• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제4권4호
• /
• pp.671-690
• /
• 2010

The continuous growth of attacks in the Internet causes to generate a number of rules in security devices such as Intrusion Prevention Systems, firewalls, etc. Policy anomalies in security devices create security holes and prevent the system from determining quickly whether allow or deny a packet. Policy anomalies exist among the rules in multiple security devices as well as in a single security device. The solution for policy anomalies requires complex and complicated algorithms. In this paper, we propose a new method to remove policy anomalies in a single security device and avoid policy anomalies among the rules in distributed security devices. The proposed method classifies rules according to traffic direction and checks policy anomalies in each device. It is unnecessary to compare the rules for outgoing traffic with the rules for incoming traffic. Therefore, classifying rules by in-out traffic, the proposed method can reduce the number of rules to be compared up to a half. Instead of detecting policy anomalies in distributed security devices, one adopts the rules from others for avoiding anomaly. After removing policy anomalies in each device, other firewalls can keep the policy consistency without anomalies by adopting the rules of a trusted firewall. In addition, it blocks unnecessary traffic because a source side sends as much traffic as the destination side accepts. Also we explain another policy anomaly which can be found under a connection-oriented communication protocol.

• Journal of Information Processing Systems
• /
• 제12권4호
• /
• pp.688-710
• /
• 2016

Our approach permits to capitalize the expert's knowledge as business rules by using an agent-based platform. The objective of our approach is to allow experts to manage the daily evolutions of business domains without having to use a technician, and to allow them to be implied, and to participate in the development of the application to accomplish the daily tasks of their work. Therefore, the manipulation of an expert's knowledge generates the need for information security and other associated technologies. The notion of cryptography has emerged as a basic concept in business rules modeling. The purpose of this paper is to present a cryptographic algorithm based approach to integrate the security aspect in business rules modeling. We propose integrating an agent-based approach in the framework. This solution utilizes a security agent with domain ontology. This agent applies an encryption/decryption algorithm to allow for the confidentiality, authenticity, and integrity of the most important rules. To increase the security of these rules, we used hybrid cryptography in order to take advantage of symmetric and asymmetric algorithms. We performed some experiments to find the best encryption algorithm, which provides improvement in terms of response time, space memory, and security.

• 전자통신동향분석
• /
• 제38권4호
• /
• pp.1-11
• /
• 2023

Trade rules in service and digital sectors mainly focus on reducing regulatory uncertainties by improving transparency and minimizing unnecessary requirements. Recognizing the importance of digital trade rules and trade in information and communication technology (ICT) sectors, governments worldwide have rapidly adopted and expanded rules on free flow of data, personal data protection, electronic authentication, and cybersecurity. On the other hand, advances in technology have led governments to face multiple threats related to cybersecurity, intellectual property (including that related to source code and algorithms), and unauthorized access to proprietary information of their suppliers. This study presents digital trade rules related to digital security emphasizing cybersecurity, source code, and ICT products that use cryptography in different trade agreements. Additionally, it introduces various approaches that major countries are taking to both address digital security issues and seek balance between security enhancement and trade liberalization.

• 무역상무연구
• /
• 제54권
• /
• pp.45-80
• /
• 2012

Since the 9.11 terror attack, the event which caused supply chain disruption, supply chain security has become more important than ever before. With this as a momentum, a customs supply chain security paradigm emerged intended to guarantee secure flow of cargo across boarder. Under this circumstances Incoterms(R) 2010 rules have allocated obligations between the buyer and seller to obtain or to render assistances in obtaining security clearances. Thus, security related obligations such as providing advance manifest information is the mandatory requirements for any export and import. The impact on the seller and buyer of security related obligations under the Incoterms(R) 2010 rules environment is obvious. Assistance to provide the security information in advance has become indispensable obligations to the seller and buyer. As such assistances is at the cost and risk of the party responsible for the clearances of the goods, the choice of recognised partner and compliance with the relevant security program, in order to enjoy the relevant benefits, becomes paramount.

• 한국정보기술응용학회:학술대회논문집
• /
• 한국정보기술응용학회 2005년도 6th 2005 International Conference on Computers, Communications and System
• /
• pp.297-300
• /
• 2005

Especially, system security is very important in the ubiquitous environment. This paper proposes a protecting scheme for security policies in Firewall and intrusion detection system (IDS). The one-way hash function and the symmetric cryptosystem are used to make the protected rules for Firewalls and IDSs. The proposed scheme could be applied in diverse kind of defense systems which use rules.

