• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1397-1400
• /
• 2005

Multiprotocol Label Switching is an initiating IETF that integrated Layer2 information network links(bandwidth, latency, utilization) to Layer 3(IP) with a particular autonomous system(or ISP) in order to simplify and improve IP-packet exchange. MPLS gives network operators a grate deal of flexibility to divert and route traffic around link failures, congestion, and bottlenecks. The MPLS has advantages that will be able to solve existing problem of Network that ISP have had IP, QoS, Gigabit forwarding and traffic engineering. The purpose of this study is to measure Access-list and the capacities of PE Router that would operate as MPLS. Many ISP using MPLS service to handle high-speed internet traffic with apply to firewall in future.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.619-622
• /
• 2005

본 논문은 최근의 네트웍 장비의 기본적인 기능인 stateful inspection 을 지원하기 위해 생성되는 세션 테이블들의 구조와 그 효율성을 확인한다. 그를 위해 LINUX, FreeBSD, OpenBSD 등의 운영체제에서 사용되고 있는 방화벽 소프트웨어들의 세션 테이블 구조 및 특징을 확인하고 실제 실험을 통해 구조적 특징 및 트래픽의 지역성이 테이블의 탐색에 걸리는 오버헤드를 줄이는 데에 어떠한 영향을 미치는지 실제 실험하였으며, 트리 구조를 가지는 세션 테이블이 worst case 시의 테이블 탐색시간을 줄여줌으로써 전체적인 패킷 처리시간을 줄여줄 수 있는 구조임을 확인한다.

• Proceedings of the KIEE Conference
• /
• 2002.11c
• /
• pp.23-26
• /
• 2002

In this paper, we modelize several scheduling algorithms for real-time packet filtering tasks based on the multi-threaded multi-processor architecture for the network security system like the firewall and compare the performance of the algorithms by implementing the algorithms and doing a number of empirical tasks. As the matrices of the performance we use the idle factor and the packet transfer rate. We get the idle factors and the packet transfer rates according to the transfers of the packet sizes from 64 bytes to 1500 bytes.

• Information and Communications Magazine
• /
• v.16 no.10
• /
• pp.125-136
• /
• 1999

ADSL은 일반 가정이나 SOHO에서 Internet access나 Remote LAN Access와 같은 application을 대상으로 사용하기에 적합하다. 제 2장에서는 CPN에서의 configuration, usage scenario를 알아보고 splitter configuration들과 PDN, SM, TE간의 interface가 어떻게 정의되는가를 살펴보았다. 제 3장에서는 central office의 configuration을 간단히 살펴보고, DSLAM 및 service provider network의 requirement들을 알아보았다. 제 4장에서는 원활한 network adaptation 및 service를 위한 Frame based 및 ATM based ADSL architecture들에 대해 언급하고 가능한 protocol stacks들에 대해 간단히 알아보았다. 또한 home network이나 corporate network에서 필요한 tunneling protocol이나 firewall의 구현가능성도 검토하였다. 현재 이러한 내용들이 ADSL Forum에서 활발히 논의되고 있으나, UADSL을 비롯한 ADSL의 대규모 설치에 따른 field trial 및 service를 통해 장단점이 검증될 것으로 보이며 따라서 앞으로 $1\sim2$년 후에나 좀더 효율적인 ADSL architecture, interface 및 protocol이 표준모델로 정착될 것으로 보인다.

• Journal of the Korean Society for Precision Engineering
• /
• v.23 no.5 s.182
• /
• pp.111-118
• /
• 2006

Better understanding and sharing information are getting important to manage interdisciplinary product development team in a globally-distributed company. This study proposes a solution to implement RPD(Rapid Product Development) system for the distributed development teams using SOAP(Simple Object Access Protocol). And a new approach is introduced for the better understanding of product geometry among the development members in different place and the easy sharing of product information. An application example shows that SOAP operates in distributed environment more efficiently than other RPC(Remote Procedure Call) techniques and it does not respond sensitively to firewall. And SOAP is an excellent RPC and messaging technique to exchange structured data. Procedures developed with use of SOAP are worked together with web, and users can use remote services as an application program in their local computer.

• Proceedings of the KAIS Fall Conference
• /
• 2005.05a
• /
• pp.257-259
• /
• 2005

언제 어디서나 컴퓨팅이 가능한 유비쿼터스 컴퓨팅 사회에서는 개인의 컴퓨팅 환경 의존도가 증가함에 따라 사이버공격으로 인한 개인생활의 위협도 증가할 수밖에 없다. 홈네트워크는 유비쿼터스 컴퓨팅 환경으로 가는 시작점이라고 할 수 있으므로 인터넷을 통한 사이버 공격의 증가는 눈앞에 현실로 다가오고 있는 홈네트워크의 활성화를 방해하는 장애물로 대두될 것이 틀림이 없으므로 이에 대한 대응책 마련이 시급하다. 본 연구에서는 안전한 홈네트워크 구축을 통하여 홈서비스가 활성화될 수 있도록 홈네트워크의 보안취약성 및 관련 보안기술 개발에 대한 연구와 홈네트워크에 필요한 보안사항을 연구하였다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.8 no.1
• /
• pp.75-82
• /
• 2003

Computer and network security has recently become a popular subject due to the explosive growth of the Internet Especially, attacks based on malformed packet are difficult to detect because these attacks use the skill of bypassing the intrusion detection system and Firewall. This paper designs and implements a network-based intrusion detection system (NIDS) which detects intrusions with malformed-packets in real-time. First, signatures, rules in NIDS like Snouts rule files, are classified using similar properties between signatures NIDS creates a rule tree applying hashing technique based on the classification. As a result the system can efficiently perform intrusion detection.

• 한국정보컨버전스학회:학술대회논문집
• /
• 2008.06a
• /
• pp.75-86
• /
• 2008

This paper presents the design, implementation, and evaluation of the RFID Guardian, the first-ever unified platform for RFID security and privacy administration. The RFID Guardian resembles an "RFID firewall", enabling individuals to monitor and control access to their RFID tags by combining a standard-issue RFID reader with unique RFID tag emulation capabilities. Our system provides a platform for coordinated usage of RFID security mechanisms, offering fine-grained control over RFID-based auditing, key management, access control, and authentication capabilities. We have prototyped the RFID Guardian using off-the-shelf components, and our experience has shown that active mobile devices are a valuable tool for managing the security of RFID tags in a variety of applications, including protecting low-cost tags that are unable to regulate their own usage.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.39-45
• /
• 2011

Application log files contain error messages; operational data and usage information that can help manage applications and servers. Log analysis system is software that read and parse log files, extract and aggregate information in order to generate reports on the application. In currently, the importance of log files of firewalls is growing bigger and bigger for the forensics of cyber crimes and the establishment of security policy. In this paper, we designed and implemented the SILAS(SysLog-based Integrated Log mAanagement System) in distribute network environments. It help to generate reports on the the log fires of firewalls - IP and users, and statistics of application usage.

• Journal of Information Technology Services
• /
• v.2 no.2
• /
• pp.97-109
• /
• 2003

As the importance and the need for network security is increased, many organization uses the various security systems. They enable to construct the consistent integrated security environment by sharing the vulnerable information among firewall, intrusion detection system, and vulnerable scanner. And Policy-based network provides a means by which the management process can be simplified and largely automated. In this article we build a foundation of policy-based network modeling environment. The procedure and structure for policy rule induction from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Based) is conducted. It also transforms the policy rules into PCIM (Policy Core Information Model).