A Study for Task Detection Acquiring Abnormal Permission in Linux

ABSTRACT The Purpose of local system attacks is to acquire administrator’s(root) privilege shell through the execution of the malicious program or change the flow of the program. This acquiring shell through attack is still valid approach method and it is difficult to cope with improving each of vulnerability because the attacker can select various forms of attack. Linux allocate a set of credentials when login, in order to manage user permissions. Credentials were issued and managed by the kernel directly, and also the kernel ensures that any change cannot be occurred outside of kernel. But, user’s credentials that acquired root privilege through system attacks occurs a phenomenon that does not remain consistent. In this paper we propose a security module to detect a security threats that may cause to users and tasks by analysis user task execution and inconsistency credentials.Keywords:Credentials, Security Module, Privilege Escalation, IDPS 리눅스의 비정상 권한 획득 태스크의 탐지방법 연구 김 원 일 † ⋅유 상 현