Digital Library[ Search Result ]
Enhancing Container Security Using Machine Learning Based on Kernel Tracing Logs
Hyeonseok Shin, Minjung Jo, Hosang Yoo, Yongwon Lee, Jiyeon Lee, Byungchul Tak
http://doi.org/10.5626/JOK.2024.51.11.947
The use of container technology has been rapidly increasing as it gains attention in cloud environments. Containers are lighter and more advantageous for deployment than virtual machines because they do not require a separate operating system. However, containers can have security vulnerabilities due to their characteristic of sharing the same host kernel. In this paper, we designed and implemented a security system to address these vulnerabilities by using eBPF technology, kernel tracing logs, and an ensemble machine learning model. Our system can effectively detect attacks leveraging race conditions and the heap spray technique used in kernel memory vulnerabilities. Unlike traditional security policy-based approaches, it allows for rapid and dynamic responses without needing profile creation. For detecting attacks leveraging race conditions, the system achieved over 99% accuracy in Precision, Recall, and F1-Score, while it recorded over 97% accuracy across all metrics for heap spray detection.
A Software-based Secure Disaggregated Memory System on Commodity Servers
Yewon Yong, Taehoon Kim, Sungho Lee, Changdae Kim
http://doi.org/10.5626/JOK.2024.51.9.757
A disaggregated memory system is a technology that consolidates memory from multiple servers. While this technique provides large amounts of memory for applications, it also poses serious security threats due to sensitive data transmission between servers. Several studies have addressed this issue by relying on specialized hardware. However, the use of such hardware introduces not only additional costs but also challenges in adopting it on commercial servers because of compatibility issues. In this paper, we propose a software-based mechanism to ensure the security of disaggregated memory systems. Our approach aims to prevent security threats by performing encryption and integrity verification on data transmitted between servers within a disaggregated memory system. To minimize the performance overhead associated with software implementation, our approach overlaps data transmission and decryption, and encrypts only private data. In addition, we optimize the size of encryption metadata to reduce memory overhead. Through empirical evaluations, we demonstrate that our proposed software-based security mechanism incurs negligible additional performance overhead, particularly when the performance overhead from the disaggregated memory system is already minimal.
Quantitative Analysis of Sequence-based Container Security Enhancement using a System Call Sequence Extraction Framework
Somin Song, Youyang Kim, Byungchul Tak
http://doi.org/10.5626/JOK.2023.50.11.913
Container escape is one of the most critical threats in containerized applications that share a host kernel. Attackers exploit kernel vulnerabilities through a series of manipulated system calls to achieve privilege escalation, which can lead to container escape. Seccomp is a security mechanism widely used in containers. It strengthens the level of isolation by filtering out unnecessary system call invocations. However, the filtering mechanism of Seccomp that blocks individual system calls has a fundamental limitation in that it can be vulnerable to attacks that use system calls allowed by the policy. Therefore, this study presents a hybrid analysis framework that combines static and dynamic analyses to extract system call sequences from exploit codes. Using this framework, we compared the security strength of an existing individual system call-based filtering mechanism and proposed a system call sequence-based filtering mechanism in terms of the number of blockable exploit codes using system call profiles for the same exploit codes. As a result, the proposed system call sequence-based filtering mechanism was able to increase the defense coverage from 63% to 98% compared to the existing individual system call-based filtering mechanism.
Open-source-based 5G Access Network Security Vulnerability Automated Verification Framework
Jewon Jung, Jaemin Shin, Sugi Lee, Yusung Kim
http://doi.org/10.5626/JOK.2023.50.6.531
Recently, various open sources based on 5G standards have emerged, and are widely used in research to find 5G control plane security vulnerabilities. However, leveraging those open sources requires extensive knowledge of complex source code, wireless communication devices, and massive 5G security standards. Therefore, in this paper, we propose a framework for the automatic verification of security vulnerabilities in the 5G control plane. This framework builds a 5G network using commercial Software Defined Radio (SDR) equipment and open-source software and implements a Man-in-the-Middle (MitM) attacker to deploy a control plane attack test bed. It also implements control plane message decoding and correction modules to execute message spoofing attacks and automatically classifies security vulnerabilities in 5G networks. In addition, a GUI-based web user interface is implemented so that users can create MitM attack scenarios and check the verification results themselves.
