Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Proposal of Network Security Solution based on Software Definition Perimeter for Secure Cloud Environment

안전한 클라우드 환경을 위한 소프트웨어 정의 경계 기반의 네트워크 보안 솔루션 제안

  • Cha, Wuk-Jae (Division of Research Planning Office, Genians,Inc) ;
  • Shin, Jae-In (Division of Research Planning Office, Genians,Inc) ;
  • Lee, Dong-Bum (Genians,Inc) ;
  • Kim, Hyeob (Division of Research Planning Office, Genians,Inc) ;
  • Lee, Dae-Hyo (Division of Research Planning Office, Genians,Inc)
  • Received : 2018.10.09
  • Accepted : 2018.12.20
  • Published : 2018.12.28
Download PDF
⟨ Previous Next ⟩

Abstract

As the smartphone and mobile environment develop, the time and space constraints for individual work performance are disappearing. Companies can reduce costs and expand their business quickly through cloud computing. As the use of various cloud expands, the boundaries of users, data, and applications are disappearing. Traditional security approaches based on boundaries (Perimeter) are losing their utility in the cloud environment. This paper describes the limitations of existing network access control (NAC) in a cloud environment and suggests network security technology that complements it. The study explains the SDP and combines SDP(Software Defined Perimeter) to overcome the limitations of NAC, while at the same time explaining its role as a new framework for supporting the cloud environment. The new framework proposed in this paper suggests a software-based network security solution that supports physical and software parts, providing identity-based access control, encrypted segment management, and dynamic policy management, not IP-based.

스마트폰과 모바일 환경이 발전하면서 개인의 업무 수행을 위한 시간과 공간의 제약이 사라지고 있다. 기업은 클라우드 컴퓨팅을 통하여 비용을 절감하고 사업의 범위를 빠르게 확대할 수 있게 되었다. 다양한 클라우드의 사용이 확대되면서 사용자, 데이터, 어플리케이션의 경계가 사라지고 있다. 경계(Perimeter)을 기준으로 하는 전통적인 보안 접근은 클라우드 환경에서 효용을 잃어가고 있다. 이에, 본 논문에서는 클라우드 환경에서 기존 Network Access Control(NAC)의 한계를 기술하고 이를 보완한 네트워크 보안 기술을 제안한다. 관련연구로 SDP에 대해서 설명하고, NAC의 한계를 극복하기 위해 SDP(Software Defined Perimeter)를 융합하고 동시에 클라우드 환경의 지원을 위한 새로운 프레임워크로의 역할을 설명한다. 본 논문에서 제안한 새로운 프레임워크는 물리적인 부분과 소프트웨어적인 부분에 SDP 기술을 적용하여 IP 기반이 아닌 신원 중심 접근제어 제공, 암호화된 세그먼트 관리, 동적정책관리 등을 지원하는 소프트웨어 기반의 네트워크 보안 솔루션을 제안한다.

Keywords

OHHGBW_2018_v9n12_61_f0001.png 이미지

Fig. 1. Cloud Introduction Effect and Reason

OHHGBW_2018_v9n12_61_f0002.png 이미지

Fig. 2. Cloud Access Security Broker

OHHGBW_2018_v9n12_61_f0003.png 이미지

Fig. 3. Current Connected Model Based TCP/IP

OHHGBW_2018_v9n12_61_f0004.png 이미지

Fig. 4. Connected Model Based SDP

OHHGBW_2018_v9n12_61_f0005.png 이미지

Fig. 5. SDP Specification 1.0, CSA

OHHGBW_2018_v9n12_61_f0006.png 이미지

Fig. 6. SDP Specification 1.0, CSA(flow description)

OHHGBW_2018_v9n12_61_f0007.png 이미지

Fig. 7. Genian SDP Applicate Architecture

Table 1. The Treacherous 12

OHHGBW_2018_v9n12_61_t0001.png 이미지

Table 2. Compared to NAC and SDP components

OHHGBW_2018_v9n12_61_t0002.png 이미지

Table 3. Compare to NAC, SDP, Genian SDP

OHHGBW_2018_v9n12_61_t0003.png 이미지

References

  1. Korea IDG Report. what makes you hesitate to be applicate cloud security?
  2. Take The Wheel: Build Your Cloud Computing Strategic Plan Now Strategic Plan: The Cloud Computing Playbook.
  3. CLOUD SECURITY ALLIANCE(April 2014), Software Defined Perimeter Working Group, SDP Specification 1.0
  4. Check Point, 2017 Global Cyber Attack Trends Report
  5. Cyxtera, How to Overcome NAC Limitations.
  6. Musa Abubakar Muhammad, Aladdin Ayesh, Pooneh Bagheri Zadeh,(2017). Developing an Intelligent Filtering Technique for Bring Your Own Device Network Access Control, the International Conference on Future Networks and Distributed System, No. 46. DOI : 10.1145/3102304.3105573.
  7. Choi Eun-bok, Lee Sang-joon (2016). MAC Policy-based Access Control Mechanism for Cloud Convergence, Journal 7 of the Korean Convergence Society, 1-8.
  8. Jung Yoon-soo, Han Gun-hee (2018). Effective access control techniques between different IoT devices in the cloud environment, Journal 9 of the[ Korean Convergence Society, No. 4, 57-63.
  9. Kang Yong-hyuk, Kim Moon-jung, Han Moon-seok (2017), a study on the intrusion detection technique using software-defined networking techniques in wireless sensor networks, Journal 8 of the Korean Convergence Society, 51-57. https://doi.org/10.15207/JKCS.2017.8.1.051
  10. Jung Sung-jae, Bae Yu-mi, (2013). Analysis of cloud security threats and technology trends, Journal of Security Engineering Research, No. 10, No. 2, 199-212
  11. Kim Chang-soo, Jang Bong-im, Chung Hoi-kyung (2013). Analysis of cloud security threats and technology trends, Journal of Security Engineering Research, No. 10, No. 2, 199-212.
  12. Ashish Singh & Kakali Chatterjee. (2017). Cloud security issues and challenges: A survey. Journal of Network and Computer Applications, 79, 88-115. DOI : 10.1016/j.jnca.2016.11.027.
  13. Miss. Shakeeba S & Khan, Miss. Sakshi S. Deshmukh. (2017). Security in Cloud Computing Using Cryptographic Algorithms. Journal of Computer Science and Mobile Computing, 3, 517-525.
  14. SalmanIqbal. Miss Laiha Mat Kiah. Babak Dhaghighi. Muzammil Hussain. Suleman Khan. Muhammad Khurram Khan. Kim-Kwang Raymond Choo. (2016). On cloud security attacks: A taxonomy and intrusion detection and prevention as a service. Journal of Network and Computer Applications, 74, 98-120. DOI : 10.1016/j.jnca.2016.08.016.
  15. Won-Bon Koo, Kab-Seung Kou, Jae-In Shin, Jae-goo Jeong&Young-Gi Min. (2013). A Study on Information Security Requirements Considering the Security Technical Aspects in Cloud Service. Journal of Security Engineering, 10(3), 355-370.