Browse > Article
http://dx.doi.org/10.33778/kcsa.2022.22.1.093

Study on Security Policy Distribute Methodology for Zero Trust Environment  

Sung-Hwa Han (동명대학교/정보보호학과)
Hoo-Ki Lee (건양대학교/사이버보안학과)
Publication Information
Convergence Security Journal / v.22, no.1, 2022 , pp. 93-98 More about this Journal
Abstract
Information service technology continues to develop, and information service continues to expand based on the IT convergence trend. The premeter-based security model chosen by many organizations can increase the effectiveness of security technologies. However, in the premeter-based security model, it is very difficult to deny security threats that occur from within. To solve this problem, a zero trust model has been proposed. The zero trust model requires authentication for user and terminal environments, device security environment verification, and real-time monitoring and control functions. The operating environment of the information service may vary. Information security management should be able to response effectively when security threats occur in various systems at the same time. In this study, we proposed a security policy distribution system in the object reference method that can effectively distribute security policies to many systems. It was confirmed that the object reference type security policy distribution system proposed in this study can support all of the operating environments of the system constituting the information service. Since the policy distribution performance was confirmed to be similar to that of other security systems, it was verified that it was sufficiently effective. However, since this study assumed that the security threat target was predefined, additional research is needed on the identification method of the breach target for each security threat.
Keywords
Zero Trust; Security Policy Distribute; Security Event Monitoring; Real-time Response; Object-based Policy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Kemp, M., "Barbarians inside the gates: addressing internal security threats", Network Security, vol.6, pp.11-13, 2005. 
2 Kindervag, J., and Balaoura, S., "No more chewy centers: Introducing the zero trust model of information security." Forrester Research, vol.3, 2010 
3 Kerman, A., Borchert, O., Rose, S., and Tan, A. "Implementing a zero trust architecture", National Institute of Standards and Technology, 2020. 
4 Saleem, Mubeen Begum and Venkata Sravya. "Issues with perimeter based network security and a better model to resolve them." European Journal of Molecular & Clinical Medicine, vol.7, no.9 pp.2437-2444, 2020. 
5 Rapuzzi Riccardo and Repetto Matteo, "Building situational awareness for network threats in fog/edge computing: Emerging paradigms beyond the security perimeter mode", Future Generation Computer Systems, vo.85, pp.235-249, 2018.    DOI
6 Ferretti, L., Magnanini, F., Andreolini, M., and Colajanni, M., "Survivable zero trust for cloud computing environments", Computers & Security, vol, 110, 2021. 
7 Rhee, K., Won, D., Jang, S. W., Chae, S., and Park, S., "Threat modeling of a mobile device management system for secure smart work", Electronic Commerce Research, vol.13, no.3, 243-256, 2013.    DOI
8 Gilman, E., and Barth, D., "Zero trust networks.", O'Reilly Media, Incorporated, 2017. 
9 Collier Zachary A. and Sarkis Joseph, "The zero trust supply chain: Managing supply chain risk in the absence of trust", International Journal of Production Research, vol.59, no.11, pp.3430-3445, 2021.    DOI
10 Aktas, Mehmet S. and Marlon Pierce, "High- performance hybrid information service architecture." Concurrency and Computation: Practice and Experience, vol.22, no.15, pp.2095-2123, 2010. 
11 Leviakangas, Pekka, Jyrki Haajanen and Anna-Maija Alaruikka. "Information service architecture for international multimodal logistic corridor." IEEE Transactions on Intelligent Transportation Systems, vol.8, no.4, pp.565-574, 2007.    DOI
12 Bodkin Ron, "Enterprise security aspects", AOSD'04 International Conference on Aspect-Oriented Software Development. 2004.