Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAK.KO-12.0314-Part7/R1 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2022-12-07 ÃÑÆäÀÌÁö 42
ÇѱÛÇ¥Áظí SDN ±â¹ÝÀÇ ³×Æ®¿öÅ© º¸¾È ±â´ÉÀÇ ÀÎÅÍÆäÀ̽º(I2NSF) ÇÁ·¹ÀÓ¿öÅ© - Á¦7ºÎ: º¸¾È Á¤Ã¥ ¹ø¿ª±âÀÇ ±¸Á¶ ¹× ÀýÂ÷
¿µ¹®Ç¥Áظí Interface to Network Security Functions (I2NSF) Framework Using Software-Defined Networking - Part7: Architecture and Process of Security Policy Translator
Çѱ۳»¿ë¿ä¾à ÀϹÝÀûÀ¸·Î º¸¾ÈÀ» ¿ä±¸ÇÏ´Â »ç¿ëÀÚ´Â NSF¿¡ ´ëÇÑ Àü¹®ÀûÀÎ Áö½ÄÀ» ¸ð¸£±â ¶§¹®¿¡ »ç¿ëÀÚ°¡ NSFÀÇ Àü¹®ÀûÀÎ °ü¿© ¾øÀÌ ¼­ºñ½º¸¦ ¹ÞÀ» ¼ö ÀÖµµ·Ï ½Ã½ºÅÛÀ» ¼³°èÇØ¾ß ÇÑ´Ù. À̸¦ À§ÇØ I2NSF´Â ºñÀü¹®°¡ÀÎ »ç¿ëÀÚ°¡ NSF Á¤Ã¥À» ¼³Á¤Çϵµ·Ï µµ¿ÍÁÖ´Â Á¤Ã¥ º¯È¯±â¸¦ ÇÊ¿ä·Î ÇÑ´Ù. º» ¹®¼­¿¡¼­´Â º¸¾È Á¤Ã¥ ¹ø¿ª±âÀÇ »õ·Î¿î ¼³°è¸¦ Á¦¾ÈÇÑ´Ù. I2NSF ½Ã½ºÅÛÀÇ Æí¸®ÇÑ °ü¸®¸¦ À§ÇØ ¿ÀÅ丶Ÿ ÀÌ·ÐÀ» »ç¿ëÇÏ¿© Á¤Ã¥ ¹ø¿ª±â¸¦ ±¸¼ºÇÑ´Ù. ¸ÕÀú, °áÁ¤Àû À¯ÇÑ ¿ÀÅ丶Ÿ(DFA, Deterministic Finite Automaton)¸¦ »ç¿ëÇÏ¿© °í¼öÁØ º¸¾È Á¤Ã¥¿¡¼­ µ¥ÀÌÅ͸¦ ÃßÃâÇÏ´Â ÃßÃâÀÚ(Extractor)¸¦ ±¸ÃàÇÑ´Ù. µÎ ¹ø°·Î NSF¿¡ ÇÊ¿äÇÑ Ãß»ó µ¥ÀÌÅͷκÎÅÍ Æ¯Á¤ µ¥ÀÌÅÍ·Î µ¥ÀÌÅ͸¦ ¸ÅÇÎ(Mapping)Çϱâ À§ÇØ NSF µ¥ÀÌÅͺ£À̽º ±â¹Ý µ¥ÀÌÅÍ º¯È¯±â(Data Converter)¸¦ ±¸ÃàÇÑ´Ù. ¼¼ ¹ø°·Î PyangBind ¿ÀǼҽº ¶óÀ̺귯¸®¸¦ »ç¿ëÇÏ¿© °¢ NSF¸¦ À§ÇÑ Àú¼öÁØ º¸¾È Á¤Ã¥À» »ý¼ºÇÏ´Â Á¤Ã¥ »ý¼ºÀÚ(Generator)¸¦ ±¸ÃàÇÑ´Ù.
¿µ¹®³»¿ë¿ä¾à In general, the users who require security must know that NSF has no expert knowledge, so the system must be designed so that the users can get the services without professional involvement of NSF. To this end, I2NSF requires a policy converter to help non-expert users set up NSF policies. The standard proposes a new design of the security policy translator. To facilitate the management of I2NSF system, a policy translator is constructed using automata theory. First, we construct an extractor that extracts data from a high-level security policy using deterministic finite automaton (DFA). Second, we build an NSF database-based data converter to map data from abstract data to concrete data. Third, we build a policy generator that generates low-level security policies for each NSF using an open source library called PyangBind.
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAK.KO-12.0314-Part7_R1.pdf TTAK.KO-12.0314-Part7_R1.pdf            

ÀÌÀü
ºí·Ï ¾ÏÈ£ ±â¹Ý °áÁ¤·ÐÀû ³­¼ö¹ß»ý±â
´ÙÀ½
Çؽà ÇÔ¼ö ±â¹Ý °áÁ¤·ÐÀû ³­¼ö¹ß»ý±â - Á¦1ºÎ: ÀϹÝ