Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Real-Time File Access Event Collection Methodology for Zero Trust Environment

제로 트러스트 환경의 실시간 파일 접근 이벤트 수집 방법에 관한 연구

  • Han, Sung-Hwa (Department of Information Security, Tongmyung University) ;
  • Lee, Hoo-Ki (Department of Cyber Security, Konyang University)
  • Received : 2021.08.09
  • Accepted : 2021.09.13
  • Published : 2021.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

The boundary-based security system has the advantage of high operational efficiency and easy management of security solutions, and is suitable for denying external security threats. However, since it is operated on the premise of a trusted user, it is not suitable to deny security threats that occur from within. A zero trust access control model was proposed to solve this problem of the boundary-based security system. In the zero trust access control model, the security requirements for real-time security event monitoring must be satisfied. In this study, we propose a monitoring method for the most basic file access among real-time monitoring functions. The proposed monitoring method operates at the kernel level and has the advantage of fundamentally preventing monitoring evasion due to the user's file bypass access. However, this study focuses on the monitoring method, so additional research to extend it to the access control function should be continued.

경계 기반 보안체계는 보안 솔루션의 운영 효율성이 높고 관리가 쉬운 장점이 있으며 외부의 보안 위협을 차단하기에는 적합하다. 그러나 신뢰된 사용자를 전제로 운영되기 때문에, 내부에서 발생하는 보안 위협은 차단하기에는 적합하지 않다. 경계 기반의 보안체계의 이러한 문제점을 해결하고자 제로 트러스트 접근통제 모델이 제안되었다. 제로 트러스트 접근통제 모델에서는 실시간 보안 이벤트 모니터링에 대한 보안 요구사항을 만족해야 한다. 본 연구에서는 실시간 모니터링 기능 중 가장 기본적인 파일 접근에 대한 모니터링 방법을 제안한다. 제안하는 모니터링 방법은 kernel level에서 동작하여 사용자의 파일 우회 접근에 의한 모니터링 회피를 원천적으로 방지할 수 있는 장점이 있다. 다만 본 연구는 모니터링 방법에 집중하고 있어, 이를 접근통제 기능까지 확대하기 위한 추가 연구는 계속되어야 한다.

Keywords

References

  1. R. Riccardo and M. Repetto, "Building situational awareness for network threats in fog/edge computing: Emerging paradigms beyond the security perimeter model," Future Generation Computer Systems, vol. 85, pp. 235-249, 2018. https://doi.org/10.1016/j.future.2018.04.007
  2. H. B. Chang, "A Study on The Countermeasure by The Types through Case Analysis of Industrial Secret Leakage Accident," Convergence security journal, vol. 15 no. 7, pp. 39-45, 2015.
  3. J. Kindervag, "Build security into your network's dna: The zero trust network architecture," Forrester Research Inc, pp. 1-26, 2010.
  4. M. Sudakshina, D. A. Khan, and S. Jain, "Cloud-Based Zero Trust Access Control Policy: An Approach to Support Work-From-Home Driven by COVID-19 Pandemic," New Generation Computing, pp. 1-24, 2021.
  5. A. Rastogi and K. E. Nygard, "Software Engineering Principles and Security Vulnerabilities," in CATA, pp. 180-190, Mar. 2019.
  6. X. Hao, W. Ren, R. Xiong, T. Zhu, and K. K. R. Choo, "Asymmetric cryptographic functions based on generative adversarial neural networks for Internet of Things," Future Generation Computer Systems, 2021.
  7. A. Kerman, O. Borchert, S. Rose, and A. Tan, "Implementing A Zero Trust Architecture," The MITRE Corporation, Tech. Rep, 2020.
  8. G. Anil, "A Zero-Trust Security Framework for Granular Insight on Blind Spot and Comprehensive Device Protection in the Enterprise of Internet of Things (E-IOT)," BMS Institute of Technology, 2021.
  9. K. D. Uttecht, "Zero Trust (ZT) Concepts for Federal Government Architectures," Massachusetts inst of tech lexington United States, 2020.
  10. M. Al-Asli and T. A. Ghaleb, "Review of signature-based techniques in antivirus products," International Conference on Computer and Information Sciences (ICCIS). IEEE, 2019.
  11. L. Abeni and C. Kiraly, "Investigating the network performance of a real-time Linux Kernel," Proc. 15th Real Time Linux Workshop (RTLWS 2013), 2013.
  12. C. Wright, C. Cowan, J. Morris, S Smalley, and G. Kroah-Hartman, "Linux security module framework," in Ottawa Linux Symposium, vol. 8032, pp. 6-16, Jun. 2002.