Social Engineering based Security Requirements Recommendation Framework to Prevent an Advanced Persistent Threat
http://doi.org/10.5626/JOK.2018.45.10.1015
Advanced Persistent Threat (APT) is a major threat to Socio-Technical System, which constitutes our society. This threat is an attack process rather than a hacking technique, unlike traditional methods of cyberbullying, so it is difficult to detect or defend a wide range of targets for a long period of time using a wide range of exploits. In particular, traditional advanced threats involve technical approaches, such as firewalls, log checks, and packet analysis, in which the first stage of the intelligent, sustained threat analysis involves the ease with which human vulnerabilities are pursued during the early stages of the process. This paper proposes a framework that analyzes the vulnerable social perspective based on the various human factors to prevent advanced persistent threats by using three-layered approach and recommends a security requirement to complement them by using ontology-based approach.
A Defense Technique against ARP Spoofing Attacks using a Keystone Authentication Table in the OpenStack Cloud Environment
Hyo Sung Kang, Choong Seon Hong
http://doi.org/10.5626/JOK.2018.45.8.755
Recently cloud service has been introduced to enable many enterprises to achieve their purposes such as improving efficiency, reducing costs, and revolutionizing business processes. However spoofing or poison attacks on VM inside the cloud deteriorate the cloud system and those attacks can be a stumbling block for spreading cloud services. To solve such problems, much research has been done, but it all seems to be impractical and limited in terms of finding techniques for detecting attacks and applying to large scale of networks. In this paper, we propose a way to prevent loss of VM resources because of such attacks on the OpenStack environment by using a reliable ARP table in a cloud computing environment and showing that the proposed mechanism is an effective way to defend against the ARP spoofing attacks.
Design and Implementation of Security System for Providing Secure Boot and Firmware Update in Low-end IoT Device
Kiyeong Lee, Byoungseon Kim, Jinsung Cho
http://doi.org/10.5626/JOK.2018.45.4.321
Low-end IoT devices are problematic due to the many limitations involved in applying IoT devices to various existing security solutions. This is because most security solutions are targeted at high-performance PC environments. These limitations are causing steadily increasing technical security vulnerabilities and various security threats to IoT devices. In this paper, we propose a secure boot and firmware update system that can be applied in a constrained environment. At the secure boot, the proposed system verifies the integrity of the firmware of the device. The secure firmware update performs reliability verification of the subject attempting to update. Finally, we analyze the security performance of the proposed system by simulating various threats that may occur in low-end IoT devices.
Protocol Analysis and Evaluation of the Transport Layer to Improve Security in a Public Cloud Environment
Jin Sook Bong, Sang Jin Park, Yongtae Shin
http://doi.org/10.5626/JOK.2018.45.1.76
Governments and public agencies try to use the cloud to carry out their work and provide public services. However, a public cloud is vulnerable to security side because it has a structure to support services using public networks (i.e, the internet). Thus, this paper finds the general security vulnerabilities of a network and compares and analyzes the characteristics of transport protocols (UDP, TCP, SCTP, and MPTCP) on the basis of their security vulnerabilities. This paper uses a reliability and security factor for the comparative analysis, evaluates the security exposure, and chooses a suitable protocol considering the security of the transport protocols in the cloud circumstance.
Design of EEG Signal Security Scheme based on Privacy-Preserving BCI for a Cloud Environment
Kwon Cho, Donghyeok Lee, Namje Park
http://doi.org/10.5626/JOK.2018.45.1.45
With the advent of BCI technology in recent years, various BCI products have been released. BCI technology enables brain information to be transmitted directly to a computer, and it will bring a lot of convenience to life. However, there is a problem with information protection. In particular, EEG data can raise issues about personal privacy. Collecting and analyzing big data on EEG reports raises serious concerns about personal information exposure. In this paper, we propose a secure privacy-preserving BCI model in a big data environment. The proposed model could prevent personal identification and protect EEG data in the cloud environment.
Continuous-authentication Method based on the Risk Profile associated with Context-awareness to Lock Smart Devices
In order to block the access of the information in the smartphone of a user by other users, it is checked if the current user is the owner or not in the smartphone authentication process, whenever a user begins to use a smartphone. This makes smartphone users in front of frequent smartphone authentications, which leads significant inconvenience to them. Because of such inconvenience, users tend not to use the smartphone authentication anymore. Finally, their smartphones become very vulnerable against malicious access. This paper proposes a progressive authentication method on the android-platform in order to solve the problem described above. With the proposed method, smartphones can identify relevant risks based on users" past experiences and determine whether an authentication is needed. Because authentication occurs only when the identified risk level is high, it can achieve both a high-level of security in the high-level risk situation and user convenience in the low-level risk situation.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr