Journal of KIISE:Computer Systems and Theory (한국정보과학회논문지:시스템및이론)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Survivability Assessment using DMKB for IT infrastructure

DMKB를 이용한 IT 기반구조의 생존성 평가 시스템

  • 최은정 (서울여자대학교 정보통신교육원) ;
  • 김명주 (서울여자대학교 정보보호학)
  • Published : 2006.09.01
Download PDF
⟨ Previous Next ⟩

Abstract

The popularization of high-speed networks and the innovation of high-performance hardware/servers have enlarged the role of large-scale, highly distributed IT infrastructure. Though many criteria on the assessment of IT infrastructure can be considered, the survivability assessment is treated as the most important one due to the essential role as an infrastructure. While assessing the survivability of some given IT infrastructures, we can not only choose the best one among them but also improve their survivability by modifying their structure and security policies. In this paper, we propose a DMKB-based assessment system on the survivability of IT infrastructures, where DMKB is a kind of database which provides the known vulnerabilities and defense mechanism for many system components.

초고속 네트워크의 보편화와 하드웨어 및 서버 기술의 발달로 인해 대규모 고성능 분산 네트워크 중심의 IT 기반구조 구축이 사회 전반에 걸쳐 확대되고 있다. 이러한 IT 기반 구조에 대한 평가 척도는 매우 다양하게 제시될 수 있지만, 기반 구조라는 특성 상 생존성 평가는 매우 중요한 척도로 간주된다. 주어진 IT 기반 구조에 대하여 어느 정도의 생존성을 가지고 있는지 평가하는 것은, 무수한 IT 기반 구조들에 대한 보편적인 평가 척도를 제시하는 것일 뿐만 아니라 해당 평가결과를 토대로 한 추가 개선 작업을 통하여 더욱 생존성이 강화된 IT 기반 구조로의 발전을 보장해준다. 본 논문에서는 현재의 IT 기반 구조를 구성하고 있는 개별 구성요소들에 대하여 이미 구축해 놓은 방어메커니즘 데이타베이스(DMKB)를 토대로 하여, 전체 IT 기반 구조의 생존성을 평가하는 시스템을 제시한다.

Keywords

References

  1. D. A. Fisher and H.F. Lipson, 'Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems,' Proceedings of the 32nd Annual Hawaii International Conference on System Sciences, Maui, Hawaii, January 5-8, 1999 (HICSS-32), IEEE Computer Society, 1999 https://doi.org/10.1109/HICSS.1999.772824
  2. R. Ellison, D. Fisher, R. Linger, H. Lipson, T. Longstaff, and N. Mead, 'Survivable network systems: An emerging discipline,' Technical Report CMU/SEI-97-153, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA 15213, November 1997
  3. J. H. Lala, 'Introduction,' Proceeding of the Foundation of Intrusion Tolerant System (OASIS'03), IEEE Computer Society, 2003
  4. Eun-Jung Choi, Hyung-Jong Kim, Myuhng-Joo Kim, 'DMKB : A Defense Mechanism Knowledge Base,' International Conference ICCSA, May 2004, Assisi Italy, LNCS 3043 2004 https://doi.org/10.1007/b98048
  5. H. F. Lipson, D. A. Fisher, 'Survivability - A New Technical and Business Perspective on Security,' Proceedings of the 1999 New Security Paradigms Workshop. Caledon Hill, ON, September 21-24, 1999. New York, NY: Association for Computer Machinery, 2000 https://doi.org/10.1145/335169.335187`
  6. S. Jha and J. M. Wing., 'Survivability Analysis of Networked Systems,' Proceedings of the 23rd International Conference on Software Engineering (ICSE2000), pages 307-317, 2001
  7. R. C. Linger, A. P. Moore, 'Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models,' Technical Report CMU/SEI-20001-TR-029, Carnegie Mellon University, Pittsburgh, PA 15213,October 2001
  8. Jaynarayan H. Lala, 'Information Assurance and Survivability,' International Conference on Dependable Systems and Networks, NY, USA, June 25-28, 2000
  9. Dale M. Johnson and Ph.D.Doug Williams, Ph.D., 'Organically Assured and Survivable Information Systems (OASIS),' MITRE Technology Symposium, Washington, June 2002
  10. R. J. Ellison and D. A. Fisher and R. C. Linger and H. F. Lipson and T. Longstaff and N. R. Mead, 'Survivable Network Systems: An Emer-ging Discipline,' CERT, November 1997 Revised: May 1999, CMU/SEI-97-TR-013
  11. Richard C. Linger and Andrew P. Moore, 'Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models,' CERT, CMU/SEI-2001-TR-029, October 2001
  12. M. Bishop: Vulnerabilities Analysis. Proceedings of the Recent Advances in Intrusion Detection, (1999)