Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2004.11C.4.471

A Design of SERDL(Security Evaluation Rule Description Language) and Rule Execution Engine for Evaluating Security of IPv6 Network  

Kwon, Hyeok-Chan (한국전자통신연구원 정보보호연구단)
Kim, Sang-Choon (삼척대학교 정보통신공학과)
Publication Information
The KIPS Transactions:PartC / v.11C, no.4, 2004 , pp. 471-484 More about this Journal
Abstract
Recently. many projects have been actively implementing IPsec on the various Operating Systems for security of IPv6 network. But there is no existing tool that checks the IPsec-based systems, which provide IPsec services, work Properly and provide their network security services well In the IPv6 network. In this paper, we design SERDL(Security Evaluation Rule Description Language) and rule execution tool for evaluating security of the IPv6 network, and we provide implementation details. The system Is divided into following parts : User Interface part, Rule Execution Module part, DBMS part and agent that gathering information needed for security test.
Keywords
IPv6 network; Security Evaluation Rule Description Language; Rule Execution Engine; IPsec;
Citations & Related Records
연도 인용수 순위
  • Reference
1 N. Doraswamy and D. Harkins, IPsec : The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Prentice Hall, 1999
2 정보통신부, http://www.mic.go.kr/
3 권혁찬, 나재훈, 손승원, 'IPv5 Security 동향,' 주간기술동향, 1094호, 한국전자통신연구원, Sept., 2002
4 H. C. Kwon, S. C. Kim, J. H. Nah, T. Y. Nam, S. W. Sohn, An Automatic Security Test Engine for IPv6 Network, Proc. of the International Workshop on Cryptology and Network Security(CNS'2003), pp.685-690, Miami, Florida, USA, Sept., 2003
5 ISS, ISS Internet Scanner, http://www.iss.net/
6 S. Deering, R. Hinden, Internet Protocol, Version 6(IPv6) Specification, RFC2460, Dec., 1998
7 S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, RFC2401, Nov., 1998
8 S. Kent and R. Atkinson, IP Authentication Header, RFC 2402, Nov., 1998
9 S. Kent and R. Atkinson, IP Encapsulating Security Payload, RFC2406, Nov., 1998
10 D. Harkins, D. Correl, Internet Key Exchange, RFC2409, Nov., 1998
11 Cisco Scanner, http://www.cisco.com/univercd/cc/td/doc/pcat/nssq.htm
12 LANguard Network&Port scanner, http://www.gfi.com/languard/lanscan.htm
13 A. Rubini, Linux Device Drivers, 1998, O'Reilly
14 S. Garfinkel and G. Spafford, Practical UNIX and Internet Security, 2nd edition, O'Reilly, 1996
15 M. Y. Lee, Internet Security Cryptographic principles, algorithms and protocols, WILEY, 2003
16 J. H. Jeong, J. H. Nah, S. W. Sohn and J. T. Lee, 'C-ISCAP:Controlled-Internet Secure Connectivity Assurance Platform,' Proc. of the IEEE ICEIS2001, Vol.2, pp.920-925
17 J. S. Lee, S. C. Kim and S. W. Sohn, A Design of the Security Evaluation System for Decision Support in the Enterprise Network Security Management, pp.246-260, LNCS 2015, Dec., 2000