• Title/Summary/Keyword: 보안 강화 엔진

Search Result 12, Processing Time 0.024 seconds

Design of Security Enforcement Engine for Active Nodes (능동 노드를 위한 보안강화엔진 설계)

  • 김옥경;임지영;김여진;나가진;나현정;채기준;나중찬;김영수
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2003.04a
    • /
    • pp.362-364
    • /
    • 2003
  • 본 논문은 액티브 네트워크 환경에서 액티브 노드를 위한 보안강화엔진의 구조와 기능을 설계하였다. 액티브 노드의 자원에 접근 시 발생되는 보안상의 문제점들을 해결하기 위한 보안강화엔진 구조를 제안하고 보안강화엔진 내에 Security, Authentication, Authorization 모듈을 두어 액티브 네트워크 환경에 노출되어있는 악의적인 위협 요소들로부터 액티브 노드들을 보호하고자 하였다. 본 논문에서는 보안강화엔진에서 Security, Authentication, Authorization 모듈의 설계 내용에 대해 기술한다.

  • PDF

정보통신 시스템 인프라를 위한 침입 방지용 통합 보안 기술

  • Kim, Jeong-Nyeo;Jang, Jong-Su;Son, Seung-Won
    • Information and Communications Magazine
    • /
    • v.21 no.9
    • /
    • pp.75-90
    • /
    • 2004
  • 기존의 정보통신 보안 인프라 강화를 위하여 많은 개별 보안 시스템들이 활용된다. 침입차단, 침입탐지, 그리고 가상사설망 장비들을 설치하여 보안성을 향상 시켰는데, 이로 인하여 각 보안 시스템 간의 정책 충돌이 발생하기도 하여 보안상 효율성이 떨어지기도 하고, 여러 보안 시스템들을 관리하여야 하는 관리상의 복잡성과 비용상의 문제점이 존재한다. 이를 해결하기 위하여 침입탐지, 침입차단, 그리고 가상사설망 기능을 통합하여 제공하는 통합 보안 엔진 개념이 부각되었으며, 이러한 통합 보안 엔진 기능을 라우터에 탑재하여 정보통신 인프라의 보안성을 강화시킨다. 본 논문에서는 통합 보안 엔진을 라우터나 스위치 등과 같은 네트워크 노드에 탑재하여 안전한 네트워킹이 가능하도록 하는 보안 프레임웍을 소개한다. 또한, 침입탐지, 침입차단, 가상사설망 기능을 통합하여 제공하는 라우터용 통합 보안엔진의 구조를 소개하고, 이를 위해 구현된 핵심 기능을 기술한다. 이러한 통합 보안 엔진이 탑재된 보안 라우터와 기존의 보안 기능이 있는 상용 라우터와의 비교를 통하여 통합 보안 엔진이 탑재된 보안 라우터 시스템의 효율성을 설명한다.

Implementation of Security Enforcement Engine Using COM Programming (컴포넌트 개발방법을 이용한 보안 강화 엔진 구현)

  • 김은아;김미희;채기준
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2004.04a
    • /
    • pp.331-333
    • /
    • 2004
  • 네트워크 보안의 요구 사항을 만족시키기 위한 필수적인 보안 서비스에는 인증과 권한부여가 있다. 이러한 서비스를 제공하는 보안 강화 엔진을 구현함에 있어 컴포넌트 개발방법을 이용하면 구축비용 및 시간을 절감할 수 있고 바이너리 단위로의 재사용이 가능하며 유지 보수의 용이성 및 확장성이 뛰어나다는 장점을 갖는다. 이에 본 논문에서는 컴포넌트 모델 중 마이크로소프트사의 COM(Component Object Model)을 기반으로 보안 강화 엔진을 구현하였다.

  • PDF

Implementation of Security Enforcement Engine for Active Nodes in Active Networks (액티브 네트워크 상에서 액티브 노드의 보안 강화를 위한 보안 엔진 구현)

  • Kim, Ok-Kyeung;Lim, Ji-Young;Na, Hyun-Jung;Na, Ga-Jin;Kim, Yeo-Jin;Chae, Ki-Joon;Kim, Dong-Young
    • The KIPS Transactions:PartC
    • /
    • v.10C no.4
    • /
    • pp.413-422
    • /
    • 2003
  • An active network is a new generation network based on a software-intensive network architecture in which applications are able to inject new strategies or code into the infrastructure for their immediate needs. Therefore, the secure active node architecture is needed to give the capability defending an active node against threats that may be more dynamic and powerful than those in traditional networks. In this paper, a security enforcement engine is proposed to secure active networks. We implemented an operating engine with security, authentication and a authorization modules. Using this engine, it is possible that active networks are protected from threats of the malicious active node.

A Convergence Study on the Effects of NH3/NOx Ratio and Catalyst Type on the NOx Reduction by Urea-SCR System of Diesel Engine (디젤엔진의 Urea-SCR 시스템에 의한 NH3/NOx 비율 및 촉매 방식이 NOx 저감에 미치는 영향에 관한 융합연구)

  • Yoon, Heung-Soo;Ryu, Yeon-Seung
    • Journal of the Korea Convergence Society
    • /
    • v.10 no.4
    • /
    • pp.131-138
    • /
    • 2019
  • Diesel engines have important advantages over its gasoline counterpart including high thermal efficiency, high fuel economy and low emissions of CO, HC and $CO_2$. However, NOx reducing is more difficult on diesel engines because of the high $O_2$ concentration in the exhaust, marking general three way catalytic converter ineffective. Two method available technologies for continuous NOx reduction onboard diesel engines are Urea-SCR and LNT. The implementation of the Urea-SCR systems in design engines have made it possible for 2.5l and over engines to meet the tightened NOx emission standard of Euro-6. In this study, we investigate the characteristics of NOx reduction with respect to engine speed, load, types of catalyst and the $NH_3$/NOx ratio and present the conditions which maximize NOx reduction. Also we provide detailed experimental data on Urea-SCR which can be used for the preparation for standards beyond Euro-6.

