• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.145-154
• /
• 2003

Current security efforts provided in such as firewall or IDS (intrusion detection system) of the network level suffer from many vulnerabilities in internal computing servers. Thus the necessity of secure OS is especially crucial in today's computing environment. This paper identifies secure OS requirements, analyzes tile research trends for secure Linux in terms of security kernel, and provides the descriptions of the multi-level security(MLS) Linux kernel which we have implemented. This security kernel-based Linux meets the minimum requirements for TCSEC Bl class as well providing anti-hacking, real-time audit trailing, restricting of root privileges, and enterprise suity management functions.

• Journal of the Korean Statistical Society
• /
• v.20 no.1
• /
• pp.1-28
• /
• 1991

Considerable progress on the problem of data-driven bandwidth selection in kernel density estimation has been made recently. The goal of this paper is to provide an introduction to the methods currently available, with discussion at both a practical and a nontechnical theoretical level. The main setting considered here is global bandwidth kernel estimation, but some recent results on variable bandwidth kernel estimation are also included.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.8
• /
• pp.2895-2912
• /
• 2014

Content-based image retrieval has been the most important technique for managing huge amount of images. The fundamental yet highly challenging problem in this field is how to measure the content-level similarity based on the low-level image features. The primary difficulties lie in the great variance within images, e.g. background, illumination, viewpoint and pose. Intuitively, an ideal similarity measure should be able to adapt the data distribution, discover and highlight the content-level information, and be robust to those variances. Motivated by these observations, we in this paper propose a probabilistic similarity learning approach. We first model the distribution of low-level image features and derive the free energy kernel (FEK), i.e., similarity measure, based on the distribution. Then, we propose a learning approach for the derived kernel, under the criterion that the kernel outputs high similarity for those images sharing the same class labels and output low similarity for those without the same label. The advantages of the proposed approach, in comparison with previous approaches, are threefold. (1) With the ability inherited from probabilistic models, the similarity measure can well adapt to data distribution. (2) Benefitting from the content-level hidden variables within the probabilistic models, the similarity measure is able to capture content-level cues. (3) It fully exploits class label in the supervised learning procedure. The proposed approach is extensively evaluated on two well-known databases. It achieves highly competitive performance on most experiments, which validates its advantages.

• Journal of Distribution Research
• /
• v.10 no.3
• /
• pp.1-14
• /
• 2005

It is important to control performance and a Sustainable Collaboration (SC) for the successful Supply Chain Management (SCM). This research developed a control model which analyzed SCM performances based on a Balanced Scorecard (ESC) and an SC using Support Vector Machine (SVM). 108 specialists of an SCM completed the questionnaires. We analyzed experimental data set using SVM. This research compared the forecasting accuracy of an SCMSC through four types of SVM kernels: (1) linear, (2) polynomial (3) Radial Basis Function (REF), and (4) sigmoid kernel (linear > RBF > Sigmoid > Polynomial). Then, this study compares the prediction performance of SVM linear kernel with Artificial Neural Network. (ANN). The research findings show that using SVM linear kernel to forecast an SCMSC is the most outstanding. Thus SVM linear kernel provides a promising alternative to an SC control level. A company which pursues an SCM can use the information of an SC in the SVM model.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.2 no.3
• /
• pp.145-154
• /
• 2007

Dynamic update of kernel can change kernel functionality and fix bugs in runtime. Dynamic update is important because it leverages availability, reliability and flexibility of kernel. An instruction-granularity update technique has been used for dynamic update. However, it is difficult to apply update technique for a commodity operating system kernel because development and maintenance of update code must be performed with assembly language. To overcome this difficulty, we design the function-granularity dynamic update system which uses high-level language such as C language. The proposed update system makes the development and execution of update convenient by providing the development environment for update code which is same for kernel development. We implement this system for Linux and demonstrate an example of update for do_coredump() function which is reported it has a vulnerable point for security. The update was successfully executed.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.3
• /
• pp.107-114
• /
• 2005

In this paper. we propose an architecture of IEEE1394 device driver for RTLinux. The device driver has two interfaces for applications running on the RTLinux kernel and Linux kernel. With the interfaces, the device driver simultaneously supports RT-Thread of RTLinux kernel and user level process of Linux kernel. This architecture could be a reference for designing other device driver on the dual kernel platform.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.337-344
• /
• 2023

Modern OSs, including Linux, show high scalability by adopting a monolithic kernel design, but have weak security because they share all memory space. This study presents a kernel module that are isolated inside the kernel using WebAssembly. WebAssembly provides a high-performance virtual machine by defining a low-level instruction set while guaranteeing memory safety. In this paper, the WebAssembly execution environment is implemented inside the kernel, allowing developers to control the operation of kernel modules and achieving higher security.

• Proceedings of the KIEE Conference
• /
• 1987.07b
• /
• pp.1133-1136
• /
• 1987

In designing and implementing of a distributed system, a programming language which can describe and implement the various interactions between distributed processes in distributed systems is indispensible. High level language constructs such as concurrency. process synchronization between distributed processes and mutually exclusive access to common data could be built in a distributed programming language under the proper support of a language kernel. In this paper, we studied the language constructs a distributed programming language must have and specified the kernel supports necessary in implementing that high level language constructs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.13-25
• /
• 2005

In these days, there are various uses of Linux such as small embedded systems, routers, and huge servers, because Linux gives several advantages to system developers by allowing to use the open source code of the Linux kernel. On the other hand, the open source nature of the Linux kernel gives a bad influence on system security. If someone wants to exploit Linux-based systems, the attacker can easily do it by finding vulnerabilities of their Linux kernel sources. There are many kinds of existing methods for lading source-level vulnerabilities of softwares, but they are not suitable for finding source-level vulnerabilities of the Linux kernel which has an enormous amount of source code. In this paper, we propose the Onion mechanism as a methodology of finding source-level vulnerabilities of Linux kernel variables. The Onion mechanism is made up of two steps. The Int step is to select variables that may be vulnerable by using pattern matching mechanism and the second step is to inspect vulnerability of each selected variable by constructing and analyzing the system call trees. We also evaluate our proposed methodology by applying it to two well-known source-level vulnerabilities.

• ETRI Journal
• /
• v.29 no.3
• /
• pp.270-280
• /
• 2007

In Linux, real-time tasks are supported by separating real-time task priorities from non-real-time task priorities. However, this separation of priority ranges may not be effective when real-time tasks make the system calls that are taken care of by the kernel threads. Thus, Linux is considered a soft real-time system. Moreover, kernel threads are configured to have static priorities for throughputs. The static assignment of priorities to kernel threads causes trouble for real-time tasks when real-time tasks require kernel threads to be invoked to handle the system calls because kernel threads do not discriminate between real-time and non-real-time tasks. We present a dynamic kernel thread scheduling mechanism with weighted average priority inheritance protocol (PIP), a variation of the PIP. The scheduling algorithm assigns proper priorities to kernel threads at runtime by monitoring the activities of user-level real-time tasks. Experimental results show that the algorithms can greatly improve the unexpected execution latency of real-time tasks.