• Title/Summary/Keyword: Security Architecture

Search Result 1,092, Processing Time 0.026 seconds

A Study on Development of Multi-level Security Architecture(MLSA) (Multi-level 보안 아키텍처(MLSA) 구축 방안)

  • Choi, Kyong-Ho;Lee, Dong-Hwi;Kim, Kui-Nam J.
    • Convergence Security Journal
    • /
    • v.7 no.4
    • /
    • pp.107-114
    • /
    • 2007
  • We need development methodology of security architecture which offered various levels of security management in case of the organization required more than two security certifications. In this study, therefore, development methodology of Multi-level Security Architecture(MLSA) proposed. Specifically, we should consider factors of commonness and difference between information security management level evaluation of multiple security architecture. This kinds of endeavor can suggest the direction of the improvement of the evaluating security management and the dynamic plan for the security architecture, and it will make the continuous and systematic security management.

  • PDF

The Proposal of Security Management Architecture using Programmable Networks Technology

  • Kim, Myung-Eun;Seo, Dong-Il;Lee, Sang-Ho
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2004.08a
    • /
    • pp.926-931
    • /
    • 2004
  • In this paper, we proposed security management architecture that combines programmable network technology and policy based network management technology to manage efficiently heterogeneous security systems. By using proposed security management architecture, a security administrator can manage heterogeneous security systems using security policy, which is automatically translated into a programmable security policy and executed on programmable middleware of security system. In addition, programmable middleware that has the features of programmable network can reduce excessive management traffic. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time between the proposed architecture and PBNM architecture.

  • PDF

A Designing Method of Intranet Security Architecture Model for Network Security Efficiency (보안 효율성 제고를 위한 인트라넷 네트워크 아키텍쳐 모델)

  • Noh, Si-Choon
    • Convergence Security Journal
    • /
    • v.10 no.1
    • /
    • pp.9-17
    • /
    • 2010
  • Internet network routing system is used to prevent spread and distribution of malicious data traffic. The penetration of malicious code and the function of security blocking are performed on the same course of traffic pathway. The security architecture is the concept to distinguish the architecture from the group handling with the traffic on the structure of network which is performed with the function of penetration and security. The security architecture could be different from the criterion of its realm and function, which requires the development and the application of security mechanism for every architecture. For the establishment of security architecture it is needed to show what criterion of net work should be set up. This study is based on analysis of diagnostic weakness structure in the network security architecture and research the criterion for topology factor, security architecture structure map selection, and blocking location and disinfection net. It is shown to increase the effective rate blocking the virus with the proposed method in this paper rather than the traditional network architecture.

Proposal of Network Security Management architecture using Programmable Network Technology (프로그래머블 네트워크 기술을 이용한 네트워크 보안 관리 구조 제안)

  • 김명은;오승희;김광식;남택용;손승원
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.28 no.10C
    • /
    • pp.1033-1044
    • /
    • 2003
  • In this paper, we propose security management architecture that manages efficiently security systems that are produced by different companies and programmable middleware that can reduce the load of management traffic. The proposed architecture applies programmable networks technology to policy based network management (PBNM). The proposed architecture manages and cooperates various security systems using security policy. Also, the programmable middleware provides convenience of management and reduces the overhead of a policy server by translating security policy into execution command. In addition, using programmable middleware, an administrator can manage various security systems that are produced by different companies. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time for enforcing and transferring of policies/messages between the proposed architecture and PBNM architecture.

Design and Performance Analysis of Security Network Management Architecture for Auto-managing Security Systems (보안 시스템의 자동 관리를 위한 보안 네트워크 관리 구조의 설계 및 성능 분석)

  • Ahn Gae-Il
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.30 no.8B
    • /
    • pp.525-534
    • /
    • 2005
  • This paper proposes the architecture and the methods of security network management for auto-configuration of security systems by extending the existing policy-based network management architecture. The architecture and the methods proposed in this paper enable a security management sewer to automatically decide the best-suited security policy to apply to a security system and the most effective and efficient security system to perform security policy rule, based on the role and capability information of security systems and the role and time information of security policy. For integrated control of network system and security system, this paper also proposes SNMP protocol based security network topology map generator. To show the excellence of the proposed architecture and methods, we simulate and evaluate the automatic response against attacks.

