정보처리학회논문지A (The KIPS Transactions:PartA)

한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

침입감내시스템의 생존성 모델

A Survivability Model of an Intrusion Tolerance System

  • 박범주 (삼성전자 첨단기술연구소) ;
  • 박기진 (아주대학교 산업정보시스템공학부) ;
  • 김성수 (아주대학교 정보통신전문대학운)
  • 발행 : 2005.10.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

컴퓨터 시스템의 내/외부에 침입(attacks), 고장(failures)이 발생되더라도 적절한 방법으로 중요한 임무에(mission-critical) 해당한 역할을 수행하는 능력의 척도로 정의되는 생존성(survivability)에 대한 관심이 커지고 있다. 특히, 침입에 의해 시스템 일부가 손상(partially compromised) 되더라도, 최소한의 필수 서비스를 지속적으로 제공할 수 있게 해주는 침입감내시스템(intrusion tolerance system)의 설계시에 생존성 분석은 신뢰성(reliability), 가용도(availability)등과 같은 컴퓨터 시스템의 정량적 신인도(dependability) 분석과 함께 중요한 요소기술 중의 하나이다. 본 논문에서는 침입감내시스템의 방어능력을 평가하기 위해 자율컴퓨팅(autonomic computing)의 핵심 기술인 자가치유(self-healing) 메커니즘의 두 가지 요소(결함모델 및 시스템반응)를 활용하여, 주서버와 보조서버로 구성된 침입감내시스템의 상태천이(state transition)를 표현하였다. 또한, 침입감내시스템의 생존성, 가용도 및 다운타임 비용(downtime cost)을 정량적으로 정의한 후 시뮬레이션 실험 및 취약성(vulnerability) 공격에 대한 사례 연구를 수행하였다. 이를 통해 시스템의 신인도 향상 측면에서 초기상태에서의 침입감내능력 향상이 가장 중요한 요소임을 검증할 수 있었다.

There have been large concerns about survivability defined as the capability of a system to perform a mission-critical role, in a timely manner, in the presence of attacks, failures. In particular, One of the most important core technologies required for the design of the ITS(Intrusion Tolerance System) that performs continuously minimal essential services even when the computer system is partially compromised because of intrusions is the survivability one of In included the dependability analysis of a reliability and availability etc. quantitative dependability analysis of the In. In this Paper, we applied self-healing mechanism utilizing two factors of self-healing mechanism (fault model and system response), the core technology of autonomic computing to secure the protection power of the ITS and consisted of a state transition diagram of the ITS composed of a primary server and a backup server. We also defined the survivability, availability, and downtime cost of the ITS, and then performed studies on simulation experiments and two cases of vulnerability attack. Simulation results show that intrusion tolerance capability at the initial state is more important than coping capability at the attack state in terms of the dependability enhancement.

키워드

참고문헌

  1. F. Wang, R. Uppalli, and C. Killian, 'Analysis of Techniques for Building Intrusion Tolerant Server Systems,' Pro- ceedings of Military Communications Conference, pp.729-734, Oct., 2003 https://doi.org/10.1109/MILCOM.2003.1290202
  2. A. Avizienis, J. Laprie, and B. Randell, 'Fundamental concepts of dependability,' 3rd Information Survivability Workshop, pp.7-12, Oct., 2000
  3. R. Ellison, et al., 'Survivable Network Systems: An Emerging Discipline,' Proceedings of the 11th Canadian Information Technology Security Sysposium, May, 1999
  4. V. Westmark, 'A Definition for Information System Survivability,' Proceedings of the 37th Annual Hawaii International Conferences on System Sciences, Vol.9, No.9, pp.90303a, Jan., 2004 https://doi.org/10.1109/HICSS.2004.1265710
  5. P. Koopman, 'Elements of the Self-Healing System Problem Space,' Workshop on Architecting Dependable Systems, pp.31-36, May, 2003
  6. D. Chess, C. Palmer, and S. White, 'Security in an Autonomic Computing Environment,' IBM Systems Journal, Vol.42, No.1, pp.107-118, 2003 https://doi.org/10.1147/sj.421.0107
  7. J. Reynolds, et al., 'On-line Intrusion Detection Attack Prevention Using Diversity Generate-and-Test, and Generali- zation,' Proceedings of the 36th Annual Hawaii International Conferences on System Sciences, pp.335-342, Jan., 2003 https://doi.org/10.1109/HICSS.2003.1174911
  8. K. Goseva-Popstojanova, et al., 'Characterizing Intrusion Tolerant Systems using a State Transition Model,' DARFA Information Survivability Conference and exhibition, Vol.2, pp.211-221, June, 2001 https://doi.org/10.1109/DISCEX.2001.932173
  9. F. Wang, et aI., 'SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services,' Proceedings of the Foundations of Intrusion Tolerant Systems, pp.359-367, 2003
  10. D. Wang, B. Madan, and K. Trivedi, 'Security Analysis of SITAR Intrusion Tolerance System,' Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems, pp.23-32, Oct., 2003 https://doi.org/10.1145/1036921.1036924
  11. C. Shelton, P. Koopman, and W. Nace, 'A Framework for Scalable Analysis and Design of System-Wide Graceful degradation in distributed Embedded Systems,' Eighth IEEE International Workshop on Object-oriented Real-time Dependable Systems, pp.156-163, Jan., 2003
  12. J. Knight, et al, 'The Willow Architecture: Comprehensive Survivability for Large-Scale Distributed Applications,' submitted to: The International Conference on Dependable Systems and Networks, June, 2002
  13. J. Knight, K. Strunk, and K. Sullivan, 'Towards a Rigorous Definition of Information System Survivability,' Pro- ceedings of the DARPA Information Conference and Exposition, pp.78-89, April, 2003
  14. Y. Liu and K. Trivedi, 'A general Framework for Network Survivability Quantification,' Proceedings of the 12th GI/ITG Conference on Measuring, Modelling and Evaluation of Computer and Communication Systems, pp.369-378, Sep., 2004
  15. C. Cowan and Immunix Inc., 'Survivability: Synergizing Security and Reliability,' Sep., 2003
  16. K. Trivedi, 'Probability and Statistics with Reliability Queueing and Computer Science Applications,' John Wiley & Sons, Inc., pp.472, 2002
  17. B. Madan, et al., 'Modeling and Quantification of Security Attributes of Software Systems,' International Conference on Dependable Systems and Networks, pp.505-514, June, 2002 https://doi.org/10.1109/DSN.2002.1028941