The above and other objects, features and advantages of the present invention will be more apparent from the following detailed description taken in conjunction with the accompanying drawings, in which:
Hereinafter, a preferred embodiment of a system integration method based on a system entity structure according to the present invention will be described with reference to the accompanying drawings.
As shown in
In the following, a system integration method based on a system entity structure according to the invention is described in detail with reference to an information protection system.
In representing an information protection system as a system entity structure (SES), the ‘technology attribute’ means an attribute of an information protection technology which will become each node of the SES. In order to deduce the technology attribute, it is required a classification operation for each element technology for the integration target system. This is referred to as technology taxonomy.
In the technology taxonomy, with regard to major classes, each constitution technology is classified into Prevention, Detection and Response for an attack on the basis of applied point of time for the technology.
First, the Prevention is a technology for preventing an attack in advance. Some examples of the main technologies associated with the Prevention are as follows.
Firewall: it is a basis technology for access control and is set in consideration of characteristics of services and attacks. It comprises a form of filtering only with a port and IP information in accordance with an exterior request, a form of relaying a service in a proxy pattern and a form of filtering in consideration of statistics of traffics.
Vulnerability scanner: It is a technology for diagnosing and detecting vulnerability. Universal rules for inspecting the vulnerability are managed in a knowledge form and each rule for detecting vulnerability also has a category, so that the rules to be used are determined in accordance with the policies. The category for each vulnerability detection target includes a system scanner, a network scanner or web scanner.
Second, the Detection is a technology for detecting an attack, based on a change of the system occurring after the attack or an attack input. It determines whether the attack succeeds, in accordance with a determination for the information provided due to the attack and the change of the system after the attack. The main technologies associated with the detection includes the following.
Intrusion Detection Tool
Bandwidth Estimation Tool
Traffic Analysis Tool
Worm Spreading Detection Tool
Malicious Code Pattern Generation Tool
Third, when the attack or damage is detected, the Response defines and carries out a main method of coping with it. The main technologies associated with the Response are as follows:
Alarm or Inform
In order to deduce an associated relation between the respective technologies after the technology taxonomy, the attributes of the respective technologies are further classified in consideration of “technology application target,” “technology applied for protection” and “performance characteristic of technology.” The three considerations have the following meanings.
Technology Application Target
Technology Applied for Protection
Performance Characteristic of Technology
The constitution elements classified on the basis of the three considerations are shown in
In the mean time, the relation between the major class and the middle class is determined as specialization or decomposition relation on a system entity structure (SES), as shown in
In the following, an example of the relation of the element technologies for an information protection system is described.
<prevention Technology>
A Relation of the Major and Middle Classes
A Relation of the Middle and Minor Classes
<Detection Technology>
a Relation of the Middle and Minor Classes
<Recovery Technology>
A Relation of the Middle and Minor Classes
As an embodiment of the invention, the information security technologies have been analyzed to extract the technology attributes and to represent the system entity structure (SES) for showing the way of integration of information security system for a specific network environment.
In the following, environmental factors which are considered in the pruning operation with regard to the information security system are described.
In the environmental factor, the three elements which have been clearly stated in the technology attributes, i.e., the application target, the applied technology and the performance will be considered. Specifically, the three elements become a basis for deciding what technology will be used in the specialization.
For example, in application target point of view, the environmental factors are related with where a technology will be applied, such as a network, system or service.
The way of setting the environmental factors may vary depending on the system to which the invention is applied.
Finally, described below is a pruning rule which is considered for the pruning operation in the information protection system according to an embodiment of the invention.
In the pruning step of the invention, the constitutional elements of the system are selected in consideration of the technology attributes and the environmental factors, thereby making a pruned entity structure (PES). At this time, there is required a rule for selecting the constitutional elements. The pruning rule selects a necessary technology, based on the application target, the applied technology and the performance which the environmental factors show.
In the following, examples of the pruning rule will be shown. From the sets, it is possible to see how each of the rule sets is inferred on the basis of the application target, the applied technology and the performance.
<Example 1 of the Pruning Rule Set
<Example 2 of the Pruning Rule Set>
Through the inference using the pruning rule in the example 2, the detection tool of the minor classes is selected among the worm spreading detection tools
The PES consisting of the constitution elements selected as described above is a specialized system entity structure of the integration system and has a specification suitable for the object of the integration system among the various element technologies.
As described above, the invention relates to a system integration method based on a system entity structure (SES), and specifically, uses the system entity structure (SES) to hierarchically represent the structure of each system and carries out a pruning operation so as to select a structure of a specific system, thereby integrally structuring a system. Through making use of the invention, a necessary system can be structured by the selection, so it is particularly effective for an integration target system having various element technologies such as information security system.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made thereto without departing from the spirit and scope of the invention as defined by the appended claims.
Number | Date | Country | Kind |
---|---|---|---|
10-2006-0099680 | Oct 2006 | KR | national |