• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1214-1217
• /
• 2007

대부분의 기관들은 악의적인 행위들을 포착하거나 시스템과 데이터를 보호하고 사고에 대응하기 위한 시도들을 지원하기 위해 몇 가지 형태의 네트워크 기반 보안솔루션을 사용하고 있다. 하지만 기존 네트워크 레벨 보안의 한계로 인하여 시스템 상에서 일어나는 행위를 제어하기 위한 차세대 보안솔루션으로 보안운영체제를 도입하고 있다. 최근에는 전자금융거래법 등의 세칙에 의해 정보처리 시스템 내의 정보의 유출, 변조 및 파괴 등을 보호하는 것은 물론 세부 작업 내역의 로깅에 대한 요구가 지속적으로 증가하고 있다. 이에 본 논문에서는 보안레이블에 의한 시스템 보안 강화 기술을 소개하고 강제적 접근 제어 결과에 의해 생성되는 보안 로그에 대한 구체적인 관리 전략을 제시한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.616-619
• /
• 2008

In this paper, we design and implement the authentication system for home network service and applied it to actual sensor nodes. We achieved authentication key, encryption and decryption applied RC5 encryption algorithm of SNEP. In addition, we used pair-wise key pre-distribution for prevention of authentication sniffing in wireless sensor network. The experiment environment consists of a base station receiving data and sensor nodes sending data. Each sensor nodes sends both the data and encrypted authentication key to the base station. As a simulation environment, we assumed some what-if scenarios of security menaces in home network service. And we slightly altered the TOS_Msg construction of TinyOS. The experiences had shown that the malfunction doesn't happen in communication among other groups. And we confirmed in tests that the system is secure when a sensor having malicious propose is added.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.79-86
• /
• 2004

In general, operating system is offering the security function of OS level to support several web services. However, it is true that security side of OS level is weak from many parts. Specially, it is needed to audit/trace function in security kernel level to satisfy security more than B2 level that define in TCSEC(Trusted Computer System Evaluation Criteria). So we need to create audit data at system call invocation for this, and do to create audit data of equal format about almost event and supply information to do traceback late. This Paper Proposes audit/trace system module that use LKM(Loadable Kernel Module) technique. It is applicable without alteration about existing linux kernel to ensure safe evidence. It offers interface that can utilize external audit data such as intrusion detection system, and also offers safe role based system that is divided system administrator and security administrator These data will going to utilize to computer forensics' data that legal confrontation is Possible.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.27-32
• /
• 2014

Utilization of web application has been widely spread and complication in recent years by the rapid development of network technologies and changes in the computing environment. The attack being target of this is increasing and the means is diverse and intelligent while these web applications are using to a lot of important services. In this paper, we proposed security model using virtualization technology to prevent attacks using vulnerabilities of web application. The request information for query in a database server also can be recognized by conveying to the virtual web server after ID is given to created session by the client request and the type of the query is analyzed in this request. VM-Master module is constructed in order to monitor traffic between the virtual web servers and prevent the waste of resources of Host OS. The performance of attack detection and resource utilization of the proposed method is experimentally confirmed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.12
• /
• pp.5375-5400
• /
• 2016

IOMMU is a hardware unit that is indispensable for DMA. Besides address translation and remapping, it also provides I/O virtual address space isolation among devices and memory access control on DMA transactions. However, currently commodity virtualization platforms lack of IOMMU virtualization, so that the virtual machines are vulnerable to DMA security threats. Previous works focus only on DMA security problem of directly assigned devices. Moreover, these solutions either introduce significant overhead or require modifications on the guest OS to optimize performance, and none can achieve high I/O efficiency and good compatibility with the guest OS simultaneously, which are both necessary for production environments. However, for simulated virtual devices the DMA security problem also exists, and previous works cannot solve this problem. The reason behind that is IOMMU circuits on the host do not work for this kind of devices as DMA operations of which are simulated by memory copy of CPU. Motivated by the above observations, we propose an IOMMU para-virtualization solution called PVIOMMU, which provides general functionalities especially DMA security guarantees for both directly assigned devices and simulated devices. The prototype of PVIOMMU is implemented in Qemu/KVM based on the virtio framework and can be dynamically loaded into guest kernel as a module, As a result, modifying and rebuilding guest kernel are not required. In addition, the device model of Qemu is revised to implement DMA access control by separating the device simulator from the address space of the guest virtual machine. Experimental evaluations on three kinds of network devices including Intel I210 (1Gbps), simulated E1000 (1Gbps) and IB ConnectX-3 (40Gbps) show that, PVIOMMU introduces little overhead on DMA transactions, and in general the network I/O performance is close to that in the native KVM implementation without IOMMU virtualization.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.5
• /
• pp.41-51
• /
• 2015

