Ȩ > Ç¥ÁØÈ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ
Ç¥ÁعøÈ£ | TTAK.KO-12.0314-Part7/R1 | ±¸Ç¥ÁعøÈ£ | |
---|---|---|---|
Á¦°³Á¤ÀÏ | 2022-12-07 | ÃÑÆäÀÌÁö | 42 |
ÇѱÛÇ¥Áظí | SDN ±â¹ÝÀÇ ³×Æ®¿öÅ© º¸¾È ±â´ÉÀÇ ÀÎÅÍÆäÀ̽º(I2NSF) ÇÁ·¹ÀÓ¿öÅ© - Á¦7ºÎ: º¸¾È Á¤Ã¥ ¹ø¿ª±âÀÇ ±¸Á¶ ¹× ÀýÂ÷ | ||
¿µ¹®Ç¥Áظí | Interface to Network Security Functions (I2NSF) Framework Using Software-Defined Networking - Part7: Architecture and Process of Security Policy Translator | ||
Çѱ۳»¿ë¿ä¾à | ÀϹÝÀûÀ¸·Î º¸¾ÈÀ» ¿ä±¸ÇÏ´Â »ç¿ëÀÚ´Â NSF¿¡ ´ëÇÑ Àü¹®ÀûÀÎ Áö½ÄÀ» ¸ð¸£±â ¶§¹®¿¡ »ç¿ëÀÚ°¡ NSFÀÇ Àü¹®ÀûÀÎ °ü¿© ¾øÀÌ ¼ºñ½º¸¦ ¹ÞÀ» ¼ö ÀÖµµ·Ï ½Ã½ºÅÛÀ» ¼³°èÇØ¾ß ÇÑ´Ù. À̸¦ À§ÇØ I2NSF´Â ºñÀü¹®°¡ÀÎ »ç¿ëÀÚ°¡ NSF Á¤Ã¥À» ¼³Á¤Çϵµ·Ï µµ¿ÍÁÖ´Â Á¤Ã¥ º¯È¯±â¸¦ ÇÊ¿ä·Î ÇÑ´Ù. º» ¹®¼¿¡¼´Â º¸¾È Á¤Ã¥ ¹ø¿ª±âÀÇ »õ·Î¿î ¼³°è¸¦ Á¦¾ÈÇÑ´Ù. I2NSF ½Ã½ºÅÛÀÇ Æí¸®ÇÑ °ü¸®¸¦ À§ÇØ ¿ÀÅ丶Ÿ ÀÌ·ÐÀ» »ç¿ëÇÏ¿© Á¤Ã¥ ¹ø¿ª±â¸¦ ±¸¼ºÇÑ´Ù. ¸ÕÀú, °áÁ¤Àû À¯ÇÑ ¿ÀÅ丶Ÿ(DFA, Deterministic Finite Automaton)¸¦ »ç¿ëÇÏ¿© °í¼öÁØ º¸¾È Á¤Ã¥¿¡¼ µ¥ÀÌÅ͸¦ ÃßÃâÇÏ´Â ÃßÃâÀÚ(Extractor)¸¦ ±¸ÃàÇÑ´Ù. µÎ ¹ø°·Î NSF¿¡ ÇÊ¿äÇÑ Ãß»ó µ¥ÀÌÅͷκÎÅÍ Æ¯Á¤ µ¥ÀÌÅÍ·Î µ¥ÀÌÅ͸¦ ¸ÅÇÎ(Mapping)Çϱâ À§ÇØ NSF µ¥ÀÌÅͺ£À̽º ±â¹Ý µ¥ÀÌÅÍ º¯È¯±â(Data Converter)¸¦ ±¸ÃàÇÑ´Ù. ¼¼ ¹ø°·Î PyangBind ¿ÀǼҽº ¶óÀ̺귯¸®¸¦ »ç¿ëÇÏ¿© °¢ NSF¸¦ À§ÇÑ Àú¼öÁØ º¸¾È Á¤Ã¥À» »ý¼ºÇÏ´Â Á¤Ã¥ »ý¼ºÀÚ(Generator)¸¦ ±¸ÃàÇÑ´Ù. | ||
¿µ¹®³»¿ë¿ä¾à | In general, the users who require security must know that NSF has no expert knowledge, so the system must be designed so that the users can get the services without professional involvement of NSF. To this end, I2NSF requires a policy converter to help non-expert users set up NSF policies. The standard proposes a new design of the security policy translator. To facilitate the management of I2NSF system, a policy translator is constructed using automata theory. First, we construct an extractor that extracts data from a high-level security policy using deterministic finite automaton (DFA). Second, we build an NSF database-based data converter to map data from abstract data to concrete data. Third, we build a policy generator that generates low-level security policies for each NSF using an open source library called PyangBind. | ||
±¹Á¦Ç¥ÁØ | |||
°ü·ÃÆÄÀÏ | TTAK.KO-12.0314-Part7_R1.pdf |