JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Design and Implementation of Mechanism for Effectively Exchanging Cybersecurity Information between Independent Security Management Domains
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Design and Implementation of Mechanism for Effectively Exchanging Cybersecurity Information between Independent Security Management Domains
An, Gae-Il; Seo, Dae-Hee; Lim, Sun-Hee; Kim, Jong-Hyun; Seo, Dong-Il; Cho, Hyun-Sook;
  PDF(new window)
 Abstract
As a way for defending against cyber security threats, there has been a research on cybersecurity information exchange between security management domains in order to raise security performance of the whole network. One of the hottest issues in exchanging cybersecurity information between security management domains is that the requirements of those domains on information sharing are different with each other because each is autonomous domain. This paper proposes a mechanism for effective cybersecurity Information exchange between independent security management domains, which can satisfy their requirements on information sharing through sharing policy and sharing policy control protocol, proposed in this paper. In this paper we have developed an integrated security control system that supports the proposed mechanism. Through the system the performance of the proposed mechanism is measured and evaluated.
 Keywords
Cybersecurity Information;Information exchange;Sharing policy;
 Language
Korean
 Cited by
 References
1.
통계청, "웜/바이러스 피해 현황," http://www.inde x.go.kr/egams/stts/jsp/potal/stts/PO_STTS_IdxMain.j sp?idx_cd=1364

2.
Anthony Rutkowski, Youki Kadobayashi, Inette Furey, Damir Rajnovic, Robert Martin, Takeshi Takahashi, "CYBEX - The Cybersecurity Information Exchange Framework (X.1500)," ACM SIGCOMM Computer Communication Review, Vol. 40 Num. 5, pp. 59-64, Oct. 2010 crossref(new window)

3.
E. Kenneally and K. Claffy, "An Internet Data Sharing Framework For Balancing Privacy and Utility," First International Forum on the Application and Management of Personal Electronic Information, pp. 1-6, Oct. 2009.

4.
Messaging Standard for Sharing Security Information (MS3i) Project, "Messaging standards for computer network defence warnings and alerts," JLS/2007/ EPCIP/007 - Project Report, June 2009

5.
정일안, 오진태, 장종수, "보안 정보 공유 기술 및 표준화 동향," 전자통신동향분석, 제23권 제4호, pp. 30-38, 8월, 2008.

6.
M. Wood and M. Erlinger, "Intrusion Detection Message Exchange Requirements", IETF, RFC 4766, March 2007

7.
H. Debar, D. Curry and B. Feinstein, "The Intrusion Detection Message Exchange Format (IDMEF)", IETF, RFC 4765, March 2007

8.
J. Arvidsson, A. Cormack, Y.Demchenko, J. Meijer, "TERENA's Incident Object Description and Exchange Format Requirements," IETF, RFC3067, Feb. 2001

9.
R. Danyliw, J. Meijer, Y. Demchenko, "The Incident Object Description Exchange Format," IETF, RFC 5070, Dec. 2007

10.
K. M. Moriarty, "Real-time Inter-network Defense," IETF, RFC 6045, Nov. 2010