Browse > Article
http://dx.doi.org/10.3745/KTCCS.2014.3.11.427

A Study for Task Detection Acquiring Abnormal Permission in Linux  

Kim, Won-Il (유한대학 컴퓨터정보과)
Yoo, Sang-Hyun ((주)아이지코)
Kwak, Ju-Hyun ((주)아이지코)
Lee, Chang-Hoon (건국대학교 컴퓨터공학과)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.3, no.11, 2014 , pp. 427-432 More about this Journal
Abstract
The Purpose of local system attacks is to acquire administrator's(root) privilege shell through the execution of the malicious program or change the flow of the program. This acquiring shell through attack is still valid approach method and it is difficult to cope with improving each of vulnerability because the attacker can select various forms of attack. Linux allocate a set of credentials when login, in order to manage user permissions. Credentials were issued and managed by the kernel directly, and also the kernel ensures that any change cannot be occurred outside of kernel. But, user's credentials that acquired root privilege through system attacks occurs a phenomenon that does not remain consistent. In this paper we propose a security module to detect a security threats that may cause to users and tasks by analysis user task execution and inconsistency credentials.
Keywords
Credentials; Security Module; Privilege Escalation; IDPS;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 SCARFONE, Karen; MELL, Peter. Guide to intrusion detection and prevention systems(idps). NIST special publication, 2007, 800.2007: 94.
2 Johri, Abhai, and Gary L. Luckenbaugh, "Trusted path mechanism for an operating system," U.S. Patent No. 4,918,653, 17 Apr., 1990.
3 Ozdoganoglu, Hilmi, et al., "SmashGuard: A hardware solution to prevent security attacks on the function return address," Computers, IEEE Transactions on 55.10(2006): 1271-1285.   DOI   ScienceOn
4 RICHARTE, Gerardo, et al. Four different tricks to bypass stackshield and stackguard protection. World Wide Web, http://www1.corest.com/files/files/11/StackGuardPaper.pdf, 2002.
5 http://www.exploit-db.com/wp-content/themes/exploit/docs/27657.pdf
6 Cowan, Crispin, et al., "StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks," Proceedings of the 7th USENIX Security Symposium, Vol. 81, 1998.
7 Ju-Hyuk Kim, Soo-Hyun Oh, "Detection Mechanism against Code Re-use Attack in Stack region," Journal of the Korea Academia-Industrial cooperation Society, Vol.15 No.5, pp.3121-3131, 2014.   과학기술학회마을   DOI
8 TRAN, Minh, et al., On the expressiveness of return-intolibc attacks. In: Recent Advances in Intrusion Detection. Springer Berlin Heidelberg, pp.121-141, 2011.
9 LETOU, Kopelo; DEVI, Dhruwajita; SINGH, Y. Jayanta. Host-based Intrusion Detection and Prevention System (HIDPS), International Journal of Computer Applications, 69.26: 28-33, 2013.
10 GOVINDARAJAN, M.; CHANDRASEKARAN, R. M. Intrusion detection using neural based hybrid classification methods, Computer networks, 55.8: 1662-1671, 2011.   DOI
11 http://lwn.net/Articles/262464
12 https://www.kernel.org/doc/Documentation/security/credentials.txt
13 http://www.linfo.org/su.html
14 http://en.wikipedia.org/wiki/System_call
15 Wright, Chris, et al. "Linux security module framework." Ottawa Linux Symposium. Vol.8032. 2002.
16 McGrath, R. and W. Akkerman, "Source Forge Strace Project," 2004.