Browse > Article
http://dx.doi.org/10.7840/kics.2015.40.5.841

Study on APT Penetration Analysis and Plan of Reaction for Secure XaaS  

Lee, Sun Ho (Suwon University Department of Information Security)
Kim, DaeYoub (Suwon University Department of Information Security)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.40, no.5, 2015 , pp. 841-850 More about this Journal
Abstract
XaaS (Everything as a Service) provides re-usable, fine-grained software components like software, platform, infra across a network. Then users usually pay a fee to get access to the software components. It is a subset of cloud computing. Since XaaS is provided by centralized service providers, it can be a target of various security attacks. Specially, if XaaS becomes the target of APT (Advanced Persistent Threat) attack, many users utilizing XaaS as well as XaaS system can be exposed to serious danger. So various solutions against APT attack are proposed. However, they do not consider all aspects of security control, synthetically. In this paper, we propose overall security checkup considering technical aspect and policy aspect to securely operate XaaS.
Keywords
XaaS; APT; Compliance; Control Policy; Cloud Network;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 J.-H. Sim, J.-K. Jung, H.-J. Kim, I.-K. Kim, and T.-M. Chung, "Survey on the recent advanced persistent threat solutions," in Proc. KICS Conf., pp. 769-770, Nov. 2013.
2 T. Mustafa, "Malicious data leak prevention and purposeful evasion attacks: An approach to advanced persistent threat (APT) management," in SIECPC, pp. 27-30, Apr. 2013.
3 Y.-H. Kim and W. H. Park, "A study on cyber threat prediction based on intrusion detection event for APT attack detection," Multimedia Tools and Applications, vol. 71, no. 2, pp. 685-698, Jul. 2014.   DOI   ScienceOn
4 Russel Miller, "Advanced persistent threats: Defending from the inside out," CATechnologies, Jul. 2012.
5 S.-C. Goh, A study of APTs(advanced persistent threat) penetration detect for security operation data and big data, National Security Research Institute, vol. 2014, no. 022, Oct. 2014.
6 S.-H. Lee and M.-S. Han, Study of defense method through APT(Advanced Persistent Threat) penetration path analysis in Industrial Network-Focusing on Stuxnet Case-, Korean Association for Industrial Security, Dec. 2014.
7 K.-H. Kim and M.-J. Choi, "Linear SVM-based android malware detection and feature selection for performance improvement," J. KICS, vol. 39C, no. 8, pp. 738-745, 2014.   DOI
8 M. Kim, "Security analysis and enhancement of tsai et al.'s smart-card based authentication scheme," J. KICS, vol. 39B no. 1, pp. 29-37 2014.   DOI
9 J. Lee, J. Park, S. W. Jung, and S. Jung, "The authentication and key management method based on PUF for secure USB," J. KICS, vol. 38B no. 12, pp. 944-953, 2014.