• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2174-2177
• /
• 2003

Internet is exposed to network attacks as Internet has a security weakness. Network attacks which are virus, system intrusion, and deny of service, put Internet in the risk of hacking, so the damage of public organization and banking facilities are more increased. So, it is necessary that the security technologies about intrusion detection and controlling attacks minimize the damage of hacking. Router is the network device of managing traffic between Internets or Intranets. The damage of router attack causes the problem of the entire network. The security technology about router is necessary to defend Internet against network attacks. Router has the need of access control and security skills that prevent from illegal attacks. We developed integrated security management framework for secure networking and kernel-level security engine that filters the network packets, detects the network intrusion, and reports the network intrusion. The security engine on the router protects router or gateway from the network attacks and provides secure networking environments. It manages the network with security policy and handles the network attacks dynamically.

• Proceedings of the KAIS Fall Conference
• /
• 2011.12b
• /
• pp.565-568
• /
• 2011

Google Android framework consists of an operating system and software platform for mobile devices. Using a general-purpose Linux operating system in mobile device has some advantages but also security risks. Security-Enhanced Linux (SELinux) is a kernel-based protection approach which can help to reduce potential damage from successful attacks. However, there are some challenges to integrate SELinux in Android. In this research, we do a study on how to do the integration and find out four challenges. The first one is that the Android file system (yaff2) does not support security namespace for extended attribute (xattr) which is required by SELinux. The second one is that it's difficult to apply SELinux policy to Dalvik process on which an Android application runs on. The third one is that Android lacks methods, tools and libraries to interact with SELinux. The last one is how to update the SELinux policy automatically when installing or removing an application. In this paper, we propose solutions for the above limitations that make the SELinux more adaptive and suitable for Android framework.

• KIISE Transactions on Computing Practices
• /
• v.23 no.1
• /
• pp.80-84
• /
• 2017

Existing operating systems experience scalability issues as the number of cores increases. The network I/O performance on manycore systems is faced with the major limiting factors of cache consistency costs and locking overheads. Legacy methods resolve this issue include the new microkernel-like operating system or modification of existing kernels; however, these solutions are not fully application transparent. In this study, we proposed a library that improves the network performance by separating system call context from user context and by applying the core affinity without any kernel and application modifications. Experiment results showed that our implementation can improve the network throughput of Apache by up to 30%.

• The KIPS Transactions:PartD
• /
• v.9D no.1
• /
• pp.153-160
• /
• 2002

This paper describes the design and implementation of library for real-time operating system Q+, that was developed for the internet appliance. The library in the real-time operating system should be defined according to the standard interface and support the functions that are adequate to the real-time application. To ensure the compatibility between application programs, the Q+ library follows industrial and international standards, such as POSIX.1, ISO 7942 GKS. And, to support the Q+ application, library provides C standard functions, graphic/window functions, network functions, security support functions, file system functions. The Q+ library was implemented using the Q+ kernel, Digital TV set-top box, and KBUG debugging tool.

• Journal of information and communication convergence engineering
• /
• v.1 no.1
• /
• pp.12-22
• /
• 2003

Real-time(RT) object-oriented(OO) distributed computing is a form of RT distributed computing realized with a distributed computer system structured in the form of an object network. Several approached proposed in recent years for extending the conventional object structuring scheme to suit RT applications, are briefly reviewed. Then the approach named the TMO (Time-triggered Message-triggered Object) structuring scheme was formulated with the goal of instigating a quantum productivity jump in the design of distributed time triggered simulation. The TMO scheme is intended to facilitate the pursuit of a new paradigm in designing distributed time triggered simulation which is to realize real-time computing with a common and general design style that does not alienate the main-stream computing industry and yet to allow system engineers to confidently produce certifiable distributed time triggered simulation for safety-critical applications. The TMO structuring scheme is a syntactically simple but semantically powerful extension of the conventional object structuring approached and as such, its support tools can be based on various well-established OO programming languages such as C++ and on ubiquitous commercial RT operating system kernels. The Scheme enables a great reduction of the designers efforts in guaranteeing timely service capabilities of application systems

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.865-874
• /
• 2005

The information stored in the computer system needs to be protected from unauthorized access, malicious destruction or alteration and accidental inconsistency. In this paper, we propose an intrusion detection system based on sensor concept for defecting and preventing malicious attacks We use software sensor objects which consist of sensor file for each important directory and sensor data for each secret file. Every sensor object is a sort of trap against the attack and it's touch tan be considered as an intrusion. The proposed system is a new challenge of setting up traps against most interception threats that try to copy or read illicitly programs or data. We have implemented the proposed system on the Linux operating system using loadable kernel module technique. The proposed system combines host~based detection approach and network-based one to achieve reasonably complete coverage, which makes it possible to detect unknown interception threats.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.8
• /
• pp.1726-1731
• /
• 2003

The firewall is generally used to protect the internal information system from intruders and hackers who attack through the Internet. However, it is very difficult for a user to verify the performance of the firewall as well as the difference of the performance for the operating mode such as Bridge Mode and Gateway Mode. In this paper, the performance of a firewall on the operating systems or windows 2000, Linux, and FreeBSD is compared. Finally, The performance of a firewall on the FreeBSD is compared at different operating modes and the effect of the number of rules by testing throughput of a firewall is analyzed.

• Korean Journal of Air-Conditioning and Refrigeration Engineering
• /
• v.6 no.4
• /
• pp.406-416
• /
• 1994

In this study the reactor design procedure and method of solid-solid-gas chemical heat pump system using STELF technology were investigated. For manufacturing IMPEX block which is the kernel of reactor, proper salt pair should be selected, and equilibrium temperature drop and COP should be examined for selected salt pair. Moreover, apparent density, residual porosity, and graphite ratio should be calculated to give minimum block volume and mass, and maximum energy density without causing heat and mass transfer problems. Since heat exchange area can be changed with operating condition, reactor diameter, length, and stainless steel thickness should be decided for desired specifications. These procedure and method were applied to the case study of 6kW cold production and 8 hours storage capacity reactor.

• Annual Conference of KIPS
• /
• 2005.05a
• /
• pp.1679-1682
• /
• 2005

최근 SoC를 포함하는 대부분의 임베디드시스템에서는 RTOS가 선택이 아닌 필수적인 구성요소가 됨에 따라 SoC 개발의 초기단계에서부터 RTOS를 도입하는 것이 바람직하다. 하지만, 기존의 범용 RTOS가 제공하는 기능은 대부분 응용 소프트웨어의 개발과 수행을 위한 것으로 SoC 개발 및 검증에는 적합하지 않은 문제점을 가지고 있다. 본 연구에서는 SoC 개발을 위해 운영체제가 만족시켜야할 요구사항을 제시하고, 소프트웨어의 재사용성과 SoC의 검증을 함께 지원하는 VPOS(Verification-Purpose OS)를 개발하였다. VPOS는 초경량의 단순한 계층적 구조(layered structure)를 가지는 RTOS로서 소프트웨어 재사용을 위해 POSIX 표준 API, 유닉스 호환 디바이스 드라이버 인터페이스, HAL 등을 제공한다. 또한 SoC 설계의 검증을 위해 RT 수준의 통합시뮬레이션에 적합한 커널 구조 및 최적화된 코드, 하드웨어 테스트를 위한 쉘 명령어, 응용 소프트웨어의 디버깅을 위한 KREM(kernel resource and event monitoring) 등의 특징을 함께 제공한다.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.99-111
• /
• 2022

With current battlefield environment relying heavily on Network Centric Warfare(NCW), existing weaponary systems are evolving into a new concept that converges IT technology. Majority of the weaponary systems are implemented with numerous embedded softwares which makes such softwares a key factor influencing the performance of such systems. Furthermore, due to the advancements in both IoT technoogies and embedded softwares cyber threats are targeting various embedded systems as their scope of application expands in the real world. Weaponary systems have been developed in various forms from single systems to interlocking networks. hence, system level cyber security is more favorable compared to application level cyber security. In this paper, a secure real-time operating system has been designed, implemented and measured to protect embedded softwares used in weaponary systems from unknown cyber threats at the operating system level.