• Title/Summary/Keyword: Linux security

Search Result 194, Processing Time 0.033 seconds

A Design of RBAC_Linux for Linux Security Systems (리눅스 보안 시스템을 위한 RBAC_Linux 설계)

  • 오석균;김성열
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.4 no.4
    • /
    • pp.137-142
    • /
    • 1999
  • This paper applies role-based access control(RBAC) policy for solving security problems when it will be operated business of many field on the Linux sever environments and designed RBAC_Linux security systems that it is possible to manage security systems on the Linux environments. In this paper, the RBAC_Linux is security system which is designed for applicable on the Linux enviroment The applying RBAC model is based on RBAC96 model due to Sandhu et al. Therefor, the using designed RBAC_Linux security system on the Linux sever system have the advantage of the following: it can be implemented sever system without modifying its source code, high migration, easy and simple of secure managing.

  • PDF

Design and Implementation of Linux-based Integrated Security System(LISS) Using Open Security Tools (공개 보안 도구를 이용한 리눅스 기반 통합 보안 시스템의 설계 및 구현)

  • Jeon, Yong-Hee;Kim, Min-Soo;Jang, Jung-Sook
    • The KIPS Transactions:PartC
    • /
    • v.11C no.4
    • /
    • pp.485-496
    • /
    • 2004
  • The wide spread of Internet makes susceptible to the attacks via communication Web from hackers using the vulnerability of both computer and network systems. In this paper, we design and implement an integrated security system, named as LISS(Linux-based Integrated Security System) in which an integrated security management is possible. This system is based on the open operating system, Linux and consists of open security tools, which is effective in security management of Linux based-servers. We also construct a test-bed in order to testify the performance of the LISS. It is revealed that the implemented system captures all the attack Patterns generated from Network Mapper.

Management and Security of User in Linux Server (리눅스 서버의 사용자 관리 및 보안)

  • Jung, Sung-Jae;Sung, Kyung
    • Journal of Advanced Navigation Technology
    • /
    • v.19 no.6
    • /
    • pp.587-594
    • /
    • 2015
  • Open operating system, Linux is the traditional Web, E-mail, DNS, FTP server, as well as being used in Cloud and Big data infrastructure. In addition, Linux is also used like a desktop or mobile devices, smart TV and cars. In particular, stepping up to the IoT era at this time is expected to be greater proportion occupied by Linux. As the use of Linux has increased security has emerged as an important factor. User management is core of Linux system security. In this paper, Classifying Linux user and analyzed the role of the user-specific file. Finally, we analyzed the linux management technologies and useful user security tools.

Study of Static Analysis and Ensemble-Based Linux Malware Classification (정적 분석과 앙상블 기반의 리눅스 악성코드 분류 연구)

  • Hwang, Jun-ho;Lee, Tae-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.6
    • /
    • pp.1327-1337
    • /
    • 2019
  • With the growth of the IoT market, malware security threats are steadily increasing for devices that use the linux architecture. However, except for the major malware causing serious security damage such as Mirai, there is no related technology or research of security community about linux malware. In addition, the diversity of devices, vendors, and architectures in the IoT environment is further intensifying, and the difficulty in handling linux malware is also increasing. Therefore, in this paper, we propose an analysis system based on ELF which is the main format of linux architecture, and a binary based analysis system considering IoT environment. The ELF-based analysis system can be pre-classified for a large number of malicious codes at a relatively high speed and a relatively low-speed binary-based analysis system can classify all the data that are not preprocessed. These two processes are supposed to complement each other and effectively classify linux-based malware.

A Study on Security Kernel of Linux System (Linux 시스템의 보안커널에 관한 연구)

  • Han, Myung-Mook;Lee, Jun-Hwan
    • Convergence Security Journal
    • /
    • v.8 no.3
    • /
    • pp.25-31
    • /
    • 2008
  • SELinux, security operating system, is the security system which implements mandatory access control using linux security module on the traditional linux kernel supporting discretionary access control. But intrusion detection and logging are lacked when system intrusions are happened. This study proposes a SELinux security kernel which performs detection of access violation and privilege restriction using dynamic access control. It detects the intrusion using security check when the abnormal access of system is happened, and dynamically changes the system privilege for the intruder through privilege restriction. Finally we prevent reintrusion and explain the result of experiment.

  • PDF

Implementation of Secure Linux OS based on Kernel (커널 기반의 보안 리눅스 운영체제 구현)

  • 박태규;임연호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.11 no.4
    • /
    • pp.33-43
    • /
    • 2001
  • This paper presents a secure Linux OS in which multi-level security functions are implemented at the kernel level. Current security efforts such as firewall or intrusion detection system provided in application-space without security features of the secure OS suffer from many vulnerabilities. However the development of the secure OS in Korea lies in just an initial state, and NSA has implemented a prototype of the secure Linux but published just some parts of the technologies. Thus our commercialized secure Linux OS with multi-level security kernel functions meets the minimum requirements for TCSEC B1 level as well kernel-mode encryption, real-time audit trail with DB, and restricted use of root privileges.

Implementation of Security Kernel based on Linux OS (리눅스 운영체제 기반의 보안 커널 구현)

  • Shon, Hyung-Gil;Park, Tae-Kyou;Lee, Kuem-Suk
    • The KIPS Transactions:PartC
    • /
    • v.10C no.2
    • /
    • pp.145-154
    • /
    • 2003
  • Current security efforts provided in such as firewall or IDS (intrusion detection system) of the network level suffer from many vulnerabilities in internal computing servers. Thus the necessity of secure OS is especially crucial in today's computing environment. This paper identifies secure OS requirements, analyzes tile research trends for secure Linux in terms of security kernel, and provides the descriptions of the multi-level security(MLS) Linux kernel which we have implemented. This security kernel-based Linux meets the minimum requirements for TCSEC Bl class as well providing anti-hacking, real-time audit trailing, restricting of root privileges, and enterprise suity management functions.

An Analysis of Structural Changes on the Linux Pseudo Random Number Generator (리눅스 의사난수발생기의 구조 변화 분석)

  • Taeill Yoo;Dongyoung Roh
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.3
    • /
    • pp.365-378
    • /
    • 2024
  • The operating system (OS) of mobiles or embedded devices is based on the Linux kernel. These OSs request random numbers from the Linux kernel for system operation, such as encryption keys and security features. To provide random numbers reliably, the Linux kernel has a dedicated random number generator (Linux Pseudo Random Number Generator, LPRNG). Recently, LPRNG has undergone a major structural changes. However, despite the major changes, no security analysis has been published on the structure of the new LPRNG. Therefore, we analyze these structural changes as a preliminary study to utilize the security analysis of the new LPRNG. Furthermore, the differences between before and after the changes are divided into cryptographic and performance perspectives to identify elements that require security analysis. This result will help us understand the new LPRNG and serve as a base for security analysis.

Design of the Security Cryptography File System Based on the Dynamic Linking Module on the Linux O.S (Linux 운영체제 동적 모듈 개념을 이용한 보안 파일 시스템 모듈 설계)

  • Jang, Seung-Ju;Lee, Jeong-Bae
    • The KIPS Transactions:PartC
    • /
    • v.10C no.7
    • /
    • pp.929-936
    • /
    • 2003
  • We Propose the Suity Cryptography File System to encrypt or decrypt a plaintext or an encrypted tort by using the dynamic linking mechanism In the Linux kernel. The dynamic linking mechanism gives the flexibility of the kernel without changing the kernel. The Sorority Cryptography File System uses the blowfish algorithm to encrypt or decrypt a data. To overcome the overhead of the key server, I use key generating algorithm which is installed in the same Security Cryptography File System. The Security Cryptography file System is fitted into the Linux system.

A Configuration of LINUX router VPN using FreeS/WAN IPSEC (FreeS/WAN IPSEC을 이용한 LINUX 라우터 VPN 구성)

  • 김한철;이계상
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2001.10a
    • /
    • pp.499-502
    • /
    • 2001
  • FreeS/WAN[l] 은 LINUX 상에서 네트워크 보안 프로토콜표준인 IPSEC을 구현한 공개 S/W이다. 현재 LINUX Project로 수행되고 있으며 1.91 version 까지 나와 있다. 라우터와 라우터간에 IPSEC을 사용하여 통신함으로써 access control, connectionless integrity, data origin authentication, protection against replays, confidentiality의 서비스를 보장받을 수 있고, 또한 이러한 서비스들은 IP 계층에서 제공되기 때문에 IP 계층뿐만 아니라 그 이상의 계층에 대한 보호를 제공한다. [2] 본 논문에서는 LINUX router에 FreeS/WAN IPSEC을 설치하여 Security Gateway를 구성하고, 이 Security Gateway를 통해 전형적인 가상사설망을 구성할 수 있음을 보였다. 양단의 Security Gateway에 설치되어진 FreeS/WAN으로 VPN connection을 설정하고, 인증방법으로 RSA authentication key를 setup 하였다. IPSEC을 통하여 암호화되어진 데이터로 양단의 Gateway 구간에서 보안통신이 이루어짐을 알아본다.

  • PDF