• Title/Summary/Keyword: Linux security

Search Result 194, Processing Time 0.027 seconds

Implementation of file format analyzer for binary vulnerability analysis (바이너리 취약점 분석을 위한 파일 포맷 분석기 구현)

  • Oh, DongYeop;Ryu, Jea-cheol
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2018.07a
    • /
    • pp.466-469
    • /
    • 2018
  • 최근 PC를 비롯한 모바일, IOT 기기 등 다양한 환경에서의 사이버 공격이 기승을 부리고 있으며, 그 방법 또한 나날이 발전하고 있다. 이러한 사이버위협으로부터 개인 및 기업의 자산을 지키기 위한 근본적인 대안이 없이는 매번 반복적인 피해를 피하기 어려운 현실이다. 다양한 환경이라고 함은, 다양한 OS(Operation System), 다양한 ISA (Instruction Set Architecture)의 조합으로 이루어지는 사이버환경을 의미한다. 이러한 조합들은 일반 사용자들에게 가장 많이 쓰이는 Windows & Intel 조합의 환경과, Linux & Intel 또는 Linux & ARM 등 기업에서 서비스를 위해 쓰이는 서버 환경 등을 예로 들 수 있다. 그밖에 최근 IOT기기나 모바일 기기와 같은 환경도 있을 수 있다. 바이너리 파일에 대한 보안은 다양한 연구가 진행되고 있지만 그 범위가 방대하고, 깊이가 필요한 영역이라 진입 장벽이 높은 실정이다. 본 논문에서는 이러한 바이너리의 취약점을 분석하기 위한 첫 번째 단계로써 다양한 바이너리 파일을 하나의 정형화된 자료구조로 변환하는 바이너리 포맷 분석기의 한 방법을 제시하고자 한다. 다양한 OS와 다양한 ISA환경에서 사용되는 바이너리들에서 공통적으로 존재하는 정보들 중, 바이너리의 취약점 분석을 위해 필요한 데이터를 보다 효율적으로 수집하고, 관리하는 것이 바이너리를 통한 사이버 위협을 탐지하는 연구에서 기초가 된다고 할 수 있기 때문이다.

  • PDF

A Development of Cipher Device based on Embedded Linux for Serial Communication in SCADA (임베디드 리눅스 기반의 SCADA 직렬통신 구간 암호화 장치 개발)

  • Lee, Jong-Joo;Kim, Seog-Joo;Kang, Dong-Joo
    • Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
    • /
    • v.24 no.4
    • /
    • pp.25-32
    • /
    • 2010
  • The Supervisory Control and Data Acquisition Systems (SCADA) system provides monitoring, data gathering, analysis, and control of the equipment used to manage most infrastructure. The SCADA Network is implemented in a various manner for larger utilities, and multiple types of protocol and communication interfaces are used to network the control center to remote sites. The existing SCADA equipment and protocols were designed and implemented with availability and efficiency, and as a result security was not a consideration. So, performance, reliability, flexibility and safety of SCADA systems are robust, while the security of these systems is often weak. This makes some SCADA networks potentially vulnerable to disruption of service, process redirection, or manipulation of operational data that could result in public safety concerns and/or serious disruptions to the infrastructure. To reduce the risks, therefore, there is a need to have a security device such as cipher devices or cryptographic modules for security solutions. In this paper we develop an embedded cipher device for the SCADA equipment. This paper presents a cipher device designed to improve the security of its networks, especially in the serial communication.

