• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.319-323
• /
• 2023

In intra-process isolation, file descriptors work as another attack vector from the memory corruption attacks. The attacker can read or write by corrupting file descriptors so they can escape the isolation. In this paper, we propose new lightweight capability-based access control system on file descriptor using ARM's hardware extension, PA(Pointer Authentication). Our system was implemented on Linux kernel module, only shows 5% overhead to control the access on the file descriptor.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.1201-1204
• /
• 2005

Whereas conveniences deriving from the development of information and telecommunication technology increase, information outflow and illegal data use are also rapidly on the rise. Consequently, many studies to prevent illegal information outflow are currently under way, and the use of Smart Card is in steep jump. Recently, Java Card is diffused fast as an alternative to complement the technical problems of the Smart Card. This paper designed and materialized the system for multi-users authentication and file access control by user through designing a Java Card applet that is used for information protection and in various application fields. For allowing a file access competence, each user's file access competence is processed via drawing up the access condition table in the applet. Therefore, illegal correction, exposure and destruction of information, which become the concerns when multi-users have an access, can be prevented. In addition, its application becomes possible in the system requiring multi-users certifications.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.7
• /
• pp.384-393
• /
• 2002

A Parallel file system is normally used to support excessive file requests from parallel applications in a cluster system, whereas prefetching is useful for improving the file system performance. This paper proposes a new prefetching method, Fips(dynamic File Prefetching Scheme based on file access patterms), that is particularly suitable for parallel scientific applications and multimedia web services in a parallel file system. The proposed prefetching method introduces a dynamic prefetching scheme to predict data blocks precisely in run-time although the file access patterns are irregular. In addition, it includes an algorithm to determine whether and when the prefetching is performed using the current available I/O bandwidth. Experimental results confirmed that the use of the proposed prefetching policy in a parallel file system produced a higher file system performance.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.10 no.3
• /
• pp.139-150
• /
• 2015

The major components of IoT(Internet of Things) environment are IoT devices rather than the conventional desktop computers. One of the intrinsic characteristics of IoT devices is diversity in view of data type and data access method. In addition, IoT devices usually deal with real-time data. In order to use such IoT data for internal business or cloud services, an IoT platform capable of easy domain management and consistent data access interface is required. This paper proposes a Linux FUSE-based virtual file system connecting IoT devices on POSIX file system view. It is possible to manage IoT domain with the native Linux utilities such as mkdir, mknod, ls and find in the file system. Also, the file system makes it possible to access or control IoT devices through POSIX interface such as open(), read(), write() or close() without any separate APIs or utilities. A test result shows that the management performance of the file system is lower than that of linux file system negligibly.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.1
• /
• pp.65-72
• /
• 2007

This paper aims to provide information to generate a statistical load model of an educational server by analyzing workload of an e-Learning sewer at Dankook University. The result of the analysis shows file size distribution, access frequency and transmission volume for each file type, access interval, changes in preference and clients access rate by networks. In particular, it had different results from previous studies about video file's size distribution and file distribution based on access frequency. This is because the characteristics of e-learning are influenced by using authoring tools for making into video file and by freeing the number of students who register for a course. The result in this paper can be used as a basic data for studies designed to improve e-learning system architecture and server performance.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 1996.10a
• /
• pp.275-278
• /
• 1996

We propose dynamic file allocation method in distributed database management system with changing access patterns. There are a lot of studies on file allocation problem in D-DBMS, and those studies deal with off-line analysis and optimization. Those works are well for systems with static database access patterns, but are inadequate for systems that have changing access patterns. In these systems, dynamic file allocation along with access pattern is more proper. In advance, Brunstrom et al. studied on this area, but they dealt a extremely simplified model. So, we make more practical models to simulate real system. In these models, many factors that were disregard in the advance study are considered. These models are composed with the non-replication system and the replication system. In addition to, we deal with CPU workload balancing in such system in order to improve performance of systems. Our methodology is very simple and realistic, therefore we think that it will give a lot of improvement in D-DBMS with changing access pattern.

• Journal of KIISE:Computer Systems and Theory
• /
• v.28 no.12
• /
• pp.674-684
• /
• 2001

This paper presents the SIC(Size-Interval-Count) prefetching scheme that can record the file access patterns of applications within a relatively small space of memory based on the repetitiveness of the file access patterns. Several knowledge-based prefetching methods were recently introduced, which includes high correctness in predicting future accesses of applications. They records the access patterns of applications and uses recorded access pattern information to predict which blocks will be requested next. Yet, these methods require to much memory space. Accordingly, the proposed method then uses the recorded file access patterns, referred to as "SIC access pattern information", to correctly predict the future accesses of the applications. The proposed prefetching method improved the response time by about 40% compared to the general file system and showed remarkable memory efficiency compared to the previously knowledge-based prefetching methods.

• The KIPS Transactions:PartA
• /
• v.15A no.1
• /
• pp.35-44
• /
• 2008

It is important to manage access control for secure ubiquitous applications. In this paper, we present an access-control system for executing policy file which includes access control rules. We implemented Context-aware Access Control Manager(CACM) based on Java Context-Awareness Framework(JCAF) which provides infrastructure and API for creating context-aware applications. CACM controls accesses to method call based on the access control rules in the policy file. We also implemented a support tool to help programmers modify incorrect access control rules using static analysis information, and a simulator for simulating ubiquitous applications. We describe simulation results for several ubiquitous applications.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.123-131
• /
• 2007

Recently, various threat and security incident are occurred for unspecified individuals, and this problem increases as the rapid of information sharing through Internet. The using of Information Security System such as IDS, Firewall, VPN etc. makes this problem minimal. However, professional knowledge or skill is needed in that case, normal user can't operate the Information Security System. This paper designs and implements File Access Control Module(FACM) to use easily for normal user against malicious threats and attacks. The FACM can exclude from malicious threats and attacks based on operation system rather than detection of threats and attacks. The FACM is working not only Windows System but also Linux System, and the FACM has effect on access control, integrity and non-repudiation for a file with an access control over files on the each OS that are used by multi-user.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.3
• /
• pp.21-28
• /
• 2016

File Time information has a significant meaning in digital forensic investigation. File time information in Linux Ext4 (Extended File System 4) environment is the Access Time, Modification Time, Inode Change Time, Deletion Time and Creation Time. File time is variously changed by user manipulations such as creation, copy and edit. And, the study of file time change is necessary for evidence analysis. This study analyzes the change in time information of files or folders resulting from user manipulations in Linux operating system and analyzes ways to determine real time of malware infection and whether the file was modulation.