model can support various bandwidth-preserving servers that can service aperiodic tasks. The model distinctly separates a classic monolithic kernel scheduler into several kernel components according to their functionality. This enables system developers to implement a new scheduling algorithm or aperiodic task server independent of complex low kernel mechanism, and reconfigure the system at need. In Real-Time Linux [6], we implemented the proposed scheduling framework representative scheduling algorithms, and server bandwidth-preserving servers on purpose to test. Throughout these implementations, we confirmed that a new algorithm or server could be developed independently without updates of complex low kernel modules. In order to verify efficiency of the proposed model, we measured the performance of several aperiodic task servers. The results showed this the performance of model, which even consisted of two hierarchical components and several modules, didnt have such high run-time overhead, and could efficiently support reconfiguration and scheduler development.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.4
• /
• pp.201-212
• /
• 2002

This paper proposes a reconfigurable scheduler model that can support various real-time scheduling algorithms. The proposed model consists of two hierarchical upper and lower components, task scheduler and scheduling framework, respectively. The scheduling framework provides a job dispatcher and software timers. The task scheduler implements an appropriate scheduling algorithm, which supports a specific real-time application, based on the scheduling framework. If system developers observe internal kernel interfaces to communicate between two hierarchical components, they can implement a new scheduling algorithm independent of complex low kernel mechanism. Once a task scheduler is developed, it can be reused in a new real-time system in future. In Real-Time Linux (5), we implemented the proposed scheduling framework and several representative real-time scheduling algorithms. Throughout these implementations, we confirmed that a new scheduling algorithm could be developed independently without updates of complex low kernel modules. In order to confirm efficiency of the proposed model, we measured the performance of representative task schedulers. The results showed that the scheduling overhead of proposed model, which has two separated components, is similar to that of a classic monolithic kernel scheduler.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.519-523
• /
• 2002

NIDS의 보급이 보편화됨에 따라 NUDS를 우회하기 위한 공격 기법 역시 많이 개발 되고 있다. 이런 공격들 중 일부는 NIDS 구조의 근본적인 결함을 이용하기 때문에 NIDS 구조에서는 해결될 수 없다. NIDS의 많은 장점들을 유지하면서도 NIDS의 한계를 극복하는 새로운 HIDS 모델을 제시한다. HIDS는 시스템에 많은 부하를 준다는 것이 가장 큰 문제점이지만, Web 서버는 특성상 모든 곳에서의 접속을 허용하므로 보안에 취약하기 때문에 어느 정도 HIDS에 의한 부하를 감수하더라도 보안을 강화해야만 한다. 또한. Web 서버는 Web 서비스라는 특정 목적만을 위해 운영되기 때문에 HIDS를 설치하더라도 Web 공격에 대해서만 고려함으로써 HIDS의 부하를 상당히 줄일 수 있다. 본 논문에서 제안하는 HIDS는 Linux 운영체제의 Kernel에서 TCP Stream을 추출하여 이를 감사 자료로써 사용하여 침입탐지를 한다.

• Journal of KIISE:Information Networking
• /
• v.34 no.2
• /
• pp.81-87
• /
• 2007

This paper proposes architecture of Linux-based Network Traffic Control Test-bed (NTCT) that easily implements reconfigurable network environment. The proposed NTCT consists of traffic generator that uses the simulation results of NS2 simulator, traffic controller using Linux kernel, and traffic monitor. This paper also includes the analysis example using the proposed NTCT.