• The KIPS Transactions:PartD
• /
• v.10D no.5
• /
• pp.773-780
• /
• 2003

SecuROS(Secure & Reliable Operating System) prevents and blocks possible system cracking by implementing additional security functions in FreeBSD 4.3 operating system (OS) kernel, including access control, user authentication, audit trail, encryption file system and trusted channel. This paper describes access control technique, which is one of core technologies of SecuROS, introduces the implementations of DAC, MAC and RBAC, all of which are corresponding access control policies, and show security and results of performance measurement on the basis of application of access control policies. Finally, security and performance between conventional OS environment and environment adopting access control policy is described.

• Korea Information Processing Society Review
• /
• v.10 no.2
• /
• pp.58-63
• /
• 2003

본 고에서는 1.25 인터넷 대란과 같은 버퍼오버플로우를 이용해 침투하는 인터넷 웜 및 DOS (Denial of Service) 공격을 Secure OS(보안운영체제), IDS(Intrusion Detection System : 침입탐지시스템), Scanner(취약성진단도구), Firewall(침입차단시스템)의 지능형 상호연동 스킴을 이용해, 근본적인 대응이 가능한 지능형 다단계 정보보호체계를 제시하였다. 본 고에서 제시한 정보보호대응책은 고도로 지능화하고 있는 인터넷 웜 및 DoS(Denial of Service 서비스거부) 공격을 미연에 예방하고, 실시간으로 대응할 수 있는 시스템이 될 것이다.

• KIISE Transactions on Computing Practices
• /
• v.23 no.8
• /
• pp.504-509
• /
• 2017

Preserving the integrity of the booting process is important. Recent rootkit attacks and subverting OS attacks prove that any post-OS security mechanism can be easily circumvented if the booting process is not properly controlled. Using an actual case as an example, the hacker of the Se-jong government office simply bypassed the user's password authentication by compromising the normal booting process. This paper analyzes existing pre-OS protection using secure boot and measured boot, and proposes another bootloader that overcomes the limitations. The proposed bootloader not only guarantees the integrity of all the pre-OS binaries, bootloaders, and kernel, it also makes explicit records of integrity in the booting process to the external TPM device, so that we can track modifications of BIOS configurations or unintended booting process modifications.

• Electronics and Telecommunications Trends
• /
• v.33 no.6
• /
• pp.129-138
• /
• 2018

As recent applications are requiring more CPUs for their performance, manycore systems have evolved. Since existing operating systems do not provide performance scalability in manycore systems, Azalea, a multi-kernel based system, has been developed for supporting performance scalability. Unikernel is a new operating system technology starting with the concept of a library OS. Applying unikernel to Azalea enables an improvement in performance. In this paper, we first analyze the current technology trends of unikernel, and then discuss the applications and effects of unikernel to Azalea. Azalea-unikernel was built in a single image consisting of libOS, runtime libraries, and an application, and executed with the desired number of cores and memory size in bare-metal. In particular, it supports source and binary compatibility such that existing linux binaries can be rebuilt and executed in Azalea-unikernel, and already built binaries can be run immediately without modification with a better performance. It not only achieves a performance enhancement, it is also a more secure OS for manycore systems.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1985-1988
• /
• 2003

As the Distributed Denial of Service attack technique is getting smarter, defense method have been developed by various means. Existing defense method baseds on detection technique is not effective to DDoS attack. Because it depend on rule set that is used to detect attack and DDoS attack pattern has become very similar to real traffic pattern. So the rule set is not efficient method to find DDoS attack. To solve this problem, DDoS defense mechanism based on QoS technique has been suggested. In this paper, we summarize existing DDoS defense mechanism and focus on method based on QoS, and introduce a new DDoS defense framework.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1787-1790
• /
• 2003

기존의 UNIX/LINUX 시스템에서는 setuid 가 걸린 프로그램의 취약점을 공격하여 슈퍼유저(root) 권한을 획득하는 공격이 일반적이다. 본 논문에서는 RBAC 기반 보안 OS 에서도 이와 유사한 권한전이 공격이 가능한지를 실험한다. 또한 논리적 접근통제가 강화된 보안 OS 서 권한 전이 공격에 대해 대응하는 기술에 대하여 고찰한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.961-964
• /
• 2001

인증시스템은 보안운영체제시스템을 구성하기 위한 중요한 서브시스템 중의 하나이다. 본 논문에서는 사용자가 시스템에 접근하기 위해서 가장 먼저 거치게 되는 인증 절차 수행에 있어서 허가된 사용자의 접근만을 허용하고, 인증요청 메시지의 진위 여부를 확인시켜주는 기능과 사용자가 입력하는 중요 정보가 다른 사용자에게 유출되지 않도록 보장하는 기능을 추가한 다 단계 사용자 인증방법을 소개한다. 본 논문에서는 역할기반의 접근제어 시스템을 커널 내부에 구성하고, 사용자인증에 비밀번호와 하드웨어 장치인 스마트카드를 사용함으로써 강화된 사용자 인증 시스템을 구현하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.781-792
• /
• 2015

This paper proposes a virtual and invisible private disk (VIPDISK) technology equipped with the secure storage devices. As a software based security technology, it can create hidden partitions on any data storage device which can not be identified by the windows OS, so the program running on it, does not have any evidence of the existence of the hidden storage space. Under inactive state, it maintains an unexposed secure partition which can only be activated with a matching combination of a unique digital key and a user password to open the decryption tool. In addition, VIPDISK can store data to secure storage device with real-time encryption, it is worry-free even in the case of lost or theft. Simulation results show that VIPDISK provides a much higher level of security compared to other existing schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.213-221
• /
• 2013

According to the rapid growth of the number of SNS(Social Networking Service) applications based on Android OS, the importance of its security is also raised. Especially, many applications using KaKaoTalk platform has been released in these days, and these are top ranked in the relative markets. However, security issues on SNS applications have not been resolved clearly. Therefore, it is crucial to provide means to cope with the security threats posed by code-segment modification in the development stage of Android OS based SNS applications. In this paper, we analyze the security threats by modifying SNS application code segments and suggest effective security techniques.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.168-169
• /
• 2019

Trusted Execution Environment(TEE), such as Intel SGX, AMD Secure Processor and ARM TrustZone, has recently been a rising issue. Trusted Execution Environment provides a secure and independent code execution, hardware-based, environment for untrusted OS. In this paper, we show that Trusted Execution Environment's research trends on its vulnerability and attack models. We classify the previous attack models, and summarize mitigations for each TEE environment.