Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAK.KO-12.0314-Part7 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2019-12-11 ÃÑÆäÀÌÁö 30
ÇѱÛÇ¥Áظí SDN ±â¹ÝÀÇ ³×Æ®¿öÅ© º¸¾È ±â´ÉÀÇ ÀÎÅÍÆäÀ̽º(I2NSF) ÇÁ·¹ÀÓ¿öÅ© - Á¦7ºÎ : º¸¾È Á¤Ã¥ ¹ø¿ª±âÀÇ ±¸Á¶ ¹× ÀýÂ÷
¿µ¹®Ç¥Áظí Interface to Network Security Functions (I2NSF) Framework Using Software-Defined Networking - Part7: Architecture and Process of Security Policy Translator
Çѱ۳»¿ë¿ä¾à ÀϹÝÀûÀ¸·Î º¸¾ÈÀ» ¿ä±¸ÇÏ´Â »ç¿ëÀÚ´Â NSF¿¡ ´ëÇÑ Àü¹®ÀûÀÎ Áö½ÄÀ» ¸ð¸£±â ¶§¹®¿¡ »ç¿ëÀÚ°¡ NSFÀÇ Àü¹®ÀûÀÎ °ü¿© ¾øÀÌ ¼­ºñ½º¸¦ ¹ÞÀ» ¼ö ÀÖµµ·Ï ½Ã½ºÅÛÀ» ¼³°èÇØ¾ß ÇÑ´Ù. À̸¦ À§ÇØ I2NSF´Â ºñÀü¹®°¡ÀÎ »ç¿ëÀÚ°¡ NSF Á¤Ã¥À» ¼³Á¤Çϵµ·Ï µµ¿ÍÁÖ´Â Á¤Ã¥ º¯È¯±â¸¦ ÇÊ¿ä·Î ÇÑ´Ù. º» ¹®¼­¿¡¼­´Â º¸¾È Á¤Ã¥ ¹ø¿ª±âÀÇ »õ·Î¿î ¼³°è¸¦ Á¦¾ÈÇÑ´Ù. I2NSF ½Ã½ºÅÛÀÇ Æí¸®ÇÑ °ü¸®¸¦ À§ÇØ ¿ÀÅ丶Ÿ ÀÌ·ÐÀ» »ç¿ëÇÏ¿© Á¤Ã¥ ¹ø¿ª±â¸¦ ±¸¼ºÇÑ´Ù. ¸ÕÀú, °áÁ¤Àû À¯ÇÑ ¿ÀÅ丶Ÿ(DFA, Deterministic Finite Automaton)¸¦ »ç¿ëÇÏ¿© °í±Þ Á¤Ã¥¿¡¼­ µ¥ÀÌÅ͸¦ ÃßÃâÇÏ´Â ÃßÃâÀÚ(Extractor)¸¦ ±¸ÃàÇÑ´Ù. µÎ ¹ø°·Î NSF¿¡ ÇÊ¿äÇÑ Ãß»ó µ¥ÀÌÅͷκÎÅÍ Æ¯Á¤ µ¥ÀÌÅÍ·Î µ¥ÀÌÅ͸¦ ¸ÅÇÎ(mapping)Çϱâ À§ÇØ NSF µ¥ÀÌÅͺ£À̽º ±â¹Ý µ¥ÀÌÅÍ º¯È¯±â(Data Converter)¸¦ ±¸ÃàÇÑ´Ù. ¸¶Áö¸·À¸·Î ¹®¸Æ-ÀÚÀ¯ ¹®¹ý(CFG, Context-Free Grammar)À» »ç¿ëÇÏ¿© °¢ NSF¸¦ À§ÇÑ Àú¼öÁØ Á¤Ã¥À» »ý¼ºÇÏ´Â »ý¼ºÀÚ(Generator)¸¦ ±¸ÃàÇÑ´Ù.
¿µ¹®³»¿ë¿ä¾à In general, the users who require security must know that NSF has no expert knowledge, so the system must be designed so that the users can get the services without professional involvement of NSF. To this end, I2NSF requires a policy converter to help non-expert users set up NSF policies. The standard proposes a new design of the security policy translator. To facilitate the management of I2NSF system, a policy translator is constructed using automata theory. First, we construct an extractor that extracts data from the advanced policy using deterministic finite automaton (DFA). Second, we build an NSF database-based data converter to map data from abstract data to NSF specific data. Finally, we construct a generator that creates a low-level policy for each NSF using a context-free grammar (CFG).
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAK.KO-12.0314-Part7.pdf TTAK.KO-12.0314-Part7.pdf            

ÀÌÀü
3rd Generation Partnership Project;Technical Specification Group Core Network and Terminals;5G System; Session Management Services; Stage 3(Release 17)
´ÙÀ½
3rd Generation Partnership Project;Technical Specification Group Core Network and Terminals;5G System; Unified Data Management Services; Stage 3(Release 17)