• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.13-25
• /
• 2005

In these days, there are various uses of Linux such as small embedded systems, routers, and huge servers, because Linux gives several advantages to system developers by allowing to use the open source code of the Linux kernel. On the other hand, the open source nature of the Linux kernel gives a bad influence on system security. If someone wants to exploit Linux-based systems, the attacker can easily do it by finding vulnerabilities of their Linux kernel sources. There are many kinds of existing methods for lading source-level vulnerabilities of softwares, but they are not suitable for finding source-level vulnerabilities of the Linux kernel which has an enormous amount of source code. In this paper, we propose the Onion mechanism as a methodology of finding source-level vulnerabilities of Linux kernel variables. The Onion mechanism is made up of two steps. The Int step is to select variables that may be vulnerable by using pattern matching mechanism and the second step is to inspect vulnerability of each selected variable by constructing and analyzing the system call trees. We also evaluate our proposed methodology by applying it to two well-known source-level vulnerabilities.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2003.11a
• /
• pp.119-125
• /
• 2003

Trusted operating systems (OS) provide the basic security mechanisms and services that allow a computer system to protect, distinguish, and separate classified data. This paper proposes a new concept of operating system security enhancement system which uses loadabel security kernel module (LSKM) or dynamic link library(DLL) and specific conditions for operational environment should be assumed.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.2 s.34
• /
• pp.105-112
• /
• 2005

As the development of information telecommunication technology and thus the information sharing and opening is accelerated, If system is exposed to various threatener and the avrious security incident is rasing its head with social problem. As countermeasure, to protect safely and prepare in the attack for a system from a be latent security threat, various security systems are been using such as IDS, Firewall, VPN etc.. But, expertise or expert is required to handle security system. The module, implemented in this paper, is based on Windows XP, like Linux and Unix, and has effect integrity and non-repudiation for a file.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.10
• /
• pp.1391-1396
• /
• 2021

The boundary-based security system has the advantage of high operational efficiency and easy management of security solutions, and is suitable for denying external security threats. However, since it is operated on the premise of a trusted user, it is not suitable to deny security threats that occur from within. A zero trust access control model was proposed to solve this problem of the boundary-based security system. In the zero trust access control model, the security requirements for real-time security event monitoring must be satisfied. In this study, we propose a monitoring method for the most basic file access among real-time monitoring functions. The proposed monitoring method operates at the kernel level and has the advantage of fundamentally preventing monitoring evasion due to the user's file bypass access. However, this study focuses on the monitoring method, so additional research to extend it to the access control function should be continued.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.675-682
• /
• 2003

Attackers collect vulnerabilities of a target computer system to intrude into it. And using several attack methods, they acquire root privilege. They steal and alter information in the computer system, or destroy the computer sysem. So far many intrusion detection systems and firewallshave been developed, but recently attackers go round these systems and intrude into a computer system . In this paper, we propose security kernel module to prevent attackers having acquired root privilege from doing illegal behaviors. It enhances administrator authentication with additional password, so prevents attackers from doing illegal behaviors such as modification of important files and installation of rootkits. It sends warning mail about sttacker's illegal behaviors to administrators by real time. So using information in the mail, they can estabilish new security policies.

• Asia-Pacific Journal of Business
• /
• v.11 no.3
• /
• pp.243-260
• /
• 2020

Purpose - This paper aims to investigate the properties of crude oil based derivative security (DLS) focusing on step-down type for comprehensive understanding of its risk. Design/methodology/approach - Kernel estimation is conducted to figure out statistical feature of the process of oil price. We simulate oil price paths based on kernel estimation results and derive probabilities of hitting the barrier and early redemption. Findings - The amount of issuance for crude oil based DLS is relatively low when base prices are below $40 while it is high when base prices are around $60 or $100, which is not consistent with kernel estimation results showing that oil futures prices tend to revert toward $46.14 and the mean-reverting speed is faster as oil price is lower. The analysis based on simulated oil price paths reveals that probability of early redemption is below 50% for DLS with high base prices and the ratio of the probability of early redemption to the probability of hitting barrier is remarkably low compared to the case for DLS with low base prices, as the chance of early redemption is deferred. Research implications or Originality - Empirical results imply that the level of the base price is a crucial factor of the risk for DLS, thus introducing a time-varying knock-in barrier, which is similar to adjust the base price, merits consideration to enhance protection for DLS investors.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.3
• /
• pp.311-321
• /
• 2003

A current firewall or IDS (intrusion detection system) of the network level suffers from many vulnerabilities in internal computing servers. For a secure Linux implementation using system call hooking, this paper defines two requirements such as the multi-level security function of TCSEC B1 and a prevention of hacking attacks. This paper evaluates the secure Linux implemented in terms of the mandatory access control, anti-hacking and performance overhead, and thus shows the security, stability and availability of the multi-level secure Linux. At the kernel level this system protects various hacking attacks such as using Setuid programs, inserting back-door and via-attacks. The performance degradation is an average 1.18% less than other secure OS product.

• Journal of Electrical Engineering and Technology
• /
• v.9 no.2
• /
• pp.461-470
• /
• 2014

This paper presents a probabilistic power flow (PPF) analysis method for distribution network incorporating the randomness and correlation of photovoltaic (PV) generation. Based on the multivariate kernel density estimation theory, the probabilistic model of PV generation is proposed without any assumption of theoretical parametric distribution, which can accurately capture not only the randomness but also the correlation of PV resources at adjacent locations. The PPF method is developed by combining the proposed PV model and Monte Carlo technique to evaluate the influence of the randomness and correlation of PV generation on the performance of distribution networks. The historical power output data of three neighboring PV generators in Oregon, USA, and 34-bus/69-bus radial distribution networks are used to demonstrate the correctness, effectiveness, and application of the proposed PV model and PPF method.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.307-319
• /
• 2017

SELinux is known as a secure operating system that is easily accessible to users due to the popularization of Linux, and is applied to various security operating system references deployed on systems such as embedded systems and servers. However, if SELinux is applied without considering the performance overhead of activating the SELinux kernel module, the performance of the entire system may be degraded. In this paper, we describe the factors directly affecting the performance inside the SELinux kernel and show that it is possible to improve performance by simply reorganizing the policy without changing the SELinux kernel. This can be used as a reference when security administrators or developers apply SELinux.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.77-91
• /
• 2019

Recent Linux operating systems having been increasingly used, ranging from automotive consoles, CCTV, IoT devices, and mobile devices to various versions of the kernel. Because these devices can be used as strong evidence in criminal investigations, there is a risk of destroying evidence through file deletion. Ext filesystem forensics has been studied in depth because it can recovery deleted files without depending on the kind of device. However, studies have been carried out without consideration of characteristics of file system which may vary depending on the kernel. This problem can lead to serious situations, such as those that can impair investigative ability and cause doubt of evidence ability, when an actual investigation attempts to analyze a different version of the kernel. Because investigations can be performed on various distribution and kernel versions of Linux file systems at the actual investigation site, analysis of the metadata changes that occur when files are deleted by Linux distribution and kernel versions is required. Therefore, in this paper, we analyze the difference of metadata according to the Linux kernel as a solution to this and recovery deleted file. After that, the investigating agency needs to consider the metadata change caused by the difference of Linux kernel version when performing Ext filesystem forensics.