A Study on the Security Architecture of CALS System (CALS체계의 정보보호 구조 연구)

  • 남길현
    • The Journal of Society for e-Business Studies
    • /
    • v.4 no.2
    • /
    • pp.197-208
    • /
    • 1999
  • With developing computer and communication technologies, the concept of CALS system has been popular not only to military but also to commercial industries. The security problem is one of the most critical issues to construct CALS infrastructure. The CALS system needs some security functions such that data confidentiality, integrity, authenticity, availability, and non-repudiation. This paper proposes a security architecture model in CALS. The security architecture model is composed of 5 submodels such that network security model, authentication and key management model, operation and audit model, integrated database security model, and risk analysis model.

  • PDF

The Effect of Composition and Security Activities for Information Security Architecture on Information Asset Protection and Organizational Performance (정보보호 아키텍처 구성과 보안활동이 정보자산보호 및 조직성과에 미치는 영향)

  • Jeong, Gu-Heon;Yi, Dong-Wook;Jeong, Seung-Ryul
    • The KIPS Transactions:PartD
    • /
    • v.17D no.3
    • /
    • pp.223-232
    • /
    • 2010
  • This study was carried out for the purpose of inquiring into the effect of composition and security activities for information security architecture on information asset protection and organizational performance in terms of general information security. This study made a survey on 300 workers in the government, public institutions and private companies, which it showed that management factors of risk identification and risk analysis, in general, have an usefulness to composition and security activities for information security architecture to prevent inside information leakage. And the understanding and training factors of IT architecture and its component were rejected, requiring the limited composition and security activities for information security architecture. In other words, from the reality, which most institutions and organizations are introducing and operating the information security architecture, and restrictively carrying out the training in this, the training for a new understanding of architecture and its component as an independent variable made so much importance, or it did not greatly contribute to the control or management activities for information security as the generalized process, but strict security activities through the generalization of risk identification and risk analysis management had a so much big effect on the significant organizational performance.

Security Architecture and Model in Aeronautical Communication Network (항공통신 네트워크에서 보안구조 및 모델)

  • Hong, Jin-Keun
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.10 no.1
    • /
    • pp.122-127
    • /
    • 2009
  • In this paper, it is reviewed security architecture and proposed security model about secure aeronautical system, which is considering in the cynical research topics out of aeronautical traffic system. The reviewed contents is treated about security model fur domestic aeronautical system with international security technology trends in the basis of security technology related aeronautical services. In the security framework of aeronautical communication network, it is analyzed data link security technology between air and ground communication, and security architecture in according to aeronautical system, and presented security architecture of U information HUB model. The security architecture of U-information HUB includes the internetworking scope of airline, airport network, airplane network, and related government agency, etc.

A Design on the Information Security Auditing Framework of the Information System Audit (정보시스템 감리에서의 정보보호 감리모형 설계)

  • Lee, Ji Yong;Kim, Dong Soo;Kim, Hee Wan
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.2
    • /
    • pp.233-245
    • /
    • 2010
  • This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

Configuration Method of AWS Security Architecture for Cloud Service (클라우드 서비스 보안을 위한 AWS 보안 아키텍처 구성방안)

  • Park, Se-Joon;Lee, Yong-Joon;Park, Yeon-Chool
    • Journal of Convergence for Information Technology
    • /
    • v.11 no.7
    • /
    • pp.7-13
    • /
    • 2021
  • Recently, due to the many features and advantages of cloud computing, cloud service is being introduced to countless industries around the world at an unbelievably rapid pace. With the rapid increase in the introduction of multi-cloud based services, security vulnerabilities are increasing, and the risk of data leakage from cloud computing services are also expected to increase. Therefore, this study will propose an AWS Well-Architected based security architecture configuration method such as AWS standard security architecture, AWS shared security architecture model that can be applied for personal information security including cost effective of cloud services for better security in AWS cloud service. The AWS security architecture proposed in this study are expected to help many businesses and institutions that are hoping to establish a safe and reliable AWS cloud system.