Digital Library[ Search Result ]
Enhancing Container Security Using Machine Learning Based on Kernel Tracing Logs
Hyeonseok Shin, Minjung Jo, Hosang Yoo, Yongwon Lee, Jiyeon Lee, Byungchul Tak
http://doi.org/10.5626/JOK.2024.51.11.947
The use of container technology has been rapidly increasing as it gains attention in cloud environments. Containers are lighter and more advantageous for deployment than virtual machines because they do not require a separate operating system. However, containers can have security vulnerabilities due to their characteristic of sharing the same host kernel. In this paper, we designed and implemented a security system to address these vulnerabilities by using eBPF technology, kernel tracing logs, and an ensemble machine learning model. Our system can effectively detect attacks leveraging race conditions and the heap spray technique used in kernel memory vulnerabilities. Unlike traditional security policy-based approaches, it allows for rapid and dynamic responses without needing profile creation. For detecting attacks leveraging race conditions, the system achieved over 99% accuracy in Precision, Recall, and F1-Score, while it recorded over 97% accuracy across all metrics for heap spray detection.
A Software-based Secure Disaggregated Memory System on Commodity Servers
Yewon Yong, Taehoon Kim, Sungho Lee, Changdae Kim
http://doi.org/10.5626/JOK.2024.51.9.757
A disaggregated memory system is a technology that consolidates memory from multiple servers. While this technique provides large amounts of memory for applications, it also poses serious security threats due to sensitive data transmission between servers. Several studies have addressed this issue by relying on specialized hardware. However, the use of such hardware introduces not only additional costs but also challenges in adopting it on commercial servers because of compatibility issues. In this paper, we propose a software-based mechanism to ensure the security of disaggregated memory systems. Our approach aims to prevent security threats by performing encryption and integrity verification on data transmitted between servers within a disaggregated memory system. To minimize the performance overhead associated with software implementation, our approach overlaps data transmission and decryption, and encrypts only private data. In addition, we optimize the size of encryption metadata to reduce memory overhead. Through empirical evaluations, we demonstrate that our proposed software-based security mechanism incurs negligible additional performance overhead, particularly when the performance overhead from the disaggregated memory system is already minimal.
Quantitative Analysis of Sequence-based Container Security Enhancement using a System Call Sequence Extraction Framework
Somin Song, Youyang Kim, Byungchul Tak
http://doi.org/10.5626/JOK.2023.50.11.913
Container escape is one of the most critical threats in containerized applications that share a host kernel. Attackers exploit kernel vulnerabilities through a series of manipulated system calls to achieve privilege escalation, which can lead to container escape. Seccomp is a security mechanism widely used in containers. It strengthens the level of isolation by filtering out unnecessary system call invocations. However, the filtering mechanism of Seccomp that blocks individual system calls has a fundamental limitation in that it can be vulnerable to attacks that use system calls allowed by the policy. Therefore, this study presents a hybrid analysis framework that combines static and dynamic analyses to extract system call sequences from exploit codes. Using this framework, we compared the security strength of an existing individual system call-based filtering mechanism and proposed a system call sequence-based filtering mechanism in terms of the number of blockable exploit codes using system call profiles for the same exploit codes. As a result, the proposed system call sequence-based filtering mechanism was able to increase the defense coverage from 63% to 98% compared to the existing individual system call-based filtering mechanism.
Open-source-based 5G Access Network Security Vulnerability Automated Verification Framework
Jewon Jung, Jaemin Shin, Sugi Lee, Yusung Kim
http://doi.org/10.5626/JOK.2023.50.6.531
Recently, various open sources based on 5G standards have emerged, and are widely used in research to find 5G control plane security vulnerabilities. However, leveraging those open sources requires extensive knowledge of complex source code, wireless communication devices, and massive 5G security standards. Therefore, in this paper, we propose a framework for the automatic verification of security vulnerabilities in the 5G control plane. This framework builds a 5G network using commercial Software Defined Radio (SDR) equipment and open-source software and implements a Man-in-the-Middle (MitM) attacker to deploy a control plane attack test bed. It also implements control plane message decoding and correction modules to execute message spoofing attacks and automatically classifies security vulnerabilities in 5G networks. In addition, a GUI-based web user interface is implemented so that users can create MitM attack scenarios and check the verification results themselves.
