• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.337-344
• /
• 2023

Modern OSs, including Linux, show high scalability by adopting a monolithic kernel design, but have weak security because they share all memory space. This study presents a kernel module that are isolated inside the kernel using WebAssembly. WebAssembly provides a high-performance virtual machine by defining a low-level instruction set while guaranteeing memory safety. In this paper, the WebAssembly execution environment is implemented inside the kernel, allowing developers to control the operation of kernel modules and achieving higher security.

• Proceedings of the KIEE Conference
• /
• 2004.07d
• /
• pp.2429-2431
• /
• 2004

In this paper, we have designed a remote controlable HDR System using all embedded linux board. The system is composed of three parts - a HDR System, a PC client program for remote control and a Nameserver for registering and aquisition of the IP address. The system is built in an embedded board using a linux kernel. With the Linux the system can support networking and file system for a hard disk management In addition, the system embeds a web-server and a ftp-server for remote manipulation and file transfer. And the hardwares of the system are controlled by the linux device driver mechanism. MPEG1/2 technique is used to compress TV tuner signal and external analog video/audio signal. And compressed data is stored in a hard disk. The data stored in the system is accesable through lan or internet. And RTP protocol is used to enable the system to service live stream of instant video/audio input.

• Proceedings of the Korean Society of Precision Engineering Conference
• /
• 2006.05a
• /
• pp.139-140
• /
• 2006

This paper proposes the Embedded Linux System that can overcome the shortcomings of conventional CNC machine system. Linux is free of charge with the open source library and tools that can be used in the development of Kernel. Besides, Application is easily available through countless open source, allowing simple mending for seamless porting. This study have developed the study about NC Program automation Load System based on Embedded Linux and the ordered controller.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.13 no.4
• /
• pp.187-194
• /
• 2018

The operating system for IoT should have a small memory footprint and provide low power state, real-time, multitasking, various network protocols, and security. Although the Zephyr kernel, an operating system for IoT, released by the Linux Foundation in February 2016, has these features but errors generated by the user code can generate fatal problems in the system because the Zephyr kernel adopts a single-space method that both the user code and kernel code execute in the same space. In this research, we propose a space separation method, which separates kernel space and user space, to solve this problem. The space separation that we propose consists of three modifications in Zephyr kernel. The first is the code separation that kernel code and user code execute in each space while using different stacks. The second is the kernel space protection that generates an exception by using the MPU (Memory Protection Unit) when the user code accesses the kernel space. The third is the SVC based system call that executes the system call using the SVC instruction that generates the exception. In this research, we implemented the space separation in Zephyr v1.8.0 and evaluated safety through abnormal execution of the user code. As the result, the kernel was not crashed by the errors generated by the user code and was normally executed.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.157-166
• /
• 2011

The virtualization layer is executed in higher authority layer than kernel layer and suitable for monitoring operating systems. However, existing virtualization monitoring systems provide simple information about the usage rate of CPU or memory. In this paper, the monitoring system using full virtualization technique is proposed, which can monitor virtual machine's dynamic kernel object as memory, register, GDT, IDT and system call table. To verify the monitoring system, the proposed system was implemented based on KVM(Kernel-based Virtual Machine) with full virtualization that is directly applied to linux kernel without any modification. The proposed system consists of KvmAccess module to access KVM's internal object and API to provide other external modules with monitoring result. In experiments, the CPU utilization for monitoring operations in the proposed monitering system is 0.35% when the system is monitored with 1-second period. The proposed monitoring system has a little performance degradation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.665-668
• /
• 2003

SCTP is a next generation transmission protect that is developed standards by IETF SIGTRAN working group. RFC 2960 is a transmission protocol that is more efficient for large scale data transmission like as multimedia data. In this paper we describes developing standardization trens in IETF and implementation progressing about SCTP in linux kernel.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10c
• /
• pp.414-416
• /
• 2000

Mobile IP는 OSI7 계층 중 네트워크 계층에서의 이동성 지원을 위한 Protocol이다. Mobile IP의 세 주체 중 Home Agent와 Foreign Agent는 Mobile Node 에게 이동성을 제공하는 서비스 제공자로서의 역할을 수행한다. 본 논문에서는 Mobile IP Protocol의 주체 중 Mobile Agent를 객체지향 개념을 도입하여 설계.구현한다. Linux Kernel 2.2.14의 환경에서 객체지향 언어인 C++을 이용, 기능적인 측면에서의 객체를 구성하고, IP 계층에서의 이동성을 제공하기 위해 Home Agent와 Foreign Agent의 주된 기능인 터널링(Tunneling)을 Linux Kernel의 모듈(Module)을 이용, 설계.구현한다.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.385-390
• /
• 2001

In this paper, we describe a blocking method of buffer overflow attack for secure operating system. Our team developed secure operating system using MAC and ACL access control added on Linux kernel. We describe secure operating system (SecuROS) and standardized Secure utility and library. A working prototype able to detect and block buffer overflow attack is available.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.14 no.2
• /
• pp.97-102
• /
• 2019

Multi-queue I/O block layer has been recently employed in Linux kernel to support fast storage devices such as NVMe SSDs, but it lacks differentiated I/O services yet. In this paper, we propose an I/O scheduling scheme that can improve the user responsiveness of foreground processes, which are closely related to user satisfaction. To this end, we redesign the existing multi-queue block layer to classify the I/O requests from foreground processes and schedule them by exploiting the feature of NVMe interface. Experimental results show that latency and launch time of the foreground processes have been significantly improved compared to original Linux kernel.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.33-35
• /
• 2011

최근 안드로이드 플랫폼은 성능 개선의 많은 이슈를 가지고 있다. 그 중 안드로이드 부팅 시퀀스부분이 중요한 부분으로 차지하고 있다. 안드로이드 플랫폼 부팅 과정의 속도 저하가 발생 되는 부분은 블록 I/O 시스템이다. 본 논문에서는 리눅스 블록 레이어의 I/O를 tracing 해주는 blktrace에 대해 소개를 하고 그 기법을 통해 안드로이드 부팅 시퀀스의 I/O 패턴을 분석하고, 개선 방안을 고찰한다.