• 융합보안논문지
• /
• 제5권1호
• /
• pp.1-9
• /
• 2005

XML은 웹 응용을 위한 데이터의 처리와 전송을 위해 가장 일반적인 툴이 되고 있다. 모든 온라인 비즈니스 솔루션에서 정책들은 광범위하게 사용되고 있으며, 접근 요청에 대한 'yes/no'와 같은 이분법적인 결정은 충분하지 않다고 인식되고 있다. 이 논문에서는 provision과 obligation을 지닌 로직 형식으로 표현하는 정책규칙을 보안정책 프로그래머들이 융통성있게 명시할 수 있고 구현할 수 있도록 XML로 변환하여 표현하는 기법을 개발하였다. 사용자 정보, 객체 정보, 액션들을 XML로 표현하기 위한 일반적인 형식을 정의하였으며, 이 세 요소를 기본 요소로 하여 정책들을 명시하기 위한 XML DTD를 개발하였다. 향후에는 권한부여 정책에 기반한 접근 제어뿐만 아니라 데이터의 성격에 따라 각 필드에 있는 데이터를 변환하고 부인방지 기법을 도입하는 등 다양한 보안 기능을 지원하기 위해 이들을 XML 정책 규칙으로 명시하는 것에 대해 연구하고자 한다.

• 반도체디스플레이기술학회지
• /
• 제18권1호
• /
• pp.74-78
• /
• 2019

As software becomes larger and network technology develops, the management of distributed data becomes more popular. Therefore, it is becoming increasingly important to use blockchain technology that can guarantee the integrity of data in various fields by utilizing existing infrastructure. Blockchain is a distributed computing technology that ensures that servers participating in a network maintain and manage data according to specific agreement algorithms and rules to ensure integrity. As smart contracts are applied, not only passwords but also various services to be applied to the code. In order to reinforce existing research on smart contract applied to the blockchain, we proposed a dynamic conditional rule of smart contract that can formalize rules of smart contract by introducing ontology and SWRL and manage rules dynamically in various situations. In the previous research, there is a module that receives the upper rule in the blockchain network, and the rule layer is formed according to this module. However, for every transaction request, it is a lot of resources to check the top rule in a blockchain network, or to provide it to every blockchain network by a reputable organization every time the rule is updated. To solve this problem, we propose to separate the module responsible for the upper rule into an independent server. Since the module responsible for the above rules is separated into servers, the rules underlying the service may be transformed or attacked in the middleware. Therefore, the security mechanism using TLS and PKI is added as an agent in consideration of the security factor. In this way, the benefits of computing resource management and security can be achieved at the same time.

• 한국전자거래학회지
• /
• 제7권3호
• /
• pp.203-218
• /
• 2002

According as development of networks and increasing on Internet service, For the performance increase of K4 Firewall require that hardware be installed of 2 CPU or 4 CPU instead of 1 CPU. Output of performance test among 1CPU, 2CPU, and 4CPU of K4 Firewall system has not any efficient about increasing multiple CPUs. K4 Firewall put performance on setting on demon of packet filtering rules and Network Address Translate and Authentication and Proxy services. Performance results that setting after security rules are less 2％ Packet Filtering, 8％-11％ NAT, 18％-20％ Proxy and Authentication services than setting before security rules on K4 Firewall System. NAT and Proxy service have decrease of performance. This performance result comes in useful for research and development on K4 Firewall System.

• 한국산업정보학회논문지
• /
• 제8권4호
• /
• pp.8-16
• /
• 2003

본 논문에서는 기존의 네트워크 기반의 침입탐지 시스템인 Snort에 존재하는 취약성을 해결하기 위한 방법을 제안한다. 현재 룰 기반의 침입탐지 시스템인 Snort에서는 룰 자체를 보호하기 위한 방법을 제공하지 못한다. 이러한 문제를 해결하기 위해서 본 논문에서는 해쉬함수를 이용하여 룰 자체에 대한 보호를 제공할 수 있는 기법을 제안한다. 이러한 기법을 통하여 룰 자체에 대한 무결성과 기밀성을 제공할 수 있을 것이다.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2008년도 추계종합학술대회 B
• /
• pp.261-264
• /
• 2008

IPv6 has been proposed and deployed to cater the shortage of IPv4 addresses. It is expected to foresee mobile phones, pocket PCs, home devices and any other kind of network capable devices to be connected to the Internet with the introduction and deployment of IPv6. This scenario will bring in more challenges to the existing network infrastructure especially in the network security area. Firewalls are the simplest and the most basic form of protection to ensure network security. Nowadays, firewalls' usage has been extended from not only to protect the whole network but also appear as software firewalls to protect each network devices. IPv6 and IPv4 are not interoperable as there are separate networking stacks for each protocol. Therefore, the existing states of the art in firewalling need to be reengineered. In our context here, we pay attention only to the IPv6 firewalls configuration anomalies without considering other factors. Pre-evaluation of security risk is important in any organization especially a large scale network deployment where an add on rules to the firewall may affect the up and running network. We proposed a new probabilistic based model to evaluate the security risks based on examining the existing firewall rules. Hence, the network administrators can pre-evaluate the possible risk incurred in their current network security implementation in the IPv6 network. The outcome from our proposed pre-evaluation model will be the possibilities in percentage that the IPv6 firewall is configured wrongly or insecurely where known attacks such as DoS attack, Probation attack, Renumbering attack and etc can be launched easily. Besides that, we suggest and recommend few important rules set that should be included in configuring IPv6 firewall rules.