Vulnerability Analysis on Kernel Code and Memory Protection in Nested Kernel
http://doi.org/10.5626/JOK.2018.45.9.873
Nested Kernel is a secure kernel architecture, presented at the 2015 ACM ASPLOS conference, which aims at assuring the lifetime integrity of the kernel. With the conventional off-the-shelf HW-based protection facility, the Nested Kernel significantly improves the security of the system by introducing a new OS kernel architecture. However, our analysis reveals that the current Nested Kernel has some flaws in its implementation for handling direct mapping and the kernel code mapping region. In addition, its integrity can be broken because of the reported security vulnerability. Consequently, the Nested Kernel needs further study for it to be used safely as a security kernel.
A Defense Technique against ARP Spoofing Attacks using a Keystone Authentication Table in the OpenStack Cloud Environment
Hyo Sung Kang, Choong Seon Hong
http://doi.org/10.5626/JOK.2018.45.8.755
Recently cloud service has been introduced to enable many enterprises to achieve their purposes such as improving efficiency, reducing costs, and revolutionizing business processes. However spoofing or poison attacks on VM inside the cloud deteriorate the cloud system and those attacks can be a stumbling block for spreading cloud services. To solve such problems, much research has been done, but it all seems to be impractical and limited in terms of finding techniques for detecting attacks and applying to large scale of networks. In this paper, we propose a way to prevent loss of VM resources because of such attacks on the OpenStack environment by using a reliable ARP table in a cloud computing environment and showing that the proposed mechanism is an effective way to defend against the ARP spoofing attacks.
Design and Implementation of Security System for Providing Secure Boot and Firmware Update in Low-end IoT Device
Kiyeong Lee, Byoungseon Kim, Jinsung Cho
http://doi.org/10.5626/JOK.2018.45.4.321
Low-end IoT devices are problematic due to the many limitations involved in applying IoT devices to various existing security solutions. This is because most security solutions are targeted at high-performance PC environments. These limitations are causing steadily increasing technical security vulnerabilities and various security threats to IoT devices. In this paper, we propose a secure boot and firmware update system that can be applied in a constrained environment. At the secure boot, the proposed system verifies the integrity of the firmware of the device. The secure firmware update performs reliability verification of the subject attempting to update. Finally, we analyze the security performance of the proposed system by simulating various threats that may occur in low-end IoT devices.
Protocol Analysis and Evaluation of the Transport Layer to Improve Security in a Public Cloud Environment
Jin Sook Bong, Sang Jin Park, Yongtae Shin
http://doi.org/10.5626/JOK.2018.45.1.76
Governments and public agencies try to use the cloud to carry out their work and provide public services. However, a public cloud is vulnerable to security side because it has a structure to support services using public networks (i.e, the internet). Thus, this paper finds the general security vulnerabilities of a network and compares and analyzes the characteristics of transport protocols (UDP, TCP, SCTP, and MPTCP) on the basis of their security vulnerabilities. This paper uses a reliability and security factor for the comparative analysis, evaluates the security exposure, and chooses a suitable protocol considering the security of the transport protocols in the cloud circumstance.
Design of EEG Signal Security Scheme based on Privacy-Preserving BCI for a Cloud Environment
Kwon Cho, Donghyeok Lee, Namje Park
http://doi.org/10.5626/JOK.2018.45.1.45
With the advent of BCI technology in recent years, various BCI products have been released. BCI technology enables brain information to be transmitted directly to a computer, and it will bring a lot of convenience to life. However, there is a problem with information protection. In particular, EEG data can raise issues about personal privacy. Collecting and analyzing big data on EEG reports raises serious concerns about personal information exposure. In this paper, we propose a secure privacy-preserving BCI model in a big data environment. The proposed model could prevent personal identification and protect EEG data in the cloud environment.
Efficient Attribute Based Digital Signature that Minimizes Operations on Secure Hardware
Jungjoon Yoon, Jeonghyuk Lee, Jihye Kim, Hyunok Oh
An attribute based signature system is a cryptographic system where users produce signatures based on some predicate of attributes, using keys issued by one or more attribute authorities. If a private key is leaked during signature generation, the signature can be forged. Therefore, signing operation computations should be performed using secure hardware, which is called tamper resistant hardware in this paper. However, since tamper resistant hardware does not provide high performance, it cannot perform many operations requiring attribute based signatures in a short time frame. This paper proposes a new attribute based signature system using high performance general hardware and low performance tamper resistant hardware. The proposed signature scheme consists of two signature schemes within a existing attribute based signature scheme and a digital signature scheme. In the proposed scheme, although the attribute based signature is performed in insecure environments, the digital signature scheme using tamper resistant hardware guarantees the security of the signature scheme. The proposed scheme improves the performance by 11 times compared to the traditional attribute based signature scheme on a system using only tamper resistant hardware.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr