Advanced SearchSearch Tips
Study on APT Penetration Analysis and Plan of Reaction for Secure XaaS
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Study on APT Penetration Analysis and Plan of Reaction for Secure XaaS
Lee, Sun Ho; Kim, DaeYoub;
  PDF(new window)
XaaS (Everything as a Service) provides re-usable, fine-grained software components like software, platform, infra across a network. Then users usually pay a fee to get access to the software components. It is a subset of cloud computing. Since XaaS is provided by centralized service providers, it can be a target of various security attacks. Specially, if XaaS becomes the target of APT (Advanced Persistent Threat) attack, many users utilizing XaaS as well as XaaS system can be exposed to serious danger. So various solutions against APT attack are proposed. However, they do not consider all aspects of security control, synthetically. In this paper, we propose overall security checkup considering technical aspect and policy aspect to securely operate XaaS.
XaaS;APT;Compliance;Control Policy;Cloud Network;
 Cited by
J.-H. Sim, J.-K. Jung, H.-J. Kim, I.-K. Kim, and T.-M. Chung, "Survey on the recent advanced persistent threat solutions," in Proc. KICS Conf., pp. 769-770, Nov. 2013.

T. Mustafa, "Malicious data leak prevention and purposeful evasion attacks: An approach to advanced persistent threat (APT) management," in SIECPC, pp. 27-30, Apr. 2013.

Y.-H. Kim and W. H. Park, "A study on cyber threat prediction based on intrusion detection event for APT attack detection," Multimedia Tools and Applications, vol. 71, no. 2, pp. 685-698, Jul. 2014. crossref(new window)

Russel Miller, "Advanced persistent threats: Defending from the inside out," CATechnologies, Jul. 2012.

S.-C. Goh, A study of APTs(advanced persistent threat) penetration detect for security operation data and big data, National Security Research Institute, vol. 2014, no. 022, Oct. 2014.

S.-H. Lee and M.-S. Han, Study of defense method through APT(Advanced Persistent Threat) penetration path analysis in Industrial Network-Focusing on Stuxnet Case-, Korean Association for Industrial Security, Dec. 2014.

K.-H. Kim and M.-J. Choi, "Linear SVM-based android malware detection and feature selection for performance improvement," J. KICS, vol. 39C, no. 8, pp. 738-745, 2014. crossref(new window)

M. Kim, "Security analysis and enhancement of tsai et al.'s smart-card based authentication scheme," J. KICS, vol. 39B no. 1, pp. 29-37 2014. crossref(new window)

J. Lee, J. Park, S. W. Jung, and S. Jung, "The authentication and key management method based on PUF for secure USB," J. KICS, vol. 38B no. 12, pp. 944-953, 2014.