In order to hide their identities, intruders on the Internet often attack targets indirectly by staging their attacks through intermediate hosts known as stepping stones. In this paper, we propose a brute-force technique to detect the stepping stone behavior on a Linux server where some shell processes remotely logged into using interactive services are trying to connect other hosts using the same interactive services such as Telnet, Secure Shell, and rlogin. The proposed scheme can provide an absolute solution even for the encrypted connections using SSH because it traces the system calls of all processes concerned with the interactive service daemon and their child processes. We also implement the proposed technique on a CentOS 6.5 x86_64 environment by the ptrace system call and a simple shell script using strace utility. Finally the experimental results show that the proposed scheme works perfectly under test scenarios.

• The KIPS Transactions:PartC
• /
• v.15C no.5
• /
• pp.329-342
• /
• 2008

The Sensor Networks have limitations in utilizing energies, developing energy-efficient routing protocol and secure routing protocol are important issues in Sensor Network. In the field of data management, Tributaries and Deltas(TD) which incorporates tree topology and multi-path topology effectively have been suggested to provide efficiency and robustness in data aggregation. And our research rendered hierarchical property to TD and proposed Clustering-based Tributaries-Deltas. Through this new structure, we integrated efficiency and robustness of TD structure and advantages of hierarchical Sensor Network. Clustering-based Tributaries-Deltas was proven to perform better than TD in two situations through our research. The first is when a Base Station (BS) notices received information as wrong and requests the network's sensing data retransmission and aggregation. And the second is when the BS is mobile agent with mobility. In addition, we proposed key establishment mechanism proper for the newly proposed structure which resulted in new Sensor Network structure with improved security and energy efficiency as well. We demonstrated that the new mechanism is more energy-efficient than previous one by analyzing consumed amount of energy, and realized the mechanism on TmoteSKY sensor board using TinyOS 2.0. Through this we proved that the new mechanism could be actually utilized in network design.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.2C
• /
• pp.140-156
• /
• 2012

Since most of recently launched smart devices support NFC(Near Field Communication), RFID applications are tend to be replaced. For instance, previous RFID application areas such as entrance control, mobile e-ticket, electronic payment and et. al are subject to change using NFC. Due to the limitation of passive communication in RFID, it is impossible to cover all security requirements of authentication and authorization mechanism that wide areas of applications demand. Therefore authentication and authorization mechanism based on NFC is very attractive to such applications because active communication methods make it possible to be highly secure in authentication and authorization. In this paper, authors propose a new approach of secure authentication and authorization mechanism using NFC smart devices based on EAP(Extensible Authentication Protocol) and AAA(Authentication, Authorization and Accounting) protocols.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.99-111
• /
• 2022

With current battlefield environment relying heavily on Network Centric Warfare(NCW), existing weaponary systems are evolving into a new concept that converges IT technology. Majority of the weaponary systems are implemented with numerous embedded softwares which makes such softwares a key factor influencing the performance of such systems. Furthermore, due to the advancements in both IoT technoogies and embedded softwares cyber threats are targeting various embedded systems as their scope of application expands in the real world. Weaponary systems have been developed in various forms from single systems to interlocking networks. hence, system level cyber security is more favorable compared to application level cyber security. In this paper, a secure real-time operating system has been designed, implemented and measured to protect embedded softwares used in weaponary systems from unknown cyber threats at the operating system level.

• ETRI Journal
• /
• v.32 no.5
• /
• pp.665-675
• /
• 2010

Recent research on mobile Internet protocol television and digital right management (DRM) interconnections has focused on multimedia technologies designed to enhance content scalability and adaptive content distribution. However, due to the architectural and scalable limitations, recent systems are not flexible and securable with respect to their adaptive content distribution and protective policy management. Therefore, we propose a content protective multi-agent platform that provides secure multimedia services, correlation management, pattern-based management, and multi-source multi-use (MsMu)-based services. Our architecture, supported by DRM, lets us create a rich set of MsMu-based content protection and seamless multimedia services through the extension of one source multi-use (OsMu)-based content services. We have verified our platform, which provides scalable and securable services with a 17% lower service response time by using a testbed.