• The KIPS Transactions:PartD
• /
• v.10D no.5
• /
• pp.773-780
• /
• 2003

SecuROS(Secure & Reliable Operating System) prevents and blocks possible system cracking by implementing additional security functions in FreeBSD 4.3 operating system (OS) kernel, including access control, user authentication, audit trail, encryption file system and trusted channel. This paper describes access control technique, which is one of core technologies of SecuROS, introduces the implementations of DAC, MAC and RBAC, all of which are corresponding access control policies, and show security and results of performance measurement on the basis of application of access control policies. Finally, security and performance between conventional OS environment and environment adopting access control policy is described.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1594-1597
• /
• 2005

A rapid development and a wide use of the Internet have expanded a network environment. Further, the network environment has become more complex due to a simple and convenient network connection and various services of the Internet. However, the Internet has been constantly exposed to the danger of various network attacks such as a virus, a hacking, a system intrusion, a system manager authority acquisition, an intrusion cover-up and the like. As a result, a network security technology such as a virus vaccine, a firewall, an integrated security management, an intrusion detection system, and the like are required in order to handle the security problems of Internet. Accordingly, a router, which is a key component of the Internet, controls a data packet flow in a network and determines an optimal path thereof so as to reach an appropriate destination. An error of the router or an attack against the router can damage an entire network. This paper relates to a method for RSMS (router security management system) for secure networking based on a security policy. Security router provides functions of a packet filtering, an authentication, an access control, an intrusion analysis and an audit trail in a kernel region. Security policy has the definition of security function against a network intrusion.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.11
• /
• pp.4011-4027
• /
• 2021

Cloud Computing has emerged as an extensively used technology not only in the IT sector but almost in all sectors. As the nature of the cloud is distributed and dynamic, the jeopardies present in the current implementations of virtualization, numerous security threats and attacks have been reported. Considering the potent architecture and the system complexity, it is indispensable to adopt fundamentals. This paper proposes a secure authentication and data sharing scheme for providing security to the cloud data. An efficient IPSO-KELM is proposed for detecting the malicious behaviour of the user. Initially, the proposed method starts with the authentication phase of the data sender. After authentication, the sender sends the data to the cloud, and the IPSO-KELM identifies if the received data from the sender is an attacked one or normal data i.e. the algorithm identifies if the data is received from a malicious sender or authenticated sender. If the data received from the sender is identified to be normal data, then the data is securely shared with the data receiver using SHA256-RSA algorithm. The upshot of the proposed method are scrutinized by identifying the dissimilarities with the other existing techniques to confirm that the proposed IPSO-KELM and SHA256-RSA works well for malicious user detection and secure data sharing in the cloud.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.49-57
• /
• 2017

With the prevalence of mobile devices, many organizations introduce MDM BYOD and try to increase the level of security with them. However, device control of mobile devices in application level cannot be a solution against the fundamental problems. In this paper, we propose a more flexible and more secure method to control the hardware devices using Linux Security Module in the kernel level with the mandatory access control.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.31 no.3B
• /
• pp.277-284
• /
• 2011

The limitations of existing Markov chain model for reproducing extreme rainfalls are a known problem, and the problems have increased the uncertainties in establishing water resources plans. Especially, it is very difficult to secure reliability of water resources structures because the design rainfall through the existing Markov chain model are significantly underestimated. In this regard, aims of this study were to develop a new daily rainfall simulation model which is able to reproduce both mean and high order moments such as variance and skewness using a piecewise Kernel-Pareto distribution. The proposed methods were applied to summer and fall season rainfall at three stations in Han river watershed in Korea. The proposed Kernel-Pareto distribution based Markov chain model has been shown to perform well at reproducing most of statistics such as mean, standard deviation and skewness while the existing Gamma distribution based Markov chain model generally fails to reproduce high order moments. It was also confirmed that the proposed model can more effectively reproduce low order moments such as mean and median as well as underlying distribution of daily rainfall series by modeling extreme rainfall separately.

