• Proceedings of the Korean Information Science Society Conference
• /
• 한국정보과학회 2003년도 봄 학술발표논문집 Vol.30 No.1 (A)
• /
• pp.245-247
• /
• 2003

Ad Hoc망은 이동 호스트들로만 구성된 네트워크로서, 토폴로지의 작은 변화나 중앙 집중화 된 모니터링과 관리면에서의 기술 부족으로 인해 많은 취약점을 가지고 있다. 반면에 유선 네트워크에서 개발된 많은 침입 탐지 기술은 새로운 환경에서는 적절치가 않다. 따라서, 본 논문에서는 무선 Ad Hoc 네트워크상에서 이동 에이전트를 호스트 모니터링과 네트워크 모니터링의 기능을 분류하여 네트워크 망 내에서 연결된 개수에 따라 노드의 역할을 분담하여 침입을 감내 할 수 있는 방안을 제안하고자 한다.

• Information and Communications Magazine
• /
• 제21권9호
• /
• pp.75-90
• /
• 2004

기존의 정보통신 보안 인프라 강화를 위하여 많은 개별 보안 시스템들이 활용된다. 침입차단, 침입탐지, 그리고 가상사설망 장비들을 설치하여 보안성을 향상 시켰는데, 이로 인하여 각 보안 시스템 간의 정책 충돌이 발생하기도 하여 보안상 효율성이 떨어지기도 하고, 여러 보안 시스템들을 관리하여야 하는 관리상의 복잡성과 비용상의 문제점이 존재한다. 이를 해결하기 위하여 침입탐지, 침입차단, 그리고 가상사설망 기능을 통합하여 제공하는 통합 보안 엔진 개념이 부각되었으며, 이러한 통합 보안 엔진 기능을 라우터에 탑재하여 정보통신 인프라의 보안성을 강화시킨다. 본 논문에서는 통합 보안 엔진을 라우터나 스위치 등과 같은 네트워크 노드에 탑재하여 안전한 네트워킹이 가능하도록 하는 보안 프레임웍을 소개한다. 또한, 침입탐지, 침입차단, 가상사설망 기능을 통합하여 제공하는 라우터용 통합 보안엔진의 구조를 소개하고, 이를 위해 구현된 핵심 기능을 기술한다. 이러한 통합 보안 엔진이 탑재된 보안 라우터와 기존의 보안 기능이 있는 상용 라우터와의 비교를 통하여 통합 보안 엔진이 탑재된 보안 라우터 시스템의 효율성을 설명한다.

• The KIPS Transactions:PartC
• /
• 제10C권6호
• /
• pp.799-808
• /
• 2003

Existing security solutions such as Firewell and IDS (Intrusion Detection System) have a trouble in getting accurate detection rate about new attack and can not block interior attack. That is, existing securuty solutions have various shortcomings. Shortcomings of these security solutions can be supplemented with mechanism which guarantees an availability of systems. The mechanism which guarantees the survivability of node is various, we approachintrusion telerance using real time response mechanism. The monitoring code monitors related resources of system for survivability of vulnerable systm continuously. When realted resources exceed threshold, monitoring and response code is deployed to run. These mechanism guarantees the availability of system. We propose control mathod about resource monitoring. The monitoring code operates with this method. The response code may be resident in active node for availability or execute a job when a request is occurred. We suggest the node survivability mechanism that integrates the intrusion tolerance mechanism that complements the problems of existing security solutions. The mechanism takes asvantage of the automated service distribution supported by Active Network infrastructure instead of passive solutions. The mechanism takes advantage of the automated service distribution supported by Active Network infrastructure instead of passive system reconfiguration and patch.

• Journal of KIISE:Computer Systems and Theory
• /
• 제30권12호
• /
• pp.714-723
• /
• 2003

In order to guarantee system survivability against attacks based on new methodology, we need a solution to recognize important resources for essential services and to adapt the urgent situation properly. In this paper, we present a dynamic resource reallocation scheme which is one of the core technologies for the implementation of intrusion tolerant systems. By means of resource reallocation within a node, this scheme enables the essential services to survive even after the occurrence of a system attack. If the settlement does not work within the node, resource reallocation among nodes takes places, thus the essential services are transferred to another prepared server node. Experimental result obtained on a testbed reveals the validity of the proposed scheme for resource reallocation. This scheme may work together with IDS(Intrusion Detection System) to produce effective responsive mechanism against attacks.

• The KIPS Transactions:PartA
• /
• 제10A권1호
• /
• pp.7-14
• /
• 2003

In order to cope with DoS (Denial of Service) attacks disturbing delivery of intended services by exhausting resources of computing nodes, we need a solution to recognize important resources for the essential services which have to be maintained under any circumstances and to adapt the system to the urgent situation and reconfigure itself properly. In this paper, we present a two-phase scheme to handle the problem. In the first phase, by means of dynamic resource reallocation within a computing node, we try to make the selected essential services survive even after the occurrence of an attack. For the second phase when it becomes impossible to continue the service in spite of the actions taken in the first phase, we apply server replication in order to continue the transparent provision of the essential services with the end users by utilizing redundant computing nodes previously arranged. Experimental result obtained on a testbed reveals the validity of the proposed scheme. A comparison with other proposed schemes has been conducted by analyzing the performance and the cost.