Journal of KIISE:Computer Systems and Theory (한국정보과학회논문지:시스템및이론)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Resource Reallocation for the Protection of Essential Services

필수 서비스 보호를 위한 자원 재할당

  • Published : 2003.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

In order to guarantee system survivability against attacks based on new methodology, we need a solution to recognize important resources for essential services and to adapt the urgent situation properly. In this paper, we present a dynamic resource reallocation scheme which is one of the core technologies for the implementation of intrusion tolerant systems. By means of resource reallocation within a node, this scheme enables the essential services to survive even after the occurrence of a system attack. If the settlement does not work within the node, resource reallocation among nodes takes places, thus the essential services are transferred to another prepared server node. Experimental result obtained on a testbed reveals the validity of the proposed scheme for resource reallocation. This scheme may work together with IDS(Intrusion Detection System) to produce effective responsive mechanism against attacks.

새로운 방법의 시스템 공격에 대해서도 시스템의 생존성을 보장하기 위해서는 필수 서비스를 위한 중요 자원을 식별하고 위급 상황에 적절히 대응하는 방안이 필요하다. 본 논문에서는 침입 감내 시스템 구축을 위한 핵심 기술의 하나인 동적 자원 재할당 기법을 제시한다. 이 기법에서는 선택된 필수 서비스에 대해 해당 노드 내에서 자원을 재할당하여 침입이 발생한 후에도 필수 서비스를 보호하여 생존할 수 있도록 한다. 이러한 노드 내에서의 조치에도 불구하고 필수 서비스의 생존성이 확보되지 않으면 준비된 다른 서버 노드로 서비스 제공이 전환될 수 있도록 하는 노드간의 자원 재할당이 이루어지도록 한다. 테스트베드를 구축하여 실험을 실시한 결과 본 자원 재할당 기법의 타당성을 입증할 수 있었다. 향후 이 기법을 칩입 탐지 시스템과 접목시키면 매우 효과적인 공격 대응 방안이 될 것이다.

Keywords

References

  1. V. Stavridou, 'Intrusion Tolerant Software Architectures,' DARPA Information Survivability Conference & EXposition, 200l https://doi.org/10.1109/DISCEX.2001.932175
  2. DARPA의 Information survivability program(http://www.darpa.mil/ito)
  3. National Security Agency, Defence Advanced Research Projects Agency, Office of the Assistant Secretary of Defence, 'Securing the U.S Defence Information Infrastructures: A Proposed Approach,' 1998
  4. Marc Wilikens, et. al., 'An Agenda for a Dependability Initiative,' Jan. 1998
  5. Working Paper 'European Dependability Initiative: Inventory of EC Funded Projects in the area of Dependability,' Nov. 2000
  6. John C. Knight, Matthew C. Elder, Xing Du, 'Error Recovery in Critical Infrastructure Systems,' Computer Security, Dependability & Assurance: From Needs to Solutions, 1998 https://doi.org/10.1109/CSDA.1998.798357
  7. C. Meadows, 'Security and Dependability: Then and Now,' Computer Security, Dependability & Assurance: From Needs to Solutions, 1998 https://doi.org/10.1109/CSDA.1998.798363
  8. V. Stavridou and B. Dutertre, 'From Security to Safety and Back,' Computer Security, Dependability & Assurance: From Needs to Solutions, 1998 https://doi.org/10.1109/CSDA.1998.798365
  9. Brian Randell, 'Dependability - Unifying Concept,' Computer Security, Dependability & Assurance: From Needs to Solutions, 1998 https://doi.org/10.1109/CSDA.1998.798354
  10. Marc Wilikens, et. al., 'Defining the European Dependability Initiative,' May 1998
  11. Working Paper, 'The European Dependability Initiative,' Dec. 2000
  12. Amjad Umar, et. al., 'Intrusion Tolerant Mid-dleware,' DARPA Information Survivability Conference & EXposition, 2001 https://doi.org/10.1109/DISCEX.2001.932176