The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지

A Study of Hierarchical Policy Model of Policy-based Integrated Security Management for managing Heterogeneous Security Systems

이종의 보안시스템 관리를 위한 정책 기반의 통합보안관리시스템의 계층적 정책모델에 관한 연구

  • 이동영 (성균관대학교 대학원 전기전자 및 컴퓨터공학부) ;
  • 김동수 (성균관대학교 대학원 전기전자및 컴퓨터공학부) ;
  • 정태명 (성균관대학교 전기전자 및 컴퓨터공학부)
  • Published : 2001.10.01
Download PDF
⟨ Previous Next ⟩

Abstract

With a remarkable growth and expansion of Internet, the security issues emerged from intrusions and attacks such as computer viruses, denial of services and hackings to destroy information have been considered as serious threats for Internet and the private networks. To protect networks from those attacks, many vendors have developed various security systems such as firewalls, intrusion detection systems, and access control systems. However, managing those systems individually requires too much work and high cost. Thus, in order to manage integrated security management and establish consistent security management for various security products, the policy model of PN-ISMS (Policy Based Integrated Security Management System) has become very important. In this paper, present the hierarchical policy model which explore the refinement of high-level/conceptual policies into a number of more specific policies to form a policy hierarchy. A formal method of policy description was used as the basis of the mode in order to achieve precision and generality. Z-Notation was chosen for this propose. The Z-Notation is mathematical notation for expressing and communicating the specifications of computer programs. Z uses conventional notations of logic and set theory organized into expressions called schemas.

정보통신과 컴퓨터기술의 발전으로 인하여 불법침입으로 인한 정보 파괴, 서비스거부공격 그리고 컴퓨터 바이러스 등에 의한 역기능이 날로 증가하고 있는 추세이다. 또한, 이러한 공격들로부터 네트워크를 보호하기 위해서 침입차단시스템(일명:방화벽), 침입탐지시스템, 접근제어시스템 등 많은 보안제품들이 개발 및 적용되고 있다. 그러나 이러한 보안 제품들에 대한 관리를 위해서는 많은 작업과 비용이 소요된다. 따라서, 이들 보안제품들에 대한 효율적인 관리와 일관된 보안 정책을 적용할 수 있는 정책 기반의 통합보안관리시스템의 정책모델이 필요하게 되었다. 본 논문에서는 정책계층의 개념을 기반으로 상위계층의 추상적이고 개념적인 정책을 보다 구체적인 형태의 정책으로 정제(refinement)하는 정책기반의 통합보안관리시스템의 계층적 정책모델을 제시하였다. 정책의 정형화된 표현을 위해서 Z-Notation을 적용하였으며, 이는 수학적 논리와 집합이론을 기반으로 스키마형태로 표현된다.

Keywords

References

  1. C. PfIeeger, 'Security in Computing Second Edition', Prentice Hall, 1997
  2. M. Stevens, 'Policy Framework,' Internet Draft, draft-oeft-policy-framework-00.txt, Sep. 1999
  3. B. Moore, et., 'Policy Core Information Model-Version 1 Specification,' Internet Draft, draft-policy-core-info-model-06.txt, IETF, May. 2000
  4. Susan Hinrichs, 'Policy-Based Management: Bridging the Gap,' Computer Security Applications Conference, 15th Annual, pp.209-218., 1999 https://doi.org/10.1109/CSAC.1999.816030
  5. Raju Rajan, Diesh Verma, Sanjay Kamat, Eyal Felstaine, Shai Herzog, 'A Policy Framework for Integrated and Differentiated Services in the Internet,' Journal of IEEE Network, Sep./Oct., 1999 https://doi.org/10.1109/65.793689
  6. Rene Wies, 'Using a Classification of Management Policies for Policy Specification and Policy Transformation,' Integrated Network Management IV, pp.44-56, 1995
  7. Rene Wies, 'Policy Definition and Classification : Aspects, Criteria, and Examples,' Proceeding of IFIP/IEEE International Workshop on Distributed Systems: Operations & Management, Toulouse, France, Oct. 1994
  8. Miriam J. Maullo and Seraphin B. Calo, 'Policy Management : An Architecture and Approach' Systems Management,' Proceedings of the IEEE First International Workshop on, pp.13-26, 1993 https://doi.org/10.1109/IWSM.1993.315293
  9. 이동영, 김동수, 방기홍, 김홍선, 정태명, 'SNMP를 이용한 웹 기반의 통합 보안관리 시스템', KNOM(Korea Network and Operations Management) Review논문지, Vol.2. pp.1167-1171, 1999
  10. 이동영, 김동수, 홍승선, 정태명, '웹 기반의 방화벽 통합보안관리 시스템 개발', 한국정보처리학회논문지, 제7권, 10호, pp.3171-3181, 2000
  11. D. Y. Lee, D. S. Kim, K. H. Pang, H. S. Kim, T. M. Chung, 'A Design of Scalable SNMP Agent for Managing Heterogeneous Security Systems,' NOMS(Network Operations and Management Symposium)2000, pp.293-294. April 2000 https://doi.org/10.1109/NOMS.2000.830468
  12. Jonathan D. Moffett and Morris S. Sloman, 'Policy Hierarchies for Distributed Systems Management,' IEEE Journal on Selected Areas in Communication, Vol.11, No.9, pp.1404-1414, 1993 https://doi.org/10.1109/49.257932
  13. James L. Peterson, 'Petri Net Theory and The Modeling of Systems,' Prentice-Hall, 1981
  14. Kurt Jensen, 'Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use,' Volume 1, Springer-Verlag, 1992
  15. Gary N. Stone, Bert Lundy, and Geoffrey G. Xie, U.S Department of Defence, 'Network Policy Languages : A Survey and a New Approach,' Journal of IEEE Network January/February 2001 https://doi.org/10.1109/65.898818
  16. Spivey, J. M., 'The Z Notation - A Reference Manual', Prentice-Hall, second edition, 1992
  17. Jim Woodcock, Jim Davies, 'Using Z: Specification, Refinement, and Proof', Published by Prentice-Hall, 1996
  18. ISO Panel JTC1/SC22/WG19(Rapporteur Group for Z), Final Committee Draft, CD 13568.2, 'Z Notation,' August 24, 1999