• Title/Summary/Keyword: 침입감내

Search Result 36, Processing Time 0.021 seconds

Vulnerability Analysis and Research on Digital Contents Storage System (디지털콘텐츠 저장장치시스템의 취약성 연구)

  • Kim, Jeom-Goo;Kim, Tae-Eun;Choi, Jae-Wan;Kim, Won-Gil;Lee, Joong-Seok
    • Convergence Security Journal
    • /
    • v.7 no.4
    • /
    • pp.35-41
    • /
    • 2007
  • In accordance with increasing of digital contents and rising of property value, the importance of storing equipment system which can store and control essential contents has been maximized, and securer storing equipment system overcoming various vulnerabilities is now required. Therefore, in this paper, we analyzed misuse, abuse, modification, leak, and various vulnerabilities of storing equipment system that might be damaged, and we researched into an intrusion detection & recovery system which can solve potential vulnerabilities.

  • PDF

Resource Reallocation for the Protection of Essential Services (필수 서비스 보호를 위한 자원 재할당)

  • 민병준;김성기;최중섭;김홍근
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.30 no.12
    • /
    • pp.714-723
    • /
    • 2003
  • In order to guarantee system survivability against attacks based on new methodology, we need a solution to recognize important resources for essential services and to adapt the urgent situation properly. In this paper, we present a dynamic resource reallocation scheme which is one of the core technologies for the implementation of intrusion tolerant systems. By means of resource reallocation within a node, this scheme enables the essential services to survive even after the occurrence of a system attack. If the settlement does not work within the node, resource reallocation among nodes takes places, thus the essential services are transferred to another prepared server node. Experimental result obtained on a testbed reveals the validity of the proposed scheme for resource reallocation. This scheme may work together with IDS(Intrusion Detection System) to produce effective responsive mechanism against attacks.

Analysis of the Dependability of Voting and Group Management In the Intrusion Tolerant Technology (침입감내기술에서의 Voting 및 그룹관리 신뢰성 분석)

  • 이태진;김형종;이강신
    • Proceedings of the Korea Society for Simulation Conference
    • /
    • 2004.05a
    • /
    • pp.1-6
    • /
    • 2004
  • Intrusion tolerant technology is the technology to guarantee the Quality of service for certain amount time from the attacks which cannot be defended by the previous information security technologies. It increases the availability and confidentiality of the system by minimizing the damage from the attacks. And the fundamental components of the intrusion tolerant technology are voting and GMP(Group Management Protocol). In this paper, we present a new scheme to analyze the voting dependability and corrupt member detection dependability, which is very critical in GMP. Based on this scheme, we can make a new security policy and the methodology of analyzing the dependability itself also can be applicable to the other field.

  • PDF

Linux Based Real Time Network Intrusion Detection, Protection, Management and Fault Tolerance Security System (리눅스 기반 실시간 네트워크 칩입탐지대응관리 및 감내시스템)

  • Lee, Mike Myung-Ok;Lee, Eun-Mi
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2003.05c
    • /
    • pp.2113-2116
    • /
    • 2003
  • 이 논문에서는 리눅스 기반VDPM(Virus Detection Protection Management)시스템을 제안하고 개발한 응용SW로 감지, 차단 및 관리 방법을 제시한다. 제안된 LVPM시스템은 첫째특정탐색 및 전체탐색 알고리듬에 의하여 개발된 VDPM시스템은 신종 바이러스까지 탐지하는 모든 종류의 바이러스 탐지(VDPM_hawkeye) 모듈, Virus첵크하는 감시 및 Virus첵크후 친정, 제거하는 방지(VDPM_medic)모듈, DB를 update하는 기능을 가지는 관리(VDPM_manager)모듈과 원격 DB관리 및 Virus결과 보고 기능 (VDPM_reporter) 모듈로 되어 있으며 지능적인 Virus방지 시스템, 둘째 네트워크 패킷을 분석하여 네트워크를 통한 침 바이러스 탐지 및 대응 시스템과 셋째 네트워크 패킷을 분석하여 네트워치를 통한 네트워크형 악성 소프트웨어 대응 시스템을 포함한 바이러스 보호 통합 시스템을 구현하였다. 더불어 호스트와 네트웍기반의 통합적인 IDS가 방화벽(Firewall)시스템과 연동하여 IDS 단독 차단이 불가능한 공격을 차단하는 소프트웨어 시스템을 개발하는 것이며 관리자가 사용하기 쉬운 GUI환경으로 구현하였고 대규모 분산 네트워크 환경에서 효율적인 리눅스기반 침입탐지방지관리 솔루션을 제시한다.

  • PDF

A Scheme of Resource Reallocation and Server Replication against DoS Attacks (서비스 거부 공격에 대비한 자원 재할당 및 서버 중복 방안)

  • Min, Byoung-Joon;Kim, Sung-Ki;Na, Yong-Hi;Lee, Ho-Jae;Choi, Joong-Sup;Kim, Hong-Geun
    • The KIPS Transactions:PartA
    • /
    • v.10A no.1
    • /
    • pp.7-14
    • /
    • 2003
  • In order to cope with DoS (Denial of Service) attacks disturbing delivery of intended services by exhausting resources of computing nodes, we need a solution to recognize important resources for the essential services which have to be maintained under any circumstances and to adapt the system to the urgent situation and reconfigure itself properly. In this paper, we present a two-phase scheme to handle the problem. In the first phase, by means of dynamic resource reallocation within a computing node, we try to make the selected essential services survive even after the occurrence of an attack. For the second phase when it becomes impossible to continue the service in spite of the actions taken in the first phase, we apply server replication in order to continue the transparent provision of the essential services with the end users by utilizing redundant computing nodes previously arranged. Experimental result obtained on a testbed reveals the validity of the proposed scheme. A comparison with other proposed schemes has been conducted by analyzing the performance and the cost.

Secure Jini Service Architecture Providing Ubiquitous Services Having Persistent States (유비쿼터스 서비스 상태지속을 지원하는 안전한 Jini 서비스 구조)

  • Kim, Sung-Ki;Jung, Jin-Chul;Park, Kyung-No;Min, Byoung-Joon
    • The KIPS Transactions:PartC
    • /
    • v.15C no.3
    • /
    • pp.157-166
    • /
    • 2008
  • The ubiquitous service environment is poor in reliability of connection and also has a high probability that the intrusion against a system and the failure of the services may happen. Therefore, It is very important to guarantee that the legitimate users make use of trustable services from the viewpoint of security without discontinuance or obstacle of the services. In this paper, we point out the problems in the standard Jini service environment and analyze the Jgroup/ARM framework that has been developed in order to help fault tolerance of Jini services. In addition, we propose a secure Jini service architecture to satisfy the security, availability and quality of services on the basis of the analysis. The secure Jini service architecture we propose in this paper is able to protect a Jini system not only from faults such as network partition or server crash, but also from attacks exploiting flaws. It provides security mechanism for dynamic trust establishment among the service entities. Moreover, our secure Jini service architecture does not incur high computation costs to merge the user service states because of allocation of the replica based on each session of a user. Through the experiment on a test-bed, we have confirmed that proposed secure Jini service architecture is able to guarantee the persistence of the user service states at the level that the degradation of services quality is ignorable.