Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ÄÄÇ»ÅÍ ¹× Åë½Å½Ã½ºÅÛ
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
ÀÚ°ÝÁõ¸íÀ» ÀÌ¿ëÇÑ ½Ç½Ã°£ ±ÇÇÑ »ó½Â ŽÁö º¸¾È ¸ðµâ |
| ¿µ¹®Á¦¸ñ(English Title) |
A Method of Detecting Real-Time Elevation of Privilege Security Module Using User Credentials |
| ÀúÀÚ(Author) |
½ÉöÁØ
±è¿øÀÏ
±èÇöÁ¤
ÀÌâÈÆ
Sim Chul Jun
Kim Won Il
Kim Hyun Jung
Lee Chang Hoon
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 06 NO. 05 PP. 0247 ~ 0254 (2017. 05) |
Çѱ۳»¿ë
(Korean Abstract) |
¸®´ª½º ½Ã½ºÅÛ¿¡¼ ¾ÇÀÇÀûÀÎ ¸ñÀûÀ» °¡Áø »ç¿ëÀÚ´Â ½©À» ¼öÇàÇÏ´Â °ø°Ý À¯ÇüµéÀ» ÅëÇØ °ü¸®ÀÚ ±ÇÇÑÀ» ȹµæÇÏ¿© ¹éµµ¾î ¼³Ä¡ ¹× »ç¿ëÀÚµéÀÇ Áß¿äÇÑ Á¤º¸ µîÀ» À¯Ãâ ½Ãų ¼ö ÀÖ´Ù. ÀÌ·¯ÇÑ ¹®Á¦Á¡À» ÇØ°áÇϱâ À§ÇÑ ±âÁ¸ ¹æ¹ýÀº ±ÇÇÑ»ó½Â¿øÀÎÀ» ºÐ¼®ÇÏ¿© ¹®Á¦Á¡À» ¼öÁ¤ÇÑ ÈÄ¿¡ ÆÐÄ¡ÇÏ´Â ¹æ½ÄÀ» »ç¿ëÇÏ¿´´Ù. ÃÖ±Ù¿¡´Â »ç¿ëÀÚ ÀÚ°ÝÁõ¸íÀ» ÀÌ¿ëÇÏ¿© ½Ç½Ã°£À¸·Î »ç¿ëÀÚ ÀÚ°ÝÁõ¸í°ú ŽºÅ© ½ÇÇà½Ã ¹ß»ý½ÃÅ°´Â Ư¡À» ÅëÇØ Á¤º¸ÀÇ ºÒÀÏÄ¡°¡ ¹ß»ýÇϴ ŽºÅ©¸¦ ŽÁöÇÏ´Â ¹æ¹ýÀÌ ¿¬±¸µÇ°í ÀÖ´Ù. ±×·¯³ª ÀÌ·¯ÇÑ ÀÚ°ÝÁõ¸í ¹æ¹ýÀº ´Ü¼øÈ÷ uid, gid¸¦ ÀÌ¿ëÇϱ⠶§¹®¿¡ ÀÚ°ÝÁõ¸íÀÇ µ¿ÀÏÇÑ °ªÀ» °¡Áö´Â °ø°ÝÀ¯ÇüÀº ŽÁö¸¦ ¸øÇÏ´Â °æ¿ì°¡ ¹ß»ýÇÑ´Ù. º» ³í¹®¿¡¼´Â ÀÚ°ÝÁõ¸íÀ» ÀÌ¿ëÇÑ Å½Áö ¹æ¹ý¿¡¼ ŽÁö¸¦ ¸øÇÏ´Â °æ¿ì¸¦ ÇØ°áÇϱâ À§ÇØ ºñÁ¤»óÀûÀÎ ±ÇÇÑȹµæ Á¤º¸º¸´Ù ÀûÀº Á¤»óÀûÀÎ ±ÇÇÑ È¹µæ Á¤º¸(ÀÚ°ÝÁõ¸í) ¹× ±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖ´Â shell ¸í·É¾î¿Í pathµîÀ» Table¿¡ ÀúÀåÇÏ¿© °ü¸®ÇÏ°í ÆÄÀÏ(open, close, read, write)Á¢±Ù¸¶´Ù ½Ç½Ã°£À¸·Î Table¿¡ ÀÖ´Â Á¤»óÀûÀÎ ±ÇÇÑ Á¤º¸¿Í ºñ±³ÇÏ¿© ŽÁöÇÏ´Â º¸¾È ¸ðµâÀ» Á¦¾ÈÇÑ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
In a Linux system, a user with malicious intent can acquire administrator privileges through attack types that execute shells, and can leak important user information and install backdoor program. In order to solve this problem, the existing method is to analyze the causes of the elevation of privilege, fix the problems, and then patch the system. Recently, a method of detecting an illegal elevated tasks in which information inconsistency occurs through user credentials in real time has been studied. However, since this credential method uses uid and gid, illegal elevated tasks having the root credentials may not be detected. In this paper, we propose a security module that stores shell commands and paths executed with regular privileges in a table and compares them with every file accesses (open, close, read, write) that are executed to solve the case which cannot detect illegal elevated tasks have same credential.
|
| Å°¿öµå(Keyword) |
½Ã½ºÅÛ º¸¾È
±ÇÇÑ »ó½Â °ø°Ý
ÀÚ°Ý Áõ¸í
System Security
Elevation of Privilege Attack
Credentials
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
