• Annual Conference of KIPS
• /
• 2003.11a
• /
• pp.357-360
• /
• 2003

본 논문에서는 Linux 운영체제에서의 kernel hardening을 설계 및 구현한다. 커널 내에서 panic 이 발생할 경우 복구가 가늠한 경우에는 정상적인 동작이 될 수 있도록 한다. 이렇게 함으로써 Linux Kernel Hardening 기능은 안정적인 커널의 동작을 보장한다. 본 논문에서 Lmux Kernel Hardening을 보장하기 위하여 커널 내 ASSERT() 함수를 중심으로 설계 및 구현을 한다.

• Journal of Institute of Control, Robotics and Systems
• /
• v.17 no.1
• /
• pp.38-46
• /
• 2011

The OPRoS (Open Platform for Robotic Service) framework provides uniform operating environment for service robots. As an OPRoS-based service robot has to support real-time as well as non-real-time applications, application of Windows NT kernel based operating system can be restrictive. On the other hand, various benefits such as rich library and device support and abundant developer pool can be enjoyed when service robots are built on Windows NT. The paper presents a user-mode component scheduler of OPRoS, which can provide near real-time scheduling service on Windows NT based on the restricted real-time features of Windows NT kernel. The component scheduler thread with the highest real-time priority in Windows NT system acquires CPU control. And then the component scheduler suspends and resumes each periodic component executors based on its priority and precedence dependency so that the component executors are scheduled in the preemptive manner. We show experiment analysis on the performance limitations of the proposed scheduling technique. The analysis and experimental results show that the proposed scheduler guarantees highly reliable timing down to the resolution of 10ms.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.5
• /
• pp.223-230
• /
• 2008

Dynamic update of kernel can change kernel functionality and fix bugs in runtime. Dynamic update is important because it leverages availability, reliability and flexibility of kernel. An instruction-granularity update technique has been used for dynamic update. However, it is difficult to apply update technique for a commodity operating system kernel because development and maintenance of update code must be performed with assembly language. To overcome this difficulty, we design the function-granularity dynamic update system which uses high-level language such as C language. The proposed update system makes the development and execution of update convenient by providing the development environment for update code which is same for kernel development. We implement this system for Linux and demonstrate an example of update for EXT3 file system. The update was successfully executed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.3
• /
• pp.547-553
• /
• 2004

Linux is the one of various RTOS, also embedded linux has being studied with focus on technical stability and commercial utilities. In this paper, the technical trial was discussed on the development of real-time operating system that provides real time capability and extends the network communications ability and would be applied to the maritime mobile communication system through analysis the embedded linux kernel. Some techniques for Analyzing the embedded linux kernel and designing the target board, making the kernel image and porting the kernel are summarized in this paper.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2003.11a
• /
• pp.119-125
• /
• 2003

Trusted operating systems (OS) provide the basic security mechanisms and services that allow a computer system to protect, distinguish, and separate classified data. This paper proposes a new concept of operating system security enhancement system which uses loadabel security kernel module (LSKM) or dynamic link library(DLL) and specific conditions for operational environment should be assumed.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.157-166
• /
• 2011

The virtualization layer is executed in higher authority layer than kernel layer and suitable for monitoring operating systems. However, existing virtualization monitoring systems provide simple information about the usage rate of CPU or memory. In this paper, the monitoring system using full virtualization technique is proposed, which can monitor virtual machine's dynamic kernel object as memory, register, GDT, IDT and system call table. To verify the monitoring system, the proposed system was implemented based on KVM(Kernel-based Virtual Machine) with full virtualization that is directly applied to linux kernel without any modification. The proposed system consists of KvmAccess module to access KVM's internal object and API to provide other external modules with monitoring result. In experiments, the CPU utilization for monitoring operations in the proposed monitering system is 0.35% when the system is monitored with 1-second period. The proposed monitoring system has a little performance degradation.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.8
• /
• pp.808-812
• /
• 2008

In recent years, the software vulnerability becomes an important problem to the safety in operating system kernel. Many organizations endeavor to publish patches soon after discovery of vulnerability. In spite of the effort, end-system administrators hesitate to apply the patches to their system. The reasons of hesitation are the reboot disruption and the distrust of patches. To solve this problem we propose a dynamic update system for non-updatable kernel, named DUNK. The DUNK provides: 1) a dynamic update mechanism at function-level granularity to overcome the reboot disruption and 2) a safety verification mechanism to overcome the distrust problem, named MAFIA. In this paper, we describe the design of DUNK and detailed algorithm of MAFIA.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.8
• /
• pp.1528-1534
• /
• 2007

This paper describes the environment configuration for the development of an embedded gadget system and the architecture and operation of Linux kernel for embedded system applications, which is used for a gadget. It shows and analyzes the operations of Linux kernel to investigate the functions and components for new intelligent embedded gadget systems. The requested functions and operations adaptable for the new intelligent embedded system will be applicable to develop a new small size operating system that supports intelligent operations for the embedded gadget system used for intelligent personal information services. We configure the environment of development for an embedded gadget system and its application.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.1
• /
• pp.37-48
• /
• 2011

Sensor networks monitor the environment, collect sensed data, and relay the data back to a collection point. Although sensor nodes have very limited hardware resources, they require an operating system that can provide efficient resource management and various application environments. In addition, the wireless sensor networks require the code update previously deployed to patch bugs in program and to improve performance of kernel service routines and application programs. This paper presents EPRCU (Easy to Perform Remote Code Update), a new operating system for wireless sensor nodes, which has enhanced functionalities to perform remote code update. To achieve an efficient code update, the EPRCU provides dynamic memory allocation and program memory management. It supports the event-driven kernel, which uses priority-based scheduling with the application of aging techniques. Therefore, the proposed operating system is not only easy to perform wireless communication with the remote code update but also suitable for various sensor network applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.4
• /
• pp.33-43
• /
• 2001

This paper presents a secure Linux OS in which multi-level security functions are implemented at the kernel level. Current security efforts such as firewall or intrusion detection system provided in application-space without security features of the secure OS suffer from many vulnerabilities. However the development of the secure OS in Korea lies in just an initial state, and NSA has implemented a prototype of the secure Linux but published just some parts of the technologies. Thus our commercialized secure Linux OS with multi-level security kernel functions meets the minimum requirements for TCSEC B1 level as well kernel-mode encryption, real-time audit trail with DB, and restricted use of root privileges.