Security-State Adjustable Gateway with Threat-Based Configuration

Security-State Adjustable Gateway with Threat-Based Configuration

下载PDF

导出

摘要 This paper proposes a configurable secure gateway architecture which allows the system administrators to dynamically configure the security mechanisms upon deployment or during the run-time. Rather than allowing the system administrators to turn on or off individual security mechanisms, the proposed architecture allows the administrators to configure the gateway based on the security threats to be overcome. The current common architecture leads to tremendous administration overhead and increases the chance of misconfiguration vulnerability. We propose a novel software architecture to aid the product designers to avoid the misconfiguration vulnerability and the end-users to ease the administration overhead. The software architecture makes use of the threats to the gateways and the occurrence relation between the threats to configure the security software components on the gateways. With the software architecture, the end-users can focus on determining the desired security features rather than the software configuration. Moreover, the architecture allows the product designers or security service to incrementally revise the software configuration when new threats appear. This paper proposes a configurable secure gateway architecture which allows the system administrators to dynamically configure the security mechanisms upon deployment or during the run-time. Rather than allowing the system administrators to turn on or off individual security mechanisms, the proposed architecture allows the administrators to configure the gateway based on the security threats to be overcome. The current common architecture leads to tremendous administration overhead and increases the chance of misconfiguration vulnerability. We propose a novel software architecture to aid the product designers to avoid the misconfiguration vulnerability and the end-users to ease the administration overhead. The software architecture makes use of the threats to the gateways and the occurrence relation between the threats to configure the security software components on the gateways. With the software architecture, the end-users can focus on determining the desired security features rather than the software configuration. Moreover, the architecture allows the product designers or security service to incrementally revise the software configuration when new threats appear.

作者 Chin-Fu Kuo Yung-Feng Lu Chi-Ying Chen

机构地区 Department of Computer Science and Information Engineering Department of Computer Science and Information Engineering Department of System Research

出处《Journal of Electronic Science and Technology》 CAS 2013年第2期140-149,共10页 电子科技学刊（英文版）

基金 supported by National Science Council under Grant No. NSC 101-2218-E-025-001, NSC 100-2221-E-390-012, and NSC 101-2221-E-390-007

关键词 Common criteria GATEWAY operationsystem SECURITY THREAT Common criteria gateway operationsystem security threat

分类号 TP393.08 [自动化与计算机技术—计算机应用技术] TP314 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献28

1F. Gens. New IDC IT cloud services survey: Top benefits and challenges. [Online]. Available: http://blogs.idc.coml iel?p=730.
2Security Guidance for Critical Areas of Focus in Cloud Computing, Cloud Security Alliance, 2012.
3M. Pan, P. Li, X. Song, Y. Fang, .and P. Lin, "Spectrum clouds: a session. based spectrum trading system for multi-hop cognitive radio networks," in Prof of Int. Calif. Computer Communications, Orlando, 2012, pp. 1557-1565.
4B. Schneier, "Attack trees," Dr Dobbs Journal, vol. 24, no. 12, pp. 21-19, Dec. 1999.
5R. Braden and J. Postel, RFC 1009 (Requirements for Internet gateways), 1987.
6Y. Wu, Y. Suhendra, and H. Guo, "A gateway-based access control scheme for collaborative clouds," in Prof of the 7th Int. Calif. on Internet Monitoring and Protection, Stuttgart, 2012, pp. 54-60.
7Common criteria for information technology security evaluation. [Online]. Available: http://www. commoncriteriaportal.org/cc/.
8K. V. Dolan, P. A. Wright, and R. R. Montequin. U.S. Department Defense application-level firewall protection profile for medium robustness environments, version 1.0. Technical Report. [Online]. Available: http://oai.dtic.miVoai/oai?verb=getRecord&metadataPrefix= htrnl&identifier=ADA395046.
9K. V. Dolan, P. A. Wright, and R. R. Montequin, B. Mayer, L. Gilmore, and C. Hall. U.S. government traffic-filter firewall protection profile for medium robustness environments. Technical Report. Available: http://www.dtic.miVdtic/tr/fulltextlu2/a395046.pdf.
10National Security Agency. Protection profile for single-level operating systems in environments requiring medium robustness, version 1.22. Technical Report. [Online]. Available: http://www.niap-ccevs.org/pp/ pp_os_sl_mr_ v1.22.pdf.

1安全性能出色的硬件产品：合勤P-334WT／G-162无线宽带防毒路由器[J].新电脑,2005,29(7):39-39.
2胡贵生.不许你私自更改IP[J].网管员世界,2008(5):103-103.
3崔炜.基于VC++6.0添加用户的设计与实现[J].吉林工程技术师范学院学报,2011,27(6):69-71.
4我正在使用Data Protection Manager（DPM）2010，但我查看恢复点时一个都没有显示，即使DPM Administrator控制台显示了机器上受保护的内容。哪里出问题了？[J].Windows IT Pro Magazine（国际中文版）,2011(3):90-90.
5邓二伟,黄冰.基于嵌入式系统的物联网研究[J].电脑迷,2016(1):79-80. 被引量：2
6阿菜.明明白白建立DHCP服务器[J].网迷,2003(11):51-52.
7张相锋,孙玉芳.入侵检测系统发展的研究综述[J].计算机科学,2003,30(8):45-49. 被引量：17
8Gyorgy Fabricius-Ferke.What Can Come out Controlling A Chance for the Perfect Business Intelligence[J].China-USA Business Review,2016,15(11):564-576.
92025年全球4D打印市场将超5亿美元[J].丝网印刷,2015,0(7):54-54.
102025年全球4D打印市场将超5亿美元[J].网印工业,2015,0(7):54-55.

Journal of Electronic Science and Technology

2013年第2期

浏览历史

内容加载中请稍等...

Security-State Adjustable Gateway with Threat-Based Configuration

参考文献28

相关作者

相关机构

相关主题

浏览历史