• The Korean Journal of Food And Nutrition
• /
• v.33 no.5
• /
• pp.588-597
• /
• 2020

This study was conducted to secure basic information for corn processing by comparing the quality characteristics according to maize cultivars and kernel types (dent, intermediate, flint-like). As a result of analyzing 15 cultivars, a range of measurements were observed: 100-kernel weight, 22.89~35.63 g; moisture, 7.57~8.42%; crude protein, 8.46~11.45%; crude lipids, 3.26~4.83%; Hunter's L-value, 83.70~86.79; a-value, 2.61~5.49; b-value, 22.01~28.15; and total carotenoids, 6.74~17.07 ㎍/g. Significance among the cultivars was shown in all quality characteristics (p<0.001), but the significance among the kernel types was found only in crude protein (p<0.005), crude fat (p<0.001), and Hunter's L-value (p<0.05). The hardness of maize was decreased proportionally to the soaking time for all maize cultivars (p<0.001). In particular, with the same soaking time for different kernel types, the hardness difference was shown in the order of flint-like > dent ≒ intermediate. It was confirmed that the decrease in the hardness of flint-like kernel of close to that of hard-type starch was slowed compare dent and intermediate kernels. So it is expected the some characteristic of kernel types will contribute to the appropriate customized use of the developed cultivars.

• Annual Conference of KIPS
• /
• 2002.11a
• /
• pp.489-492
• /
• 2002

인터넷 전자 상거래의 폭발적 증가와 더불어 개인 및 기업의 정보가 온라인 상으로 유출되는 경우가 증가하고 있다. 이에 따라. 새로운 하드웨어의 추가 없이 프로토콜 및 알고리즘의 변화에 유연한 인터넷 보안방법이 요구되고 있다. 본 논문에서는 사용자 영역과 상관없는 커널 스레드를 사용하고 커널 영역으로 포팅된 라이브러리를 참조하여 사용자의 웹 페이지 요청을 처리함으로써 응답시간과 서버 부하를 감소시키는 새로운 SSL(Secure Socket Layer) 처리 구조를 제안한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.317-321
• /
• 2002

최근 Firewall, IDS와 같은 응용프로그램 수준의 보안 제품은 내부서버 자체의 취약성을 방어하지 못한다. 본 논문에서는 TCSEC C2급에 해당하는 보안성을 가지는 리눅스를 LKM(Loadable Kernel Module) 방법으로 B1급 수준의 다중등급 보안을 구현하였다, 따라서 구현된 다중등급 보안 리눅스 커널의 주요 기능을 기술하고, 시험 평가로서 강제적 접근제어, 성능 및 해킹 시험을 실시하였다. 구현된 보안 커널 기반의 리눅스 운영체제는 B1급의 요구사항을 만족하며, root의 권한 제한, DB를 이용한 실시간 감사추적, 해킹차단, 통합보안관리등의 추가적 기능을 제공한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10a
• /
• pp.635-637
• /
• 2000

Linux는 다양한 하드웨어 플랫폼을 지원하며, 강력한 네트워크 지원 기능, 다양한 형식의 파일시스템 지원 기능 등 높은 성능을 자랑한다. 그러나, 소스코드의 공개로 인하여 많은 보안상의 취약성을 내포하고 있으며, 최근 이를 이용한 해킹사고가 많이 발생하고 있다. 본 논문에서는 Linux상에 상존하는 보안 취약성을 조사하고, 보안 요구사항을 도출하며, 최근 해킹의 상당부분을 차지하고 있는 Buffer Overflow 공격 방지를 위한 방안으로 커널 수정을 통해 Secure Linux를 개발하고자 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.832-834
• /
• 2003

오늘날과 같은 컴퓨터와 통신 기반의 네트워크 환경에서 서버들에 대한‘개방성’은 중요한 특징이다. 그러나, 이러한 특성은 서버에 대한 불법적인 접근이나 해킹 등과 같은 침입을 시도할 수 있는 가능성을 내포하고 있다. 침입의 목표는 서버의 모든 시스템정보로서 방화벽이나 침입탐지시스템 등과 같은 네트워크기반의 보안솔루션에 의해 서버의 모든 정보를 보호하기에는 한계가 있다. 본 논문에서는 서버들이 가지고 있는 정보를 보호하기 위하여 기존의 보안커널보다 더 유연하고 안전성이 강화된 보안커널의 설계에 필요한 필수적인 보안요소들을 제안하였다.