• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.330-333
• /
• 2002

일반적으로 시스템들은 관리자를 위한 많은 로깅 기능을 제공한다. 이러한 로깅 기능에는 사용자 행위를 파악하는 부분도 제공하고 있으나 정작 사용자들이 입력하는 명령어를 직접 로깅하는 기능은 없거나 매우 미약하다. 시스템 사용자들이 입력한 명령어는 시스템 자체에서 사용자가 어떤 행위를 하였는가를 가장 확실히 보여주는 중요한 단서이다. 본 논문에서는 리눅스 커널을 기반으로 하여 사용자 키스트로크를 로그로 남길 수 있는 방법을 제안하고 구현한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.317-321
• /
• 2002

최근 Firewall, IDS와 같은 응용프로그램 수준의 보안 제품은 내부서버 자체의 취약성을 방어하지 못한다. 본 논문에서는 TCSEC C2급에 해당하는 보안성을 가지는 리눅스를 LKM(Loadable Kernel Module) 방법으로 B1급 수준의 다중등급 보안을 구현하였다, 따라서 구현된 다중등급 보안 리눅스 커널의 주요 기능을 기술하고, 시험 평가로서 강제적 접근제어, 성능 및 해킹 시험을 실시하였다. 구현된 보안 커널 기반의 리눅스 운영체제는 B1급의 요구사항을 만족하며, root의 권한 제한, DB를 이용한 실시간 감사추적, 해킹차단, 통합보안관리등의 추가적 기능을 제공한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.228-231
• /
• 2001

인터넷의 활용이 급속하게 증가하여 인터넷에서의 정보보호에 대한 필요성이 대두되면서 표준화된 인터넷 정보보호 프로토콜인 IPsec이 등장하게 되었다. 이러한 IPsec은 현재 여러 가지 플랫폼에서 구현되고 있으며, 이러한 구현은 일반적으로 IP 계층에 통합하는 방법, BITS, BITW 중 하나의 방법론을 선택하고 있다. BITW는 outboard crypto processor를 사용하여 물리적인 인터페이스 카드 내에 IPsec을 구현하는 방법으로 효율성이 문제가 되므로 본 논문에서는 IP 계층에 통합하는 방법과 BITS 방법을 중심으로 장단점을 분석한다. 이에 본 논문은 리눅스 커널 상에서 IPsec을 구현하기 위해 리눅스 커널 모듈을 분석하고 가장 효율적이라 생각되는 IP 계층에 통합된 IPsec을 구현하는 방법을 제안한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.111-114
• /
• 2001

시스템 침입을 위해서 사용할 수 있는 공격 기법은 그 종류가 매우 다양하다. 그러나 최종적인 시스템 침입의 목표는 버퍼오버플로우 공격을 통한 관리자 권한의 획득이다. 버퍼오버플로우 현상은 메모리 공간의 경계 영역에 대한 프로그래밍 언어 수준의 검사 도구를 제공하지 않는 C/C++ 의 언어적 특성으로 인해 발생한다. 본 논문에서는 리눅스 커널 수준에서 시스템 보안을 위한 참조 모니터를 제안하고 이를 이용하여 버퍼오버플로우 공격에 대응할 수 있는 보안 기법을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.337-344
• /
• 2023

Modern OSs, including Linux, show high scalability by adopting a monolithic kernel design, but have weak security because they share all memory space. This study presents a kernel module that are isolated inside the kernel using WebAssembly. WebAssembly provides a high-performance virtual machine by defining a low-level instruction set while guaranteeing memory safety. In this paper, the WebAssembly execution environment is implemented inside the kernel, allowing developers to control the operation of kernel modules and achieving higher security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.67-75
• /
• 2022

When acquiring a product having an OS, it is very important to identify the exact kernel version of the OS. This is because the product's administrator needs to keep checking whether a new vulnerability is found in the kernel version. Also, if there is an acquisition requirement for exclusion or inclusion of a specific kernel version, the kernel identification becomes critical to the acquisition decision. In the case of the Linux kernel used in various equipment, sometimes it becomes difficult to pinpoint the device's exact version. The reason is that many manufacturers often modify the kernel to produce their own firmware optimized for their device. Furthermore, if a kernel patch is applied to the modified kernel, it will be very different from its base kernel. Therefore, it is hard to identify the Linux kernel accurately by simple methods such as a specific file existence test. In this paper, we propose a static method to classify a specific kernel version by analyzing function names stored in the symbol table. In an experiment with 100 Linux devices, we correctly identified the Linux kernel version with 99% accuracy.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.307-319
• /
• 2017

SELinux is known as a secure operating system that is easily accessible to users due to the popularization of Linux, and is applied to various security operating system references deployed on systems such as embedded systems and servers. However, if SELinux is applied without considering the performance overhead of activating the SELinux kernel module, the performance of the entire system may be degraded. In this paper, we describe the factors directly affecting the performance inside the SELinux kernel and show that it is possible to improve performance by simply reorganizing the policy without changing the SELinux kernel. This can be used as a reference when security administrators or developers apply SELinux.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.182-190
• /
• 2005

As computers and Internet become popular, many corporations and countries are using information protection system and security network to protect their informations and resources in internet. But the Intrusional possibilities are increases in open network environments such as the Internet. Even though many security systems were developed, the implementation of these systems are mostly application level not kernel level. Also many file protection systems were developed, but they aren't used widely because of their inconvenience in usage. In this paper, we implement a kernel module to support a file protection function using Loadable Kernel Module (LKM) on Linux. When a system is damaged due to intrusion, the file system are easily recovered through periodical file system image backup.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.622-627
• /
• 2003

The existing remote control system have some inherent disadvantage of direct control in the limit range. In some special cases, for example, a power apparatus, an unmanned factory, a nuclear factory, a security management system, the tele-operation is needed to control remote robot without limit space. This field is based on the Internet communication. Because the Internet is constructed all over the world. And it is possible that we control remote mobile robot in the long distance. In this paper, we developed a remote control system. This system is divided into two primary parts. These are local site and remote site. There are the moving robot and web server in the remote site and there is the robot control device in local site. The moving robot is moved by two stepper motors and the robot control device consists of SA-1100 micro controller and embedded Linux. And this controller is an embedded system. Public personal computer which is connected the Internet is used for the web server. The web server provides the mobile robot control interface program to the remote controller and captures the image for feedback information. In the whole system, a robot control device is connected with moving robot and web server through the Internet. So the operator can control the moving robot in the distance through the Internet.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.18 no.4
• /
• pp.476-481
• /
• 2008

The necessity of intelligent surveillance system is gradually considered seriously from the space where the security is important. From this paper will load Network Camera in Mobile Robot based on embedded Linux and Goal is in the system embodiment will be able to track the intruder. From Network Camera uses Wireless Lan transmits an image with server, grasps direction of the intruder used Block Matching algorithms from server, transmits direction information and tracks an intruder. The robot tracks the intruder according to gets the effective image of an intruder. In compliance with this paper the system which is embodied is linked with a different surveillance system and as intelligent surveillance system there is a possibility of becoming worse a reliability.