• Journal of the Korea Society of Computer and Information
• /
• v.20 no.5
• /
• pp.41-51
• /
• 2015

In order to hide their identities, intruders on the Internet often attack targets indirectly by staging their attacks through intermediate hosts known as stepping stones. In this paper, we propose a brute-force technique to detect the stepping stone behavior on a Linux server where some shell processes remotely logged into using interactive services are trying to connect other hosts using the same interactive services such as Telnet, Secure Shell, and rlogin. The proposed scheme can provide an absolute solution even for the encrypted connections using SSH because it traces the system calls of all processes concerned with the interactive service daemon and their child processes. We also implement the proposed technique on a CentOS 6.5 x86_64 environment by the ptrace system call and a simple shell script using strace utility. Finally the experimental results show that the proposed scheme works perfectly under test scenarios.

• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.93-101
• /
• 2016

As the Android smart phones become more popular, applications that handle users' personal data such as IDs or passwords and those that handle data directly related to companies' income such as in-game items are also increasing. Despite the need for such information to be protected, it can be modified by malicious users or leaked by attackers on the Android. The reason that this happens is because debugging functions of the Linux, base of the Android, are abused. If an application uses debugging functions, it can access the virtual memory of other applications. To prevent such abuse, access controls should be reinforced. However, these functions have been incorporated into Android O.S from its Linux base in unmodified form. In this paper, based on an analysis of both existing memory access functions and the Android environment, we proposes a function that verifies thread group ID and then protects against illegal use to reinforce access control. We conducted experiments to verify that the proposed method effectively reinforces access control. To do that, we made a simple application and modified data of the experimental application by using well-established memory editing applications. Under the existing Android environment, the memory editor applications could modify our application's data, but, after incorporating our changes on the same Android Operating System, it could not.