• Title/Summary/Keyword: 침입감내

Search Result 36, Processing Time 0.025 seconds

A Suitability Evaluation Method for Quantitative Assessment of Intrusion Tolerant System using AHP-Fuzzy Integral (AHP-퍼지적분을 이용한 침입감내 시스템 도입 적절성 평가를 위한 정량적 평가방법 연구)

  • Yu, Kwang-Jin;Lee, Jae-Wook;Bae, Seong-Jae;Cho, Jae-Ik;Moon, Jong-Sub
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.36 no.2
    • /
    • pp.87-93
    • /
    • 2009
  • Intrusion tolerant system enables essential services to maintain for a period of time under system failure, malicious attacks and is gaining more importance in national defense, communication infrastructure, and financial sector. However, few objective evaluation criteria for companies and agencies to introduce an appropriate system are available. This paper proposes a suitability evaluation method, using Analytic hierarchy process and fuzzy integral, for intrusion tolerant system, along with evaluation criteria which considers the characteristics and costs of systems in addition to other factors.

Research on Network Design for Intrusion Tolerance of BcN (BcN에서의 침입감내를 위한 네트워크 디자인 연구)

  • Park, Hyun-Do;Kim, Soo;Lee, Hee-Jo;Im, Chae-Tae;Won, Yoo-Jae
    • Journal of KIISE:Information Networking
    • /
    • v.34 no.5
    • /
    • pp.305-315
    • /
    • 2007
  • Broadband Convergence Network (BcN) is the network which unifies telephone network, the Internet and broadcasting networks. Threats to each network can bring serious problems in BcN environment since the whole network can be damaged by various types of attack. The purpose of this study is to suggest the prototype of intrusion-tolerant network design of BcN to guarantee the continuous operation of BcN services against malicious attacks. First, BcN service components, selected by analysis of service time and coverage importance, are classified into three groups by their type: server type, gateway type and hybrid type. Second, the necessity of applying intrusion tolerance on BcN services is deduced by possible attack scenarios on BcN. Finally, we suggest the intrusion-tolerant network design suitable to BcN, using hardware redundancy and secure policies. Also, we present that the suggested network design can increase the intrusion tolerance of BcN.

Intrusion-Tolerant Jini Service Architecture for Enhancing Survivability of Ubiquitous Services (유비쿼터스 서비스 생존성 제고를 위한 침입감내 Jini 서비스 구조)

  • Kim, Sung-Ki;Park, Kyung-No;Min, Byoung-Joon
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.45 no.4
    • /
    • pp.41-52
    • /
    • 2008
  • Ubiquitous service environment is poor in reliability of connection and has a high probability that the intrusion and the system failure may occur. Therefore, in the environment, the capability of a system to collectively accomplish its mission in spite of active intrusions and various failure scenarios, that is, the survivability of services are needed. In this paper, we analyze the Jgroup/ARM framework that was developed in order to help the development of fault- tolerant Jini services. More importantly, we propose an intrusion-tolerant Jini service architecture to satisfy the security availability and quality of services on the basis of the analysis. The proposed architecture is able to protect a Jini system not only from faults such as network partitioning or server crash, but also from attacks exploiting flaws. It is designed to provides performance enough to show a low response latency so as to support seamless service usage. Through the experiment on a test-bed, we have confirmed that the architecture is able to provide high security and availability at the level that degraded services quality is ignorable.

Advanced Intrusion Tolerant System based on Exposure Policy and Virtualization Technology (가상화 기술 및 노출 정책을 기반으로 한 향상된 침입 감내 시스템 제안)

  • Kim, Hee-Young;Lee, Jung-Min;Heo, Seon-Dong;Yoon, Hyun-Soo
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2012.06c
    • /
    • pp.248-250
    • /
    • 2012
  • 사이버 공격이 다양해지면서 침입 탐지 시스템이 탐지 못하는 공격들이 늘어가고 그에 따라서 침입 감내 시스템의 필요성이 대두되고 있다. 기존의 가상화 기반 침입 감내 시스템들은 같은 가상 이미지를 정화해서 사용하므로 항상 같은 취약점을 가지고 있게 된다. 이 논문에서는 기존의 가상화 기반 침입 감내 시스템의 보안상 문제점을 지적하고 해결하기 위한 아이디어를 제시한다. 그리고 각 가상 이미지에 부여된 점수를 기반으로 노출 우선 순위를 배정하는 정책을 제안한다.

A Survey of Intrusion Tolerance System Research Trend (침입감내 시스템 연구 동향 조사)

  • Kwon, Oh-Min;Lim, Jung-Min;Yoon, Hyun-Soo
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2012.06c
    • /
    • pp.242-244
    • /
    • 2012
  • 최근 네트워크와 컴퓨팅 기술의 발전에 힘입어 대규모 시스템에 의해 다양한 서비스가 제공되고 있다. 하지만 이러한 시스템들의 긍정적인 효과에 반하여 악의적인 목적으로 시스템의 취약성을 이용한 보안을 위협하는 많은 공격들이 시도되고 있다. 본 논문에서는 이런 공격들에 대한 효과적인 대응책 중 하나인 침입감내 시스템의 연구 동향을 살펴보고, 그 방향성을 제시한다. 세부적으로는 효과적인 침입감내 시스템 설계를 위한 방법과 그에 관한 연구 실태에 대해서 기술한다.

Adaptive Intrusion Tolerance Model and Application for Distributed Security System (분산보안시스템을 위한 적응형 침입감내 모델 및 응용)

  • 김영수;최흥식
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.6C
    • /
    • pp.893-900
    • /
    • 2004
  • While security traditionally has been an important issue in information systems, the problem of the greatest concern today is related to the availability of information and continuity of services. Since people and organizations now rely on distributed systems in accessing and processing critical services and mission, the availability of information and continuity of services are becoming more important. Therefore the importance of implementing systems that continue to function in the presence of security breaches cannot be overemphasized. One of the solutions to provide the availability and continuity of information system applications is introducing an intrusion tolerance system. Security mechanism and adaptation mechanism can ensure intrusion tolerance by protecting the application from accidental or malicious changes to the system and by adapting the application to the changing conditions. In this paper we propose an intrusion tolerance model that improves the developmental structure while assuring security level. We also design and implement an adaptive intrusion tolerance system to verify the efficiency of our model by integrating proper functions extracted from CORBA security modules.

A Vulnerability Analysis of Intrusion Tolerance System using Self-healing Mechanism (자가치유 메커니즘을 활용한 침입감내시스템의 취약성 분석)

  • Park, Bum-Joo;Park, Kie-Jin;Kim, Sung-Soo
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.32 no.7
    • /
    • pp.333-340
    • /
    • 2005
  • One of the most important core technologies required for the design of the ITS (Intrusion Tolerance System) that performs continuously minimal essential services even when the network-based computer system is partially compromised because of the external or internal intrusions is the quantitative dependability analysis of the ITS. In this paper, we applied self-healing mechanism, the core technology of autonomic computing to secure the protection power of the ITS. We analyzed a state transition diagram of the ITS composed of a Primary server and a backup server utilizing two factors of self-healing mechanism (fault model and system response) and calculated the availability of ITS through simulation experiments and also performed studies on two cases of vulnerability attack.

A Survivability Analysis of Primary-Backup Intrusion Tolerant System for Network Computing (네트워크 기반 컴퓨팅에서 주-백업 침입감내시스템의 생존성 분석)

  • 박기진;낭궁미정;박미선
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2004.10c
    • /
    • pp.526-528
    • /
    • 2004
  • 고속 네트워크와 이질적인 자원의 결합으로 구성되어 보안에 취약할 수 밖에 없는 네트워크 기반 컴퓨팅 환경을 대상으로 내.외부적 공격이나 결함이 발생하더라도 중요한 서비스를 지속적으로 제공하여, 시스템의 피해를 최소화하는 침입감내시스템(Intrusion Tolerant Systems)에 대한 연구가 활발하다. 본 논문에서는 주-백업 구조를 갖는 침입감내시스템 구조를 제안하였으며, 마코브 분석(Markov Analysis)을 통해, 시스템 생존성을 정량적으로 정의하였다.

  • PDF

A Survivability Model of an Intrusion Tolerance System (침입감내시스템의 생존성 모델)

  • Park, Bum-Joo;Park, Kie-Jin;Kim, Sung-Soo
    • The KIPS Transactions:PartA
    • /
    • v.12A no.5 s.95
    • /
    • pp.395-404
    • /
    • 2005
  • There have been large concerns about survivability defined as the capability of a system to perform a mission-critical role, in a timely manner, in the presence of attacks, failures. In particular, One of the most important core technologies required for the design of the ITS(Intrusion Tolerance System) that performs continuously minimal essential services even when the computer system is partially compromised because of intrusions is the survivability one of In included the dependability analysis of a reliability and availability etc. quantitative dependability analysis of the In. In this Paper, we applied self-healing mechanism utilizing two factors of self-healing mechanism (fault model and system response), the core technology of autonomic computing to secure the protection power of the ITS and consisted of a state transition diagram of the ITS composed of a primary server and a backup server. We also defined the survivability, availability, and downtime cost of the ITS, and then performed studies on simulation experiments and two cases of vulnerability attack. Simulation results show that intrusion tolerance capability at the initial state is more important than coping capability at the attack state in terms of the dependability enhancement.

Intrusion Tolerance Scheme in Wireless Ad-Hoc Networks (무선 애드혹 네트워크 상에서의 침입 감내 방안)

  • 김경자;홍성옥;장태무
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2003.04a
    • /
    • pp.245-247
    • /
    • 2003
  • Ad Hoc망은 이동 호스트들로만 구성된 네트워크로서, 토폴로지의 작은 변화나 중앙 집중화 된 모니터링과 관리면에서의 기술 부족으로 인해 많은 취약점을 가지고 있다. 반면에 유선 네트워크에서 개발된 많은 침입 탐지 기술은 새로운 환경에서는 적절치가 않다. 따라서, 본 논문에서는 무선 Ad Hoc 네트워크상에서 이동 에이전트를 호스트 모니터링과 네트워크 모니터링의 기능을 분류하여 네트워크 망 내에서 연결된 개수에 따라 노드의 역할을 분담하여 침입을 감내 할 수 있는 방안을 제안하고자 한다.

  • PDF