The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

Adaptive Intrusion Tolerance Model and Application for Distributed Security System

분산보안시스템을 위한 적응형 침입감내 모델 및 응용

  • 김영수 (국민대학교 정보관리학과) ;
  • 최흥식 (국민대학교 비즈니스 IT학부)
  • Published : 2004.06.01
Download PDF
⟨ Previous Next ⟩

Abstract

While security traditionally has been an important issue in information systems, the problem of the greatest concern today is related to the availability of information and continuity of services. Since people and organizations now rely on distributed systems in accessing and processing critical services and mission, the availability of information and continuity of services are becoming more important. Therefore the importance of implementing systems that continue to function in the presence of security breaches cannot be overemphasized. One of the solutions to provide the availability and continuity of information system applications is introducing an intrusion tolerance system. Security mechanism and adaptation mechanism can ensure intrusion tolerance by protecting the application from accidental or malicious changes to the system and by adapting the application to the changing conditions. In this paper we propose an intrusion tolerance model that improves the developmental structure while assuring security level. We also design and implement an adaptive intrusion tolerance system to verify the efficiency of our model by integrating proper functions extracted from CORBA security modules.

오늘날 정보에 대한 보안성보다는 가용성과 서비스의 지속성이 중요한 관심사가 되고 있다. 이는 개인과 기업이 점차 분산 시스템에 의존해서 중요 서비스에 액세스하고 핵심적인 업무를 처리하기 때문이다. 따라서 보안상 취약점에 대한 공격이 발생하더라도 서비스를 지속적으로 제공할 수 있는 시스템의 능력이 요구된다. 이의 해결책으로 다양한 보안 메커니즘과 적응 메커니즘을 사용하는 적응형 침입감내기술이 제시될 수 있다. 본 논문은 분산 시스템의 개발 구조의 개선과 보안을 위한 적응형 침입감내모델을 제안하고 이의 검증을 위하여 코바의 보안 모델로부터 분리 통합되는 형태로 침입감내시스템을 구현하였다.

Keywords

References

  1. CORBA Security: An Interoduction to Safe Computing with Objects Blakley,B.;R.Blakely;Soley,R.M.
  2. Computer Security, Dependability & Assurance: From Needs to Solutions Dependability - Unifying Concept Randell,B
  3. Annals of Software Engineering v.3 Dealing with Nonfunctional Requirements in Large Software Systems Ebert,C. https://doi.org/10.1023/A:1018933820619
  4. Procedings of the 11th Canadian Information Technology Security Symposium(CITSS) Survivable Systems: An Emerging Discipline Ellison,R.J.(et. al.)
  5. Proc. of 2001 IEEE Wporkshop on Information Assuracne and Security United States Military Academy SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services Feiyi Wang,(et. al.)
  6. Proceedings of the 32nd Annual Hawaii International Conference on System Sciences(HICSS-32) Emergent Algorithms-A new Method for Enhancing Survivability in Unbounded Systems Fisher,D.A.;h.F.Lipson
  7. Proc. of the ICDSN 2002 Supplementary Volume Intrusion Tolerance through Forensics-based Attack Learning Just,J.(et.al)
  8. Client/Server Programming with JAVA and CORBA Orfali,R.;D.Harkey
  9. IEEE Software v.15 no.4 Restoring a legacy: lessons Learned Rugaber,S.;J.White https://doi.org/10.1109/52.687941
  10. In Proceedings of the 2nd DARPA Information Survivability Conference and Exposition Defense-enabled applications Webber(et. al)
  11. 한국통신학회논문지 v.29 no.2 보안 인터페이스의 통합을 위한 객체포장 모델 및 응용 김영수;최홍식
  12. 한국통신연구보고서 한국통신 홈페이지 KT 정보공개시스템 개발에 관한 연구 김영수