• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.6
• /
• pp.1204-1211
• /
• 2004

As the development of information telecommunication technology and thus the information sharing and opening is accelerated, f system is exposed to various threatener and the avrious security incident is rasing its head with social problem. As countermeasure, to protect safely and prepare in the attack for a system from a be latent security threat, various security systems are been using such as IDS, Firewall, VPN etc.. But, expertise or expert is required to handle security system. The module, implemented in this paper, is based on Windows XP, like Linux and Unix, and has effect integrity and non-repudiation for a file.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.3
• /
• pp.568-577
• /
• 2017

IEEE Std 1609.2 was defined for the support of communication security functions in the WAVE (Wireless Access in Vehicular Environments) system. IEEE Std 1609.2 defined the message structures of the security services and managements on the vehicular communication by using ASN.1 (Abstract Syntax Notation One). Also, this security message structures shall be encoded using the COER (Canonical Octet Encoding Rules). In this paper, we designed and implemented the IEEE Std 1609.2 message encoder/decoder handling the security messages defined in IEEE Std 1609.2. The designed encoder/decoder consists of three modules as follows : a module generating the message of C language data structures in accord with IEEE Std 1609.2 message structures, a message encoder module, a message decoder module. And the encoder/decoder was implemented on the Linux environment. Also we analyzed the performance by measuring the performance speed of the encoder/decoder implemented.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.637-640
• /
• 2003

Authentication between Server and Client is necessary in most of Internet Service because of increasing of using of Internet. Unix-based Server upgraded security of user authentication using "Shadow Password" instead of "crypt" function. But "Shadow Password" most use same authentication method about all services. But we individually can set user authentication method using PAM(Pluggable Authentication Module). This paper will propose user authentication system using Linux-PAM that use SMART CARD as authentication token.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.844-846
• /
• 2003

웹서비스 등 다양한 응용분야에서 리눅스 서버의 사용이 일반화되면서 침입으로 인한 정보 유출 문제 및 다른 시스템으로의 침입 등의 문제를 발생시키고 있다. 한번 침입을 받은 시스템의 경우 시스템 설정이 변경되거나 백도어가 설치되어 쉽게 재침입의 표적이 될 수 있다는 점에서 침입으로 인한 부작용을 최소화하는 것이 필요하다. 본 논문에서는 시스템 침입이 있더라도 시스템 설정을 변경하거나 백도어 설치를 할 수 없도록 제어하기 위한 파일 접근 제어 모듈을 제안한다.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.307-319
• /
• 2017

SELinux is known as a secure operating system that is easily accessible to users due to the popularization of Linux, and is applied to various security operating system references deployed on systems such as embedded systems and servers. However, if SELinux is applied without considering the performance overhead of activating the SELinux kernel module, the performance of the entire system may be degraded. In this paper, we describe the factors directly affecting the performance inside the SELinux kernel and show that it is possible to improve performance by simply reorganizing the policy without changing the SELinux kernel. This can be used as a reference when security administrators or developers apply SELinux.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.309-312
• /
• 2016

Considering that interkorean relations got worse and worse recently, cyber terror of North Korea has seriously become a possibility. Therefore, DoS(Denial of Service), a typical way of cyber terror, is becoming a big issue. Consequently, people are growing more and more interested in information security. Internal DoS attacks, out of a variety of ways of Dos attacks, include disks and memories and shortages of process resources. PAM(Pluggable Authentication Module) is one of the ways of preventing internal DoS attacks in Linux system. This paper provides with a method to internally respond to dos attacks and efficiently prevent shortages of resources by utilizing PAM.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.933-936
• /
• 2002

공격자는 시스템에 침입하기 위해 취약점을 수집하며 여러 공격방법을 통해 루트권한을 획득하게 된다. 루트권한을 획득한 공격자는 공격 시스템에 루트킷을 설치하여 침입에 대한 흔적을 숨기고 차후 침입을 위한 백도어를 남기게 되는데 최근 등장한 커널 기반의 루트킷은 시스템에 대한 침입 탐지를 어렵게 하고 있다. 이러한 공격에 대응하기 위해 침입탐지 및 차단을 위한 보안 시스템들이 많이 개발되어 왔지만 공격자들은 보안 시스템들을 우회하여 시스템에 침입하고 있다. 본 논문에서는 루트권한을 획득한 공격자의 불법행위를 막기 위해 시스템 보안 강화 LKM을 설계, 구현하며 중요 파일의 변조와 루트킷의 실치를 막고 공격자의 불법행위를 관리자에게 실시간으로 알릴 수 있는 방법을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.319-323
• /
• 2023

In intra-process isolation, file descriptors work as another attack vector from the memory corruption attacks. The attacker can read or write by corrupting file descriptors so they can escape the isolation. In this paper, we propose new lightweight capability-based access control system on file descriptor using ARM's hardware extension, PA(Pointer Authentication). Our system was implemented on Linux kernel module, only shows 5% overhead to control the access on the file descriptor.

• The Journal of the Korea Contents Association
• /
• v.18 no.3
• /
• pp.309-319
• /
• 2018

SELinux is used for system level security in various systems using Linux, and is now being used for device security such as IoT. However, since SELinux has inherent problems of execution time degradation, various studies have been conducted to solve this problem. In this paper, we show that performance can be improved through policy reconfiguration in the environment where the loadable module policy method, which is a general method using SELinux, is applied. By reconfiguring the access query table through the Priority-TE policy that gives priority to the type, it is possible to provide faster execution time for types requiring faster access query performance. This paper introduces the differences between SELinux policy configuration method in Monolithic environment and performance analysis. This can be used as a reference by security administrators or developers in applying SELinux.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.898-901
• /
• 2005

In this paper, we design an authorization policy module which provides the safty and reliable authorization of the user to provide the resolution for authorization in distributed environments. PKI have been utilized much by an information security-based structure for Internet electronic commerce, it is developing X.509-based in various application field such as a network security. Especially, it provides good resolution for the authentication of the user in the situation not to meet each other, but it is not enough to provide the resolution of the authorization in distributed computing environments. In this paper, We provide AAS model, which can be used distributed resources by distributed users, and design AAS model which is an authorization policy module in the Linux-based Apache Web server.