Browse > Article
http://dx.doi.org/10.7236/JIIBC.2021.21.2.15

Development of Software-Defined Perimeter-based Access Control System for Security of Cloud and IoT System  

Park, Seung-Kyu (Dept. of Electronic Engineering Namseoul Univ.)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.21, no.2, 2021 , pp. 15-26 More about this Journal
Abstract
Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.
Keywords
Software Defined Perimeter; Massively Data Signing Technique; Cloud; IoT; Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Musa Abubakar Muhammad, Aladdin Ayesh, Pooneh Bagheri Zadeh, "Developing an Intelligent Filtering Technique for Bring Your Own Device Network Access Control", The International Conference on Future Networks and Distributed System, No. 46, 2017. DOI : 10.1145/3102304.3105573.   DOI
2 Jung Yoon-soo, Han Gun-hee, "Effective access control techniques between different IoT devices in the cloud environment", Journal 9 of the Korean Convergence Society, Vol. 9, pp. 57-63, 2018. DOI : 10.15207/JKCS.2018.9.4.057   DOI
3 Kang Yong-hyuk, Kim Moon-jung, Han Moon -seok, "A study on the intrusion detection technique using software-defined networking techniques in wireless sensor networks", Journal 8 of the Korean Convergence Society, Vol. 8, pp. 51-57, 2017. DOI : 10.15207/JKCS.2017.8.8.051   DOI
4 Ashish Singh & Kakali Chatterjee, "Cloud security issues and challenges: A survey", Journal of Network and Computer Applications, Vol. 79, pp. 88-115, 2017. DOI : 10.1016/j.jnca.2016.11.027.   DOI
5 Seung Kyu Park, "Development of Prevention and Post-recovery System against the Ransomwares Attacks using the Technique of Massively Data Signing and Kernel Level Backup", Journal of the Institute of Electronics and Information Engineers, Vol. 57, No. 3, pp. 56-73, March 2020. DOI: https://doi.org/10.5573/ieie.2020.57.3.57   DOI
6 Miss. Shakeeba S & Khan, Miss. Sakshi S. Deshmukh., "Security in Cloud Computing Using Cryptographic Algorithms", Journal of Computer Science and Mobile Computing, Vol. 3, pp. 517-525, 2017. DOI: 10.15680/ijircce.2015.0301035   DOI
7 Cho Young-Ju, et al. "Operating principle and preventive measures of Ransomware", Proceedings of the Korea Contents Association Conference, pp. 91-92, May 12, 2017.
8 Mark Stamp, "Information Security Principles and Practice 2nd Edition", John Wiley & Sons, ch.11-13, 2011.
9 Dong Ryeol, Hwang, "A Study on the Response System of Ransomware(Master thesis)", The Graduate School of Hanseo University, pp. 34-38, August 2018.
10 Forrester, "Global Business Technographics ® Security Survey", 2015.
11 Eun-Sub Lee, Young-Kon Kim, "A Study on Effective Countermeasures against E-mail Propagation of Intelligent Malware," The Journal of The Institute of Internet, Broadcasting and Communication (JIIBC), Vol. 20, No. 3, pp. 189-194, 2020. DOI : 10.7236/JIIBC.2020.20.3.189   DOI
12 Yong-Sun Ko, Jae-Pyo Park, "A Study on the Ransomware Detection System Based on User Requirements Analysis for Data Restoration," Journal of the Korea Academia-Industrial cooperation Society (JKAIS), Vol. 20, No. 4, pp. 50-55, 2019. DOI : 10.5762/KAIS.2019.20.4.50   DOI
13 Sung-Min Kim, Hae-Sun Jung, Yong-Woo Lee, "Smart City Cyber Security Based on Information Security Industry ," The Journal of KIIT, Vol. 18, No. 4, pp. 129-136, 2020. DOI : 10.14801/jkiit.2020.18.4.129   DOI
14 Seung Kyu Park, et al. "Implementation of the Large-scale Data Signature System Using Hash Tree Replication Approach", Journal of the Institute of Electronics and Information Engineers, Vol. 55, pp. 43-50, May 2018. DOI : 10.5573/ieie.2018.55.5.43   DOI
15 Juanita Koilpillai, Nya Alison Murray, "Software Defined Perimeter(SDP) and Zero Trust", Cloud Security Alliance, pp. 1-24, 2020.
16 Information and Communication Strategy Committee, "Cloud Computing Execution (ACT) Strategy for Experiencing the 4th Industrial revolution", 2018.
17 CISCO, "Cisco Annual Internet Report (2018-2023) White Paper", 2020.