1. Field of the Invention
The present invention relates to security of an embedded system, and more particularly, to an apparatus and method for enhancing security and safety of an embedded system by monitoring and blocking unauthorized execution of a shell command in the embedded system.
2. Discussion of Related Art
A Linux shell is called a shell because it surrounds an operating system (OS) like a shell, and provides an interactive environment for communication between the OS and users. Typical shell processing consists of a program in which users type commands, such as through a command interpreter, and the commands are translated to forms that a kernel can recognize and executed as processes of the kernel, and then their results are returned to the users. As a shell is a program, when users log in to Linux or connect to terminals, the shell is loaded into the memory and then executed. A state in which typing of the command from the terminal is awaited is called ‘shell prompt,’ and the Linux command is called a ‘shell command.’ There are various shells such as sh, bash, csh, fish, and so on. Linux shell commands are categorized into two classes: built-in shell commands and external shell commands. The shell identifies input commands by searching in the order of the built-in shell commands and the external shell commands. The external shell commands can be shown by typing ‘$PATH’ in the shell prompt. An environment variable PATH of an administrator account (root) is to set a different value from that of user accounts for system security, and thus commands which can be used by user accounts are limited.
However, when the shell of an administrator account (root) is hacked by hackers, all shell commands can be executed, and thus there is concern of secondary damage occurring after the first hacking. For example, when the hard disk is removed and system logs are deleted through the hacked shell of the administrator account, it is difficult to execute functions of the embedded system or to know whether the system has been invaded.
Meanwhile, in an embedded system executing limited functions with special purposes, despite a limited number of processes that can be executed, unnecessary commands and/or processes remain when the embedded system is released as a product, and thus damage by invasion as described above can be caused. For example, though the commands, such as, remove directory (rmdir), format disk (fdisk), etc. need not be executed in the system released as the product with special purposes, because these commands are in the system, if the administrator account shell is hacked, there is concern of these commands being executed.
Hacking of embedded systems used in motor vehicles, airplanes, etc. causes serious risks, and due to recent additions of various smart functions, the necessity of embedded systems which are safe from hacking threats has increased. For example, when a smart gateway device that simultaneously processes functions of an engine control unit (ECU) and a navigation system is installed in a car and a hacker attempts to control the ECU after hacking a navigation OS, in addition to primary casualties, secondary and tertiary damage can occur.
However, the access control of commands provided by the current shell cannot guarantee the safety of the embedded system due to the problems described above.