A Study on Security Improvement in Hadoop Distributed File System Based on Kerberos (Kerberos 기반 하둡 분산 파일 시스템의 안전성 향상방안)

  • Park, So Hyeon;Jeong, Ik Rae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.5
    • /
    • pp.803-813
    • /
    • 2013
  • As the developments of smart devices and social network services, the amount of data has been exploding. The world is facing Big data era. For these reasons, the Big data processing technology which is a new technology that can handle such data has attracted much attention. One of the most representative technologies is Hadoop. Hadoop Distributed File System(HDFS) designed to run on commercial Linux server is an open source framework and can store many terabytes of data. The initial version of Hadoop did not consider security because it only focused on efficient Big data processing. As the number of users rapidly increases, a lot of sensitive data including personal information were stored on HDFS. So Hadoop announced a new version that introduces Kerberos and token system in 2009. However, this system is vulnerable to the replay attack, impersonation attack and other attacks. In this paper, we analyze these vulnerabilities of HDFS security and propose a new protocol which complements these vulnerabilities and maintains the performance of Hadoop.

Kubernetes of cloud computing based on STRIDE threat modeling (STRIDE 위협 모델링에 기반한 클라우드 컴퓨팅의 쿠버네티스(Kubernetes)의 보안 요구사항에 관한 연구)

  • Lee, Seungwook;Lee, Jaewoo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.26 no.7
    • /
    • pp.1047-1059
    • /
    • 2022
  • With the development of cloud computing technology, container technology that provides services based on a virtual environment is also developing. Container orchestration technology is a key element for cloud services, and it has become an important core technology for building, deploying, and testing large-scale containers with automation. Originally designed by Google and now managed by the Linux Foundation, Kubernetes is one of the container orchestrations and has become the de facto standard. However, despite the increasing use of Kubernetes in container orchestration, the number of incidents due to security vulnerabilities is also increasing. Therefore, in this paper, we study the vulnerabilities of Kubernetes and propose a security policy that can consider security from the initial development or design stage through threat analysis. In particular, we intend to present a specific security guide by classifying security threats by applying STRIDE threat modeling.

A Device of Static Buffer Overflow Detection by using Function Summary and Tracking Information Flow of Buffer Domain (함수요약 및 버퍼의 도메인 정보흐름 추적에 의한 정적 버퍼넘침 탐지방안)

  • Lee, Hyung-Bong;Park, Jeong-Hyun;Park, Hyun-Mee
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.7 no.6
    • /
    • pp.703-714
    • /
    • 2001
  • In C language, a local buffer overflow in stack can destroy control information stored near the buffer. In case the buffer overflow is used maliciously to overwrite the stored return address, the system is exposed to serious security vulnerabilities. This paper analyzes the process of buffer overflow hacking and methodologies to avoid the attacks in details. And it proposes a device of static buffer overflow detection by using function summary and tracking information flow of buffer domain at assembly source code level(SASS, Static Assembly Source code Scanner) and then show the feasibility and validity of it by implementing a prototype in Pentium based Linux environment.

  • PDF

A Convergence of Realtime Traffic Shaping and IPS on Small Integrated Security Router (소형 통합보안라우터의 실시간 트래픽쉐이핑과 IPS의 융합)

  • Kim, Doan;Song, Hyunok;Lee, Sungok;Yang, Seungeui;Jung, Heokyung
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2019.05a
    • /
    • pp.454-455
    • /
    • 2019
  • IDC is a server-based facility with a stable line and power supply facility that manages 20 to 30 servers in an efficiently separated rack-level subnetwork. Here, we need a way to efficiently manage servers security, firewall, and traffic on a rack-by-rack basis. If three or five kinds of commercial equipment are adopted to support this, it may be a great burden to the management cost as well as the introduction cost. Therefore, in this paper, we propose a method to implement the five functions in one rack-unit small integrated security router. In particular, IDC intends to integrate traffic shaping and IPS, which are essential technologies, and to propose the utility accordingly.

