• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.4
• /
• pp.33-43
• /
• 2001

This paper presents a secure Linux OS in which multi-level security functions are implemented at the kernel level. Current security efforts such as firewall or intrusion detection system provided in application-space without security features of the secure OS suffer from many vulnerabilities. However the development of the secure OS in Korea lies in just an initial state, and NSA has implemented a prototype of the secure Linux but published just some parts of the technologies. Thus our commercialized secure Linux OS with multi-level security kernel functions meets the minimum requirements for TCSEC B1 level as well kernel-mode encryption, real-time audit trail with DB, and restricted use of root privileges.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.2 s.34
• /
• pp.11-19
• /
• 2005

The importance of this Paper is to develop a standard Performance evaluation model and scenario for the secure OS. According to the scenario that was conducted for Performance evaluation, benchmarking was Performed. All the benchmarking result was thoroughly analyzed. Our result contribute to evaluating Secure 05 that contains various security policy affecting system Performance. In this paper, it is expected to Provide guidelines of secure operating system for the consumer, developer and evaluator. It will also contribute to the systematic basis for evaluation of security 05 and the promotion of domestic information security industry by retaining basic technology for international trends.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.15-28
• /
• 1999

In Multilevel Secure Database Management System(MLS/DBMS), we assume that system has a security clearance level for each user and a classification level for each data item in system and the objective of these systems is to protect secure information from unauthorized user. Many algorithms which have been researched have focus on removing covert channel by modifying conventional lock-based algorithm or timestamp-based algorithm. but there is high-level starvation problem that high level transaction is aborted by low level transaction repeatedly. In order to solve this problem, we propose an algorithm to reduce high-level starvation using dynamic adjustment of serialization order, which is basically using orange lock. Because our algorithm is based on a single version unlike conventional secure algorithms which are performed on multiversion, it can get high degree of concurrency control. we also show that it guarantees the serializability of concurrent execution, and satisfies secure properties of MLS/DBMS.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.93-100
• /
• 2017

Current internet has evolved from the sharing and efficiency aspects of information, it is still vulnerable to the fact that the Internet is not secure in terms of security and is not safe to secure of security mechanism. Repeating patches on continuous hacking are continuously demanding additional resources for network or system equipment, and consequently the costs continue to increase. Businesses and individuals alike are speeding up the damage caused by crime like of ransomware, not jusy simple attacks, and businesses and individuals need to respond to cyber security. In addition, the ongoing introduce of security device, and separate of networks for secure transmission of contents in the existing TCP/IP system, but it is still lacking in security. To complement the security implications of this existing TCP/IP Internet Protocol, we intend to propose a Secure Contents Transport System (SCTS) on the network using the CCN concept.

• Journal of Information Processing Systems
• /
• v.16 no.1
• /
• pp.42-48
• /
• 2020

This paper proposes an operating system architecture for unmanned aerial vehicle (UAV), which is secure against root exploit, resilient to connection loss resulting in the control loss, and able to utilize common applications used in Linux. The Linux-based UAVs are exposed to root exploit. On the other hand, the microkernel-based UAVs are not able to use the common applications utilized in Linux, even though which is secure against root exploit. For this reason, the proposed architecture uses a virtualized microkernel on the Linux operating system to isolate communication roles and prevent root exploit. As a result, the suggested Operating system is secure against root exploit and is able to utilize the common applications at the same time.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2174-2177
• /
• 2003

Internet is exposed to network attacks as Internet has a security weakness. Network attacks which are virus, system intrusion, and deny of service, put Internet in the risk of hacking, so the damage of public organization and banking facilities are more increased. So, it is necessary that the security technologies about intrusion detection and controlling attacks minimize the damage of hacking. Router is the network device of managing traffic between Internets or Intranets. The damage of router attack causes the problem of the entire network. The security technology about router is necessary to defend Internet against network attacks. Router has the need of access control and security skills that prevent from illegal attacks. We developed integrated security management framework for secure networking and kernel-level security engine that filters the network packets, detects the network intrusion, and reports the network intrusion. The security engine on the router protects router or gateway from the network attacks and provides secure networking environments. It manages the network with security policy and handles the network attacks dynamically.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.3
• /
• pp.311-321
• /
• 2003

A current firewall or IDS (intrusion detection system) of the network level suffers from many vulnerabilities in internal computing servers. For a secure Linux implementation using system call hooking, this paper defines two requirements such as the multi-level security function of TCSEC B1 and a prevention of hacking attacks. This paper evaluates the secure Linux implemented in terms of the mandatory access control, anti-hacking and performance overhead, and thus shows the security, stability and availability of the multi-level secure Linux. At the kernel level this system protects various hacking attacks such as using Setuid programs, inserting back-door and via-attacks. The performance degradation is an average 1.18% less than other secure OS product.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.8
• /
• pp.67-76
• /
• 2019

Along with the diversification of digital content services using wired/wireless networks, the market for the construction of base systems is growing rapidly. Cloud computing services are recognized for a reasonable cost of service and superior system operations. Cloud computing is convenient as far as system construction and maintenance are concerned; however, owing to the security risks associated with the system construction of actual cloud computing service, the ICT(Information and Communications Technologies) market is lacking regardless of its many advantages. In this paper, we conducted an experiment on a cloud computing security enhancement model to strengthen the security aspect of cloud computing and provide convenient services to the users. The objective of this study is to provide secure services for system operation and management while providing convenient services to the users. For secure and convenient cloud computing, a single sign-on (SSO) technique and a system access control technique are proposed. For user authentication using SSO, a security level is established for each user to facilitate the access to the system, thereby designing the system in such a manner that the rights to access resources of the accessed system are not abused. Furthermore, using a user authentication ticket, various systems can be accessed without a reauthorization process. Applying the security technique to protect the entire process of requesting, issuing, and using a ticket against external security threats, the proposed technique facilitates secure cloud computing service.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.3
• /
• pp.1229-1248
• /
• 2016

With the feature of convenience and low cost, remote healthcare monitoring (RHM) has been extensively used in modern disease management to improve the quality of life. Due to the privacy of health data, it is of great importance to implement RHM based on a secure and dependable network. However, the network connectivity of existing RHM systems is unreliable in disaster area because of the unforeseeable damage to the communication infrastructure. To design a secure RHM system in disaster area, this paper presents a Secure VANET-Assisted Remote Healthcare Monitoring System (SVC) by utilizing the unique "store-carry-forward" transmission mode of vehicular ad hoc network (VANET). To improve the network performance, the VANET in SVC is designed to be a two-level network consisting of two kinds of vehicles. Specially, an innovative two-level key management model by mixing certificate-based cryptography and ID-based cryptography is customized to manage the trust of vehicles. In addition, the strong privacy of the health information including context privacy is taken into account in our scheme by combining searchable public-key encryption and broadcast techniques. Finally, comprehensive security and performance analysis demonstrate the scheme is secure and efficient.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.22 no.11
• /
• pp.2552-2562
• /
• 1997

This paepr presents a secure transmission system for document image using mixing algorithm. For this, we apply DM and RDM algorithm propoposed before. The transmitter embeds secretly the signature onto secure document, embeds it to non-secure document and transfers it to the receiver. The receiver makes a check of any forgery on the signature and the document. The total amount of data transmitted and the image quallity are about the same to that of the original document. Thus, a third party can not notice the fact that signatures and secure document is embedded on the document.