• Journal of the Korea Computer Industry Society
• /
• v.3 no.3
• /
• pp.351-362
• /
• 2002

Today, management object using SNMP is not only covered network but also more privacy object like personal or billing data. To enforce security management, view-based access control model is introduced in SNMPv3. However, they are not designed to enforce more privacy object such as purpose and increase complexity of user management. Task-based access control can provide enhanced security service using purpose binding and leverage the complexity of user management using purpose of task.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.63-72
• /
• 2008

Recent heterogeneous network management researches on information security, however, deal only with simple management using PKI and could not sufficiently address the different kinds of security problems that could arise in a heterogeneous network. Thus, various security requirements should first be satisfied and a security management protocol should first be developed to achieve a secure heterogeneous network. Hence, in this paper, various secure and effective heterogeneous network management that address security issues, which were merely a consideration in existing studies, are proposed. The proposed scheme for the protection of the user privacy is the central object and static middle objects of the process used to mutual authentication, also if communication between users is required 1-out-2 oblivious transfer to communicate by using secret communication, as well as the effectiveness and security conscious approach. Specially The proposed scheme is designed to enhance security and efficiency related to various services required in heterogeneous network, based on the reliable peripheral devices for TTP. Using Mobile device, which has been applied to electronic commerce transactions in existing schemes, this study also proposed an appropriate management scheme that is suitable for a dynamic environment and setting a temporary group to provide various services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.4
• /
• pp.45-54
• /
• 2001

It is necessary to control security management consistently and respond to an intrusion automatically in order to use the network securely in the single administrative domain. This paper presents a Shadowing Mechanism supporting a dynamic extension of security scheme and proposes an ARTEMIS(Advanced Realtime Emergency Management and Intruder Identification System), which is designed and implemented based on the suggested technique. It is possible for security management system developed on the basis of the Shadowing Mechanism to make all network components working under the same security scheme. It enhances the accuracy of intrusion tracing and automatic response through dynamic extension of space and time for security management.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1293-1296
• /
• 2002

악의 있는 사용자로부터 네트워크와 시스템을 보호하기 위하여 침입 탐지 시스템이나 방화벽같은 보안 시스템들이 제안되었다. 현재 보안 영역은 사용자 망에서 ISP 망으로 확대되고 있으며, 그에 비례하여 보안 시스템의 관리가 상대적으로 중요해졌다. 또한 보안 시스템에 적용하는 정책도 단순 정적 설정에서 현재의 보안 상황을 반영하여 정책을 재 수립하는 동적 설정으로 바뀌고 있기 때문에, 이를 위하여 관리자에게 망 상태를 주기적으로 보고하는 일도 또한 매우 의미 있는 일이 되었다. 본 논문에서는 SNMP(Simple Network Management Protocol) 프로토콜을 이용하여 보안 시스템의 설치 및 운용을 용이하게 할 수 있는 망 토폴러지 맵 생성기를 설계한다. 제안하는 망 토폴러지 맵 생성기는 탐색할 네트워크 도메인이 주어지면 자동적으로 네트워크 시스템과 보안 시스템을 발견하여 망 토폴러지를 생성하며 또한 망 상태를 주기적으로 수집하는 기능도 제공한다.

• Journal of Convergence for Information Technology
• /
• v.11 no.10
• /
• pp.144-150
• /
• 2021

The purpose of this paper is to review the direction of the slicing security policy, which is a major consideration in the context of standardization in 5G communication network security, to derive security vulnerability diagnosis items, and to present about analyzing and presenting the issues of discussion for 5G communication network virtualization. As for the research method, the direction of virtualization security policy of 5G communication network of ENISA (European Union Agency for Cybersecurity), a European core security research institute, and research contents such as virtualization security policy and vulnerability analysis of 5G communication network from related journals were used for analysis. In the research result of this paper, the security structure in virtualization security of 5G communication network is arranged, and security threats and risk management factors are derived. In addition, vulnerability diagnosis items were derived for each security service in the risk management area. The contribution of this study is to summarize the security threat items in 5G communication network virtualization security that is still being discussed, to be able to gain insights of the direction of European 5G communication network cybersecurity, and to derive vulnerabilities diagnosis items to be considered for virtualization security of 5G communication network. In addition, the results of this study can be used as basic data to develop vulnerability diagnosis items for virtualization security of domestic 5G communication networks. In the future, it is necessary to study the detailed diagnosis process for the vulnerability diagnosis items of 5G communication network virtualization security.

• Journal of the Korea Society of Computer and Information
• /
• v.7 no.3
• /
• pp.74-79
• /
• 2002

In this paper, we designed the Policy-based ESM(Enterprise Security Management) for network security in Internet. First, we consider the existed network management and present ESM. And then analyze existent systems and drew consideration items at system design. This paper applied to PBNM technology in order to improve security network management.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.2
• /
• pp.81-87
• /
• 2004

Very various intrusion by development of systems that is based on network is spread. To detect and respond this intrusion, security solutions such as firewall or IDS are bringing and management of security system that load these becomes more harder. Moreover, because environment of systems that require security is various, hard to manage establishing suitable security policy Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.340-342
• /
• 2004

본 논문에서는 네트워크와 라우터, 방화벽 등 유무선 네트워크를 구성하는 하부노드들의 보안관리를 위한 에이전트을 설계하였다. 또한 제시하는 에이전트는 에이전트 상위에서 정책 언어를 이용하여 다양한 하부 노드로 구성되는 네트워크에 대하여 동적인 관리에 대안 확장성을 지원하며, 해당 하부 노드를 관리하는 에이전트를 구성하여 정책 적용에 있어 효율을 증가시키고, P2P 기술을 적용하여 하부 노드에 문제 발생시 인접한 하부 노드들의 에이전트들 간에 문제를 해결하고 미연에 방지할 수 있도록 한다.

• Review of KIISC
• /
• v.24 no.1
• /
• pp.53-58
• /
• 2014

과거의 제어 시스템은 외부 네트워크와 연결되지 않아 그 자체로 보안성을 보장 받을 수 있었다. 그러나 제어시스템의 디바이스들이 다양해지고 효율적인 제어를 필요로 하여 현재의 제어시스템은 기존 네트워크에 접속되어 효율적으로 관리되고 있다. 따라서 제어시스템 관리 효율은 증대 되었으나, 기존 네트워크가 가진 사이버 공격에 노출되어 보안적인 요소가 필요해 졌다. 본 논문은 많은 제어 시스템의 프로토콜 중 컨트롤 센터와 변전소간의 통신에 사용되는 DNP(Distributed Network Protocol)3 프로토콜을 중점으로 다루며 어떠한 취약점에 노출이 되어 있는지, 어떠한 보안 요소의 연구가 행해지고 있는지에 대해 다룬다.

• Convergence Security Journal
• /
• v.2 no.1
• /
• pp.17-33
• /
• 2002

The major goal of this study is to develop an index that can evaluate the quality of the appropriate network in a series of projections that analyze, design, and then build a network. The existing software engineering and/or the methods of developing a system are limited. The process of defining the requirements in building a network, designing the system, and building the network focuses on arranging the methods of building a network. Based upon this, we tried to develop a necessary index to evaluate the security of a network.