Sim Chul Jun, Kim Won Il, Kim Hyun Jung, Lee Chang Hoon

KIPS Transactions on Computer and Communication Systems, Vol. 6, No. 5, pp. 247-254, May. 2017
10.3745/KTCCS.2017.6.5.247,   PDF Download:
Keywords: System security, Elevation of Privilege Attack, Credentials
Abstract

In a Linux system, a user with malicious intent can acquire administrator privileges through attack types that execute shells, and can leak important user information and install backdoor program. In order to solve this problem, the existing method is to analyze the causes of the elevation of privilege, fix the problems, and then patch the system. Recently, a method of detecting an illegal elevated tasks in which information inconsistency occurs through user credentials in real time has been studied. However, since this credential method uses uid and gid, illegal elevated tasks having the root credentials may not be detected. In this paper, we propose a security module that stores shell commands and paths executed with regular privileges in a table and compares them with every file accesses (open, close, read, write) that are executed to solve the case which cannot detect illegal elevated tasks have same credential.

Statistics
Cite this article