This paper proposes a configurable secure gateway architecture which allows the system administrators to dynamically configure the security mechanisms upon deployment or during the run-time. Rather than allowing the s...This paper proposes a configurable secure gateway architecture which allows the system administrators to dynamically configure the security mechanisms upon deployment or during the run-time. Rather than allowing the system administrators to turn on or off individual security mechanisms, the proposed architecture allows the administrators to configure the gateway based on the security threats to be overcome. The current common architecture leads to tremendous administration overhead and increases the chance of misconfiguration vulnerability. We propose a novel software architecture to aid the product designers to avoid the misconfiguration vulnerability and the end-users to ease the administration overhead. The software architecture makes use of the threats to the gateways and the occurrence relation between the threats to configure the security software components on the gateways. With the software architecture, the end-users can focus on determining the desired security features rather than the software configuration. Moreover, the architecture allows the product designers or security service to incrementally revise the software configuration when new threats appear.展开更多
基金supported by National Science Council under Grant No. NSC 101-2218-E-025-001, NSC 100-2221-E-390-012, and NSC 101-2221-E-390-007
文摘This paper proposes a configurable secure gateway architecture which allows the system administrators to dynamically configure the security mechanisms upon deployment or during the run-time. Rather than allowing the system administrators to turn on or off individual security mechanisms, the proposed architecture allows the administrators to configure the gateway based on the security threats to be overcome. The current common architecture leads to tremendous administration overhead and increases the chance of misconfiguration vulnerability. We propose a novel software architecture to aid the product designers to avoid the misconfiguration vulnerability and the end-users to ease the administration overhead. The software architecture makes use of the threats to the gateways and the occurrence relation between the threats to configure the security software components on the gateways. With the software architecture, the end-users can focus on determining the desired security features rather than the software configuration. Moreover, the architecture allows the product designers or security service to incrementally revise the software configuration when new threats appear.