A Dynamic Update Engine of IPS for a DoS Attack Prevention of VoIP (VoIP의 DoS공격 차단을 위한 IPS의 동적 업데이트엔진)

  • Cheon, Jae-Hong;Park, Dea-Woo
    • KSCI Review
    • /
    • v.14 no.2
    • /
    • pp.235-244
    • /
    • 2006
  • This paper attacked the unknown DoS which mixed a DoS attack, Worm and the Trojan horse which used IP Source Address Spoofing and Smurf through the SYN Flooding way that UDP, ICMP, Echo, TCP Syn packet operated. the applications that used TCP/UDP in VoIP service networks. Define necessity of a Dynamic Update Engine for a prevention, and measure Miss traffic at RT statistics of inbound and outbound parts in case of designs of an engine at IPS regarding an Self-learning module and a statistical attack spread. and design a logic engine module. Three engines judge attack grades (Attack Suspicious, Normal), and keep the most suitable filtering engine state through AND or OR algorithms at Footprint Lookup modules. A Real-Time Dynamic Engine and Filter updated protected VoIP service from DoS attacks, and strengthened Ubiquitous Security anger, and were turned out to be.

  • PDF

A Dynamic Update Engine of IPS for a DoS Attack Prevention of VoIP (VoIP의 DoS공격 차단을 위한 IPS의 동적 업데이트엔진)

  • Cheon, Jae-Hong;Park, Dea-Woo
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.6 s.44
    • /
    • pp.165-174
    • /
    • 2006
  • This paper attacked the unknown DoS which mixed a DoS attack, Worm and the Trojan horse which used IP Source Address Spoofing and Smurf through the SYN Flooding way that UDP, ICMP, Echo, TCP Syn packet operated, the applications that used TCP/UDP in VoIP service networks. Define necessity of a Dynamic Update Engine for a prevention, and measure Miss traffic at RT statistics of inbound and outbound parts in case of designs of an engine at IPS regarding an Self-learning module and a statistical attack spread, and design a logic engine module. Three engines judge attack grades (Attack, Suspicious, Normal), and keep the most suitable filtering engine state through AND or OR algorithms at Footprint Lookup modules. A Real-Time Dynamic Engine and Filter updated protected VoIP service from DoS attacks, and strengthened Ubiquitous Security anger, and were turned out to be.

  • PDF

Design and Implementation of 2D Game Engine based Authentication of GPS Location Information (GPS 위치정보 인증기반 2D 게임엔진 설계 및 구현)

  • Hur, Sung-Jin
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.9 no.5
    • /
    • pp.1242-1248
    • /
    • 2008
  • In this paper, we propose a multi-stage user authenticating system in which system at first stage, the system authenticate a user through his GPS information and IP address. At second stage, the system authenticate a user based on ID and Password as other systems does. Through the use of proposed system, aged person or children enjoy the game on a much safer environment.

A System Architecture Design for Web-Based Application Systems using Role-Based Access Control (직무기반 접근제어를 사용하는 웹기반 응용 시스템의 시스템 아키텍처 설계)

  • Lee, Ho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.12
    • /
    • pp.217-225
    • /
    • 2010
  • Among web-based systems being widely used now, there are so many systems which are still using an user-level access control method. By successfully applying role-based access control(RBAC) to web-based application systems, we can expect to have an effective means with reinforced security for Internet-based systems. In order to apply RBAC to web-based application systems, we should come up with a system architecture for it. I proposed a system architecture which is needed to apply RBAC to web-based application systems. The proposed system architecture is largely composed of system composition and system functioning. For details, firstly, a certificate used by RBAC is specified. Secondly, a system architecture using a user-pull method is proposed and overall system components are mentioned with a role server being centered. Then, I showed how the system architecture can work to carry out RBAC on web-based application systems. Lastly, the analyses on the proposed system architecture are described for the purpose of proving its feasibility.

A Study of Office Open XML Document-Based Malicious Code Analysis and Detection Methods (Office Open XML 문서 기반 악성코드 분석 및 탐지 방법에 대한 연구)

  • Lee, Deokkyu;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.3
    • /
    • pp.429-442
    • /
    • 2020
  • The proportion of attacks via office documents is increasing in recent incidents. Although the security of office applications has been strengthened gradually, the attacks through the office documents are still effective due to the sophisticated use of social engineering techniques and advanced attack techniques. In this paper, we propose a method for detecting malicious OOXML(Office Open XML) documents and a framework for detection. To do this, malicious files used in the attack and benign files were collected from the malicious code repository and the search engine. By analyzing the malicious code types of collected files, we identified six "suspicious object" elements that are meaningful in determining whether they are malicious in a document. In addition, we implemented an OOXML document-based malware detection framework based on the detection method to classify the collected files and found that 98.45% of malicious filesets were detected.