• The Journal of the Korea Contents Association
• /
• v.9 no.5
• /
• pp.33-39
• /
• 2009

As the usage of computers and mobile handsets is popularized, the processing and storing of private and business data are increased. Hence we note that these sensitive data should never be transferred out of these personal devices without user's permission. In this paper, we propose a simple method to prevent transferring the sensitive data out of personal computing devices through their networking interfaces. The proposed method determines which processes invoke open system call related to the sensitive data, and then traces them within a specific duration. The proposed scheme has advantage over the existing ones using authentication or encryption because it could be still working well independent upon the new attack technologies or the latest vulnerabilities of hardware and software. In order to verify the proposed algorithm, we test it by implementing the necessary codes at the user and kernel spaces of Linux.

• Journal of Korea Multimedia Society
• /
• v.13 no.2
• /
• pp.161-170
• /
• 2010

ELF, an abbreviation for Executable and Linkable Format, is the basic file format for shared libraries and executable files used in the Linux system, whereas 'Linker' copies the symbol information of static shared libraries into the symbol table in the target file generated by way of static linking. At this time, the symbol table keeps various pieces of debugging-related information including function names provided by the shared libraries, and it can be deleted to avoid debugging for security reasons by utilizing the fact that it does not directly affect the program execution. This paper proposes a method for restoring the symbol information of static shared libraries from the ELF object file in which the symbol table is deleted, and confirms that the symbol information is restored by conducting practical experiments.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.13 no.4
• /
• pp.187-194
• /
• 2018

The operating system for IoT should have a small memory footprint and provide low power state, real-time, multitasking, various network protocols, and security. Although the Zephyr kernel, an operating system for IoT, released by the Linux Foundation in February 2016, has these features but errors generated by the user code can generate fatal problems in the system because the Zephyr kernel adopts a single-space method that both the user code and kernel code execute in the same space. In this research, we propose a space separation method, which separates kernel space and user space, to solve this problem. The space separation that we propose consists of three modifications in Zephyr kernel. The first is the code separation that kernel code and user code execute in each space while using different stacks. The second is the kernel space protection that generates an exception by using the MPU (Memory Protection Unit) when the user code accesses the kernel space. The third is the SVC based system call that executes the system call using the SVC instruction that generates the exception. In this research, we implemented the space separation in Zephyr v1.8.0 and evaluated safety through abnormal execution of the user code. As the result, the kernel was not crashed by the errors generated by the user code and was normally executed.

• Proceedings of the KSR Conference
• /
• 2010.06a
• /
• pp.1255-1261
• /
• 2010

An operating information and fault recode of train is very important information for safety driving and maintenance. And these information is increased and need high speed as the number of trains is increased. Wireless LAN or CDMA network is efficient to report more complicated and various information from vehicle to server in control center. Existing wireless transmission system has weakness due to transmission system is separated with TDCS and standalone. At first, standalone system needs space to be installed and cost is increased. And data transmission capacity and speed is limited by complicated structure that transmission system receive data thru serial communication like RS232 and then data transmission system send data to server in control center. This article is study to develop embedded & wireless fault code transmission device to be installed in TDCS to overcome weakness of space and to have more cost effective and simple structure. It is adapted 802.11b/g WiFi for wireless communication and OS is used embedded Linux that can easily implement wireless communication environment and ensure TCP/IP communication’s security. We also implement simple server to test wireless communication between embedded & wireless fault code transmission device and server in control center.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.8B
• /
• pp.755-761
• /
• 2004

Currently, Wireless LAN(WLAN) service is widely deployed to provide high speed wireless Internet access through the mobile stations such as notebook and PDA. To provide enhanced security and user access control in the public WLAN area, WLAM access points should have the capability of IEEE 802.1x-based user authentication and authorization functionality. In this paper, we provide a brief understanding of IEEE 802. 1x standards and related protocols likeEAPoL(Extended Authentication Protocol Over LAN), EAP, RADIUS and describe how the IEEE 802.1x is designed and implemented in our embedded linux-based WLAN AP which is named i-WiNG.(Intelligent Wireless Internet Gateway).

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.05a
• /
• pp.490-493
• /
• 2002

Many servers that is operated in present earth are UNIX base, is trend that server of LINUX base is increasing steadily recently. When users who have account to this server wish to do remote access, instruction that use most easily is‘telnet’, security does not consist entirely about ID and password that this uses at communication substance as well as login. The interest about latest SSH is rising by the alternative, but SSH has various kinds problem in following telnet's fame. Therefore, We studied about problems and the solution that can happen when window users attempted remote access laying stress on OpenSSH.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.249-257
• /
• 2005

In this paper proposed automated attack reaction tool based on IPv6. Currently, much researches are performing focused on application program and standardization for IPv6. But, It is not enough for future IPv6 security. The proposed method detect attacks on IPv6 and conventional IPv4, therefore it is possible to protect personal information using automated reaction method. Usually, IDS just perform detection, therefore damages may be repeated. However, this paper considered the problems described above, and suggested solution for this problems. The proposed algorithm suggested in this paper is simulated on IPv6 network based on Linux. As a simulation result, it is proved that proposed algorithm can detect attacks efficiently.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1762-1767
• /
• 2005

PKI provides good resolutions for the authentication of user in the situation not to meet each other, but it is not enough to provide the resolution of authorization in distributed computing environments. Especially, we offer a variety forms of the user Authentication, the Integrity and a security service of the Non-Repudiation, but an authorization Policy, because of the complexity with a lot of information, using m understandable XML, makes a simple and easy certificate to read, and we get the information from DOM fee and do a XML analysis and stardardized-method usage easily In this paper, we provide the AAS model being able to use with the solution of the distributed users' authorization, and we implement an authorization policy module, using XML. in the Linux-based Apache Web server.

• The KIPS Transactions:PartD
• /
• v.9D no.4
• /
• pp.687-696
• /
• 2002

In this paper, we describe the implementation of the configuration platform (LonWare) based on Linux for LonWorks which is one of the popular standard of home control network. LonWare consists of three modules NMML, Lonware API, LonWare DB, and it provides semantically well-defined APls for application device developers to easily access and control. And, LonWare DB is not needed to be located the outside of home, so the security-safe configurator can be made.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.10
• /
• pp.3148-3154
• /
• 2000

In this paper. the design and implementationof the on-line registration system for the school affairs is described. The environments for the system configurations include a PC server under Linux Iperating System. Apache Web-server, and MySQL as database engine. In addition, PHP, which becomes a popular Internet server-based script language lately, is used to implement a real-time database. In order to avoid overload problems during short-term registration period, which deconstraces the typical surge of traffics, the proposed system is designed to minimize the unnecessary interfacing tasks. On administrator side task, the sytem is designed to have environments by separating the dechcated server that restricts the scope of specific database thasks. In doing so, it become possibal to build an optical system by distributing, balancing the transaction load, maintainimg the security and efficient administrative tasks.