  • PDF

E-BLP Security Model for Secure Linux System and Its Implementation (안전한 리눅스 시스템을 위한 E-BLP 보안 모델과 구현)

  • Kang, Jung-Min;Shin, Wook;Park, Chun-Gu;Lee, Dong-Ik
    • The KIPS Transactions:PartA
    • /
    • v.8A no.4
    • /
    • pp.391-398
    • /
    • 2001
  • To design and develop secure operating systems, the BLP (Bell-La Padula) model that represents the MLP (Multi-Level Policy) has been widely adopted. However, user\`s security level in the most developed systems based on the BLP model is inherited to a process that is actual subject on behalf of the user, regardless whatever the process behavior is. So, there could be information disclosure threat or modification threat by malicious or unreliable processes even though the user is authorized in the system. These problems can be solved by defining the subject as (user, process) ordered pair and by defining the process reliability. Moreover, when the leveled programs which exist as objects in a disk are executed by a process and have different level from the process level, the security level decision problem occurs. This paper presents an extended BLP (E-BLP) model in which process reliability is considered and solves the security level decision problem. And this model is implemented into the Linux kernel 2.4.7.

  • PDF

Input File Based Dynamic Symbolic Execution Method for Software Safety Verification (소프트웨어 안전성 검증을 위한 입력 파일 기반 동적 기호 실행 방법)

  • Park, Sunghyun;Kang, Sangyong;Kim, Hwisung;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.811-820
    • /
    • 2017
  • Software automatic technology research recently focuses not only on generating a single path test-case, but also on finding an optimized path to reach the vulnerability through various test-cases. Although Dynamic Symbolic Execution (DSE) technology is popular among these automatic technologies, most DSE technology researches apply only to Linux binaries or specific modules themselves. However, most software are vulnerable based on input files. Therefore, this paper proposes an input file based dynamic symbolic execution method for software vulnerability verification. As a result of applying it to three kinds of actual binary software, it was possible to create a test-case effectively reaching the corresponding point through the proposed method. This demonstrates that DSE technology can be used to automate the analysis of actual software.

A Design of Secure Audit/ Trace Module to Support Computer Forensics (컴퓨터 포렌식스를 지원하는 보안 감사/추적 모듈 설계)

  • 고병수;박영신;최용락
    • Journal of the Korea Society of Computer and Information
    • /
    • v.9 no.1
    • /
    • pp.79-86
    • /
    • 2004
  • In general, operating system is offering the security function of OS level to support several web services. However, it is true that security side of OS level is weak from many parts. Specially, it is needed to audit/trace function in security kernel level to satisfy security more than B2 level that define in TCSEC(Trusted Computer System Evaluation Criteria). So we need to create audit data at system call invocation for this, and do to create audit data of equal format about almost event and supply information to do traceback late. This Paper Proposes audit/trace system module that use LKM(Loadable Kernel Module) technique. It is applicable without alteration about existing linux kernel to ensure safe evidence. It offers interface that can utilize external audit data such as intrusion detection system, and also offers safe role based system that is divided system administrator and security administrator These data will going to utilize to computer forensics' data that legal confrontation is Possible.

  • PDF

Design and Implementation of IEEE Std 1609.2 Message Encoder/Decoder for Vehicular Communication Security (자동차 통신 보안을 위한 IEEE Std 1609.2 메시지 인코더/디코더의 설계 및 구현에 관한 연구)

  • Seo, Hye-In;Kim, Eun-Gi
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.3
    • /
    • pp.568-577
    • /
    • 2017
  • IEEE Std 1609.2 was defined for the support of communication security functions in the WAVE (Wireless Access in Vehicular Environments) system. IEEE Std 1609.2 defined the message structures of the security services and managements on the vehicular communication by using ASN.1 (Abstract Syntax Notation One). Also, this security message structures shall be encoded using the COER (Canonical Octet Encoding Rules). In this paper, we designed and implemented the IEEE Std 1609.2 message encoder/decoder handling the security messages defined in IEEE Std 1609.2. The designed encoder/decoder consists of three modules as follows : a module generating the message of C language data structures in accord with IEEE Std 1609.2 message structures, a message encoder module, a message decoder module. And the encoder/decoder was implemented on the Linux environment. Also we analyzed the performance by measuring the performance speed of the encoder/decoder implemented.