• Journal of the Korea Society of Computer and Information
• /
• v.20 no.5
• /
• pp.41-51
• /
• 2015

In order to hide their identities, intruders on the Internet often attack targets indirectly by staging their attacks through intermediate hosts known as stepping stones. In this paper, we propose a brute-force technique to detect the stepping stone behavior on a Linux server where some shell processes remotely logged into using interactive services are trying to connect other hosts using the same interactive services such as Telnet, Secure Shell, and rlogin. The proposed scheme can provide an absolute solution even for the encrypted connections using SSH because it traces the system calls of all processes concerned with the interactive service daemon and their child processes. We also implement the proposed technique on a CentOS 6.5 x86_64 environment by the ptrace system call and a simple shell script using strace utility. Finally the experimental results show that the proposed scheme works perfectly under test scenarios.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.11 no.6
• /
• pp.335-341
• /
• 2016

As information technology advances rapidly, various smart devices are becoming an essential element in our lives. Smart devices are providing services to users through applications up on the operating system. Operating systems have a variety of rules, such as scheduling applications and controlling hardwares. Among those rules, it is significant to protect private information in the information-oriented society. Therefore, isolation task, that makes certain memory space separated for each application, should highly be guaranteed. However, modern operating system offers the function to access the memory space from other applications for the sake of debugging. If this ability is misused, private information can be leaked or modified. Even though the access authority to memory is strictly managed, there exist cases found exploited. In this paper, we analyze the problems of the function provided in the Android environment that is the most popular and opened operating system. Also, we discuss how to avoid such kind of problems and verify with experiments.

• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.93-101
• /
• 2016

As the Android smart phones become more popular, applications that handle users' personal data such as IDs or passwords and those that handle data directly related to companies' income such as in-game items are also increasing. Despite the need for such information to be protected, it can be modified by malicious users or leaked by attackers on the Android. The reason that this happens is because debugging functions of the Linux, base of the Android, are abused. If an application uses debugging functions, it can access the virtual memory of other applications. To prevent such abuse, access controls should be reinforced. However, these functions have been incorporated into Android O.S from its Linux base in unmodified form. In this paper, based on an analysis of both existing memory access functions and the Android environment, we proposes a function that verifies thread group ID and then protects against illegal use to reinforce access control. We conducted experiments to verify that the proposed method effectively reinforces access control. To do that, we made a simple application and modified data of the experimental application by using well-established memory editing applications. Under the existing Android environment, the memory editor applications could modify our application's data, but, after incorporating our changes on the same Android Operating System, it could not.