Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지

Policy-based Security System Modeling using Vulnerable Information

취약성 정보를 활용한 정책 기반 보안 시스템 모델링

  • 서희석 (성균관대학교 정보통신공학부) ;
  • 김동수 (국민대학교 BIT 대학원) ;
  • 김희완 (삼육대학교 컴퓨터과학과)
  • Published : 2003.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

As the importance and the need for network security is increased, many organization uses the various security systems. They enable to construct the consistent integrated security environment by sharing the vulnerable information among firewall, intrusion detection system, and vulnerable scanner. And Policy-based network provides a means by which the management process can be simplified and largely automated. In this article we build a foundation of policy-based network modeling environment. The procedure and structure for policy rule induction from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Based) is conducted. It also transforms the policy rules into PCIM (Policy Core Information Model).

Keywords

References

  1. Wang Changkun, 'Policy-based Network Management,' Communication Technology Proceeding, WCC-ICCT 2000, International Conference on, Vol.1(Aug. 2000), pp.101-105
  2. Verma, D. C., 'Simplifying Network Administration Using Policy-based Management,' Network, IEEE, Vol.16(March-April 2002), pp.20-26
  3. B. P. Zeigler, 'Object-Oriented Simulation with Hierarchical,' Modular Models, USA:Academic Press, San Diego CA, 1990
  4. Seo, Hee Suk , Cho, Tae Ho and Chi, Sung Do, 'Modeling and Simulation of Distributed Security Models,' Lecture Notes on Computer Science, Springer Verlag, LNCS 2660, (Jun. 2003), pp.809-818
  5. NIST, An Introduction to Computer Security:The NIST Handbook, Technology Adminstration, U.S.A, 1995
  6. M. Bishop, 'Vulnerablities Analysis,' Proceedings of the Recent Advances in Intrusion Detection, (Sep. 1999), pp.125-136
  7. Robert A. Martin, 'Managing Vulnerabilities in Networked Systems,' IEEE Computer, Vol.34, No.11(Nov. 2001), pp.32-38 https://doi.org/10.1109/2.963441
  8. M. Stevens. 'Policy Framework,' Internet Draft, draft-ietf-policy-framework-05.txt, Sep. 1999
  9. B. Moore, et al., 'Policy Core Information Model-Version 1 Specification,' IETF RFC 3060, Feb. 2000
  10. B. Moore, et al., 'Policy Core Information Model (PCIM) Extensions,' IETF RFC 3460, Jan. 2003
  11. http://icat.nist.gov, ICAT Metabase
  12. R. Bace, Intrusion Detection, Macmillan Technical Publishing, 2000
  13. E. D. Zwicky, S. Cooper and D. B. Chapman, Building Internet Firewalls, second edition, O’reilly & Associates, 2000
  14. Zhengxin Chen, John Wiley & Sons, Data Mining And Uncertain Reasoning:An Integrated Approach, 2001
  15. http://icat.nist.gov/icat.cfm?cvename=CVE-2000-0305