• IEMEK Journal of Embedded Systems and Applications
• /
• v.10 no.6
• /
• pp.335-343
• /
• 2015

As the usage of mobile devices becomes diverse, a number of attacks on Android also have increased. Among the attacks, Android can be compromised by flashing a new image of compromised Android Linux. In order to solve this problem, we propose SeBo (Secure Boot System) which prevents compromised Android Linux by guaranteeing secure boot environment for mobile devices based on ARM TrustZone architecture. SeBo checks the hash value of the Android Linux image before the Android Linux executes. SeBo detects all the attacks within 5 seconds. Moreover, since SeBo only trusts the Secure Bootloader from Secure World, SeBo can reduce the additional overhead of checking the Normal Bootloader from Normal World.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.4
• /
• pp.33-43
• /
• 2001

This paper presents a secure Linux OS in which multi-level security functions are implemented at the kernel level. Current security efforts such as firewall or intrusion detection system provided in application-space without security features of the secure OS suffer from many vulnerabilities. However the development of the secure OS in Korea lies in just an initial state, and NSA has implemented a prototype of the secure Linux but published just some parts of the technologies. Thus our commercialized secure Linux OS with multi-level security kernel functions meets the minimum requirements for TCSEC B1 level as well kernel-mode encryption, real-time audit trail with DB, and restricted use of root privileges.

• Journal of Information Processing Systems
• /
• v.16 no.1
• /
• pp.42-48
• /
• 2020

This paper proposes an operating system architecture for unmanned aerial vehicle (UAV), which is secure against root exploit, resilient to connection loss resulting in the control loss, and able to utilize common applications used in Linux. The Linux-based UAVs are exposed to root exploit. On the other hand, the microkernel-based UAVs are not able to use the common applications utilized in Linux, even though which is secure against root exploit. For this reason, the proposed architecture uses a virtualized microkernel on the Linux operating system to isolate communication roles and prevent root exploit. As a result, the suggested Operating system is secure against root exploit and is able to utilize the common applications at the same time.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.3
• /
• pp.311-321
• /
• 2003

A current firewall or IDS (intrusion detection system) of the network level suffers from many vulnerabilities in internal computing servers. For a secure Linux implementation using system call hooking, this paper defines two requirements such as the multi-level security function of TCSEC B1 and a prevention of hacking attacks. This paper evaluates the secure Linux implemented in terms of the mandatory access control, anti-hacking and performance overhead, and thus shows the security, stability and availability of the multi-level secure Linux. At the kernel level this system protects various hacking attacks such as using Setuid programs, inserting back-door and via-attacks. The performance degradation is an average 1.18% less than other secure OS product.

• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.145-154
• /
• 2003

Current security efforts provided in such as firewall or IDS (intrusion detection system) of the network level suffer from many vulnerabilities in internal computing servers. Thus the necessity of secure OS is especially crucial in today's computing environment. This paper identifies secure OS requirements, analyzes tile research trends for secure Linux in terms of security kernel, and provides the descriptions of the multi-level security(MLS) Linux kernel which we have implemented. This security kernel-based Linux meets the minimum requirements for TCSEC Bl class as well providing anti-hacking, real-time audit trailing, restricting of root privileges, and enterprise suity management functions.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10a
• /
• pp.629-631
• /
• 2000

인터넷환경에서 네트워크구축이 보편화된 요즈음, 보안문제가 이슈로 대두되고 있다. 대형 네트워크상에서는 벌써 수년 전부터 방화벽이 보안장비의 중추를 담당하며 사용되고 있으나, 중소규모의 네트워크 환경을 유지관리하기 위한 보호대책은 미비한 편이다. 특히 라우터 전후에서 기능을 하는 방화벽 외에 대형 네트워크 안에서 중소규모의 네트워크를 운영하고자 할 때, 새로운 방화벽 서버를 사용할 수 있다면, 작은 규모의 네트워크에 적합한 패킷필터링이 가능하여, 외부의 침입으로부터 좀 더 안전한 네트워크의 구성이 가능해진다. 본 논문에서는 상대적으로 비용이 저렴하고 setup이 간단한 Linux 방화벽을 통해 외부망에서 접근할 수 없는 사설(private) IP주소를 사용하는 사설망(Private Network)안에 서버를 구성했을 때, Secure Shell에서 지원하는 Port forwarding 기능을 사용하여, 사설망안에 위치한 웹서버, 메일서버등에 접근할 수 있는 방법을 제시하고자 한다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.4 no.4
• /
• pp.137-142
• /
• 1999

This paper applies role-based access control(RBAC) policy for solving security problems when it will be operated business of many field on the Linux sever environments and designed RBAC＿Linux security systems that it is possible to manage security systems on the Linux environments. In this paper, the RBAC_Linux is security system which is designed for applicable on the Linux enviroment The applying RBAC model is based on RBAC96 model due to Sandhu et al. Therefor, the using designed RBAC_Linux security system on the Linux sever system have the advantage of the following: it can be implemented sever system without modifying its source code, high migration, easy and simple of secure managing.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10a
• /
• pp.635-637
• /
• 2000

Linux는 다양한 하드웨어 플랫폼을 지원하며, 강력한 네트워크 지원 기능, 다양한 형식의 파일시스템 지원 기능 등 높은 성능을 자랑한다. 그러나, 소스코드의 공개로 인하여 많은 보안상의 취약성을 내포하고 있으며, 최근 이를 이용한 해킹사고가 많이 발생하고 있다. 본 논문에서는 Linux상에 상존하는 보안 취약성을 조사하고, 보안 요구사항을 도출하며, 최근 해킹의 상당부분을 차지하고 있는 Buffer Overflow 공격 방지를 위한 방안으로 커널 수정을 통해 Secure Linux를 개발하고자 한다.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.385-390
• /
• 2001

In this paper, we describe a blocking method of buffer overflow attack for secure operating system. Our team developed secure operating system using MAC and ACL access control added on Linux kernel. We describe secure operating system (SecuROS) and standardized Secure utility and library. A working prototype able to detect and block buffer overflow attack is available.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.557-564
• /
• 2001

Many people use Linux and FreeBSD because it is freeware and excellent performance. The open source code is very important feature but it also has some problem which may be attacked by hackers frequently. This paper describes the SecuROS of secure operating system that is best solution to this problem and introduces user and programmer interface for active use of secure operating system. Developed secure operating system is composed of the access control method MAC and ACL and conforms to the POSIX which is universally used.