• Àüü
  • ÀüÀÚ/Àü±â
  • Åë½Å
  • ÄÄÇ»ÅÍ
·Î±×ÀΠȸ¿ø°¡ÀÔ About Us ÀÌ¿ë¾È³»
»çÀÌÆ®¸Ê
´Ý±â

»çÀÌÆ®¸Ê

Loading..

Please wait....

Çмú´ëȸ ÇÁ·Î½Ãµù

Ȩ Ȩ > ¿¬±¸¹®Çå > Çмú´ëȸ ÇÁ·Î½Ãµù > Çѱ¹Á¤º¸Åë½ÅÇÐȸ Çмú´ëȸ > 2017³â Ãß°èÇмú´ëȸ

2017³â Ãß°èÇмú´ëȸ

Current Result Document :

ÇѱÛÁ¦¸ñ(Korean Title) º¸¾È ÄÁÅ×ÀÌ³Ê °¡»óÈ­ ±â¹Ý Á¢±Ù Á¦¾î
¿µ¹®Á¦¸ñ(English Title) Access Control using Secured Container-based Virtualization
ÀúÀÚ(Author) Á¤µ¿È­   À̼º±Ô   ½Å¿µ»ó   ¹ÚÇöö   Dong-hwa Jeong   Sunggyu Lee   Youngsang Shin   Hyuncheol Park  
¿ø¹®¼ö·Ïó(Citation) VOL 21 NO. 02 PP. 0330 ~ 0334 (2017. 10)
Çѱ۳»¿ë
(Korean Abstract)		 Container ±â¹Ý °¡»óÈ­ ȯ°æ¿¡¼­´Â °¡»ó ½ÇÇà ȯ°æ µéÀÌ È£½ºÆ® OS¸¦ °øÀ¯ÇÔÀ¸·Î½á ±âÁ¸ °¡»óÈ­°¡ ¼ö¹ÝÇÏ´Â ¿À¹öÇìµå¸¦ °¨¼Ò½ÃÅ°°í, °¡»ó ½ÇÇà ȯ°æ °£ÀÇ isolationÀ» º¸ÀåÇÑ´Ù. ÀÌ·Î ÀÎÇØ ÃÖ±Ù embedded device¿Í °°Àº system ÀÚ¿øÀÌ Á¦ÇÑÀûÀΠȯ°æ¿¡¼­µµ ¼­·Î ´Ù¸¥ °¡»ó ½ÇÇà ȯ°æ ¶Ç´Â È£½ºÆ® ½ÇÇà ȯ°æÀÇ ÀÚ¿ø¿¡ ´ëÇÑ Á¢±ÙÀ» Â÷´ÜÇÒ ¼ö ÀÖ´Â sandboxingÀÇ ¸ñÀûÀ¸·Î È°¹ßÈ÷ ¿¬±¸ ¹× Àû¿ëµÇ°í ÀÖ´Ù. ÇÏÁö¸¸, °¡»ó ½ÇÇà ȯ°æµéÀÌ °øÀ¯Çϴ ȣ½ºÆ® OS ¹× È£½ºÆ® ½ÇÇà ȯ°æ¿¡ Á¸ÀçÇÏ´Â º¸¾È Ãë¾àÁ¡ÀÌ ÀÖÀ» °æ¿ì À̸¦ ¾Ç¿ëÇÑ °ø°ÝÀÚ°¡ °¡»ó ½ÇÇà ȯ°æÀ¸·ÎÀÇ Á¢±Ù ¹× Á¦¾î¸¦ ÇÒ ¼ö ÀÖ°Ô µÇ´Â º¸¾È À§ÇùÀÌ Á¸ÀçÇÏ¿© ÀÌÀÇ ¹æÁö¿¡ ´ëÇÑ Çʿ伺ÀÌ Áõ°¡ÇÏ¿´´Ù. º» ³í¹®¿¡¼­´Â °¡»ó ½ÇÇà ȯ°æ¿¡ ´ëÇÑ ÀÓÀÇ Á¢±Ù ¹× ºñÀΰ¡ ÇàÀ§¸¦ Â÷´ÜÇϱâ À§ÇØ °¡»ó ½ÇÇà ȯ°æ Á¢±Ù ±ÇÇÑ ¸ðµ¨À» Á¤ÀÇÇÏ°í À̸¦ Á¦¾îÇÏ´Â Container Á¢±Ù Á¦¾î ±â¹ýÀ» Á¦¾ÈÇÑ´Ù. ¶ÇÇÑ, °ø°ÝÀÚÀÇ Container Á¢±Ù Á¦¾î ±â´É ¹«·ÂÈ­ ¹æÁö¸¦ À§ÇØ Ä¿³Î µå¶óÀ̹ö ÀÎÁõ ±â¹ýÀ» Á¦¾ÈÇÑ´Ù. Á¦¾ÈµÈ ±â¹ýÀº Linux Ä¿³Î¿¡ ±¸Çö ¹× Å×½ºÆ®µÇ¾úÀ¸¸ç, °¡»ó ½ÇÇà ȯ°æ¿¡ ´ëÇÑ ÀÓÀÇ Á¢±Ù ¹× ºñÀΰ¡ ÇàÀ§ Â÷´Ü °á°ú¸¦ º¸ÀδÙ.
¿µ¹®³»¿ë
(English Abstract)		 Container-based virtualization reduces performance overhead compared with other virtualization technologies and guarantees an isolation of each virtual execution environment. So, it is being studied to block access to host resources or container resources for sandboxing in restricted system resource like embedded devices. However, because security threats which are caused by security vulnerabilities of the host OS or the security issues of the host environment exist, the needs of the technology to prevent an illegal accesses and unauthorized behaviors by malware has to be increased. In this paper, we define additional access permissions to access a virtual execution environment newly and control them in kernel space to protect attacks from illegal access and unauthorized behaviors by malware and suggest the Container Access Control to control them. Also, we suggest a way to block a loading of unauthenticated kernel driver to disable the Container Access Control running in host OS by malware. We implement and verify proposed technologies on Linux Kernel.
Å°¿öµå(Keyword) º¸¾È   °¡»óÈ­   ÄÁÅ×À̳ʠ  Á¢±Ù Á¦¾î   namespace  
ÆÄÀÏ÷ºÎ PDF ´Ù¿î·Îµå

¸ñ·Ï