• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.41-48
• /
• 2009

Distributed denial of service attack detection for more development and research is underway. The method of using statistical techniques, the normal packets and abnormal packets to identify efficient. In this paper several statistical techniques, using a mix of various offers a way to detect the attack. To verify the effectiveness of the proposed technique, it set packet filtering on router and the proposed DDoS attacks detection method on a Linux router. In result, the proposed technique was detect various attacks and provide normal service mostly.

• 한국정보통신설비학회:학술대회논문집
• /
• 2009.08a
• /
• pp.208-210
• /
• 2009

Currently, Wireless LAN(WLAN) service is widely deployed to provide high speed wireless Internet access through the mobile stations such as notebook and PDA. To provide enhanced security and user access control in the public WLAN area, WLAN access points should have the capability of IEEE 802.1x-based user authentication and authorization functionality. In this paper, we provide a brief understanding of IEEE 802.1x standards and related protocols like EAPOL(Extended Authentication Protocol Over LAN), EAP, RADIUS and describe how the IEEE 802.1x is designed and implemented in our embedded linux-based WLAN AP which is named i-WiNG. (Intelligent Wireless Internet Gateway). For the network security and user authenti -cation purposes, a supplicant who wants to access Internet should be authorized to access the AP port using the EAPOL.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.160-165
• /
• 2003

최근 들어 무선 랜에 대한 사람들의 인식이 높아지고, KT의 NESPOT과 같은 공중망 사업자들에 의한 핫스팟 서비스가 제공되면서 무선 랜의 수요 또한 급증하고 있다. 무선 랜의 사용자가 증가하면서 무선 랜 보안의 중요성 역시 증가하고 있으며, 실제로 무선 랜에서의 안전한 네트워킹을 위하여 여러 단체들이 다양한 방향에서 연구를 진행 중에 있다. 그 한 예가 802.1X인데, 이것은 인증 서버를 따로 두어 AP를 통해 네트워크에 접속하려는 사용자들을 인증하여 주는 것이다. 이 논문에서는 802.1X 인증 방법 중 X.509 기반의 인증서를 사용하여 서버와 클라이언트간의 상호 인증을 가능하게 하여 주는 EAP-TLS 환경을 분석하고, LINUX 환경에서 공개 소스로 구축하여, 실제로 무선 랜을 사용하는 환경에 적용하는 과정을 기술한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1108-1110
• /
• 2012

파일 시스템은 컴퓨터에서 파일이나 자료를 쉽게 발견 및 접근할 수 있도록 보관 또는 조직하는 체제를 가리키는 말이다. 기존에는 Windows에 사용되는 FAT(File Allocation Table) 파일 시스템과 NTFS(New Technology File System), Unix/Linux 등에서 주로 활용되는 ext계열 파일 시스템 등이 주된 분석 대상이었으나 스마트폰과 태블릿 PC, NAS(Network Attached Storage) 서버 등 다양한 IT기기가 보급되면서 이들 기기에서 사용되는 파일시스템을 추가적인 분석이 필요하다. 따라서 본 논문에서는 추가적으로 분석해야할 파일 시스템의 종류를 나열하고 각각의 특성을 서술하여 향후 추가 분석의 지침으로 활용하고자한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.319-323
• /
• 2023

In intra-process isolation, file descriptors work as another attack vector from the memory corruption attacks. The attacker can read or write by corrupting file descriptors so they can escape the isolation. In this paper, we propose new lightweight capability-based access control system on file descriptor using ARM's hardware extension, PA(Pointer Authentication). Our system was implemented on Linux kernel module, only shows 5% overhead to control the access on the file descriptor.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.313-317
• /
• 2014

Smart-phone, PC or tablet platforms, such as smart terminals spread to the masses trying to capitalize. Smart TV also is increasing. In Korea, market size of TV is growing fast with growth of risk of hacking. In this paper, several kinds of Smart TV hacking cases are presented with the possibility of attacks against the vulnerability analysis and countermeasures. Most of the Linux operating system is open. Thus, it is vulnerable for latest hacking techniques. Most are based on the Linux OS to enhance security mount Sand-Box. However, bypass procedure using the technique, or APT attacks can avoid San-Box technique. New hacking techniques and a variety of ways will occur in the future. Therefore, this paper will develop Smart TV, and it analysis of a security threat and establishes better prepared in the future because new hacking attacks are expected to prepare more.

• Journal of Korea Society of Industrial Information Systems
• /
• v.5 no.4
• /
• pp.16-21
• /
• 2000

Role Based Access Control(RBAC) reduces the cost of administering access control policies as well as making the process less error-prone. Administration tool is most important component in the concept of RBAC. The administration tool for the RBAC security system must be maintain the integrity of user-role and role-role relationships in the RBAC Database. Therefor, it is required set functions, properties defining integrity of database. When it will be designed security systems which is applying RBAC policy on the Linux(server system environments, this paper defines integrity of database for user-role and role-role relationships, and we propose formal specification of operation in order to manage these relationships. The proposed formal specification leads to the consistency requirements for the RBAC database which are defined as a set of relationship. Also, this paper can easily derive the implementation of the RBAC administration tool by formal specification of operations. It leads us tn the minimal set for a more efficiently implementation of administration tool.

• Convergence Security Journal
• /
• v.6 no.2
• /
• pp.13-20
• /
• 2006

Since the domestic internet banking environment has established for Microsoft Internet Explorer (IE), the internet banking service is not able to use in the open operating system and web browser such as linux and freeBSD. To solve the :problem, we develop the digital signature system used the seed for the digital payment system in the open software environment. Because the domestic internet banking performs the certificate and digital signature verification through official certificate that the official certificate authority issues, we analyze and develop the verification of validity system for the official certificate. Since the virtual internet banking environment is already established in the web server developing under the self-abilities, the basic internet banking service can be performed installing the certificate in the client which has the mozilla porting the seed. Finally, we can confirm that the certificate and digital signature are performed normally through the experiment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.309-312
• /
• 2016

Considering that interkorean relations got worse and worse recently, cyber terror of North Korea has seriously become a possibility. Therefore, DoS(Denial of Service), a typical way of cyber terror, is becoming a big issue. Consequently, people are growing more and more interested in information security. Internal DoS attacks, out of a variety of ways of Dos attacks, include disks and memories and shortages of process resources. PAM(Pluggable Authentication Module) is one of the ways of preventing internal DoS attacks in Linux system. This paper provides with a method to internally respond to dos attacks and efficiently prevent shortages of resources by utilizing PAM.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 1999.05a
• /
• pp.91-96
• /
• 1999

Role-Based Access Control(RBAC) is an access control mechanism that reduce the cost of administering access control policies. The Admin Tool developed for RBAC Model manages relationship informations of user and role. In order to maintain the consistency of the information for these relationships, a set of properties defining consistency of the relationship informations is required. When it will be designed security systems applying RBAC policy on the Linux server system environments, this paper described consistency properties of relationship informations for information management of user and role relationships. It leads us to the development of minimal set obtainable the equivalent results of consistency properties for a more efficient Admin Tool implementation.