Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAE.IT-X.1546 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2016-12-27 ÃÑÆäÀÌÁö 22
ÇѱÛÇ¥ÁØ¸í ¾Ç¼ºÄÚµå ¼Ó¼º ¸ñ·Ï ¹× Ư¼º
¿µ¹®Ç¥Áظí Malware attribute enumeration and characterization
Çѱ۳»¿ë¿ä¾à º» Ç¥ÁØ¿¡¼­ ±â¼úÇÏ´Â ÁÖ¿ä ³»¿ëÀº MAEC ȣȯ¼ºÀ» °®Ãá º¸¾Èµµ±¸ µîÀÌ °®Ãß¾î¾ß ÇÒ ´É·Â(capability)µéÀÌ´Ù. ÀÌ Ç¥ÁØ¿¡¼­´Â 5°¡Áö ´É·Â(capability)°ú °ü·ÃµÈ °³³ä, ¿ªÇÒ, Ã¥Àӵ鿡 ´ëÇØ Á¤ÀÇÇÏ°í ÀÖ´Ù. ¿©±â¼­ ´É·ÂÀº º¸¾È Á¦Ç°, ¼­ºñ½º ¶Ç´Â ÀúÀå¼Ò°¡ Á¦°øÇÏ´Â ±â´É ¶Ç´Â ±â´ÉµéÀÇ ÁýÇÕÀ¸·Î Á¤ÀÇµÇ°í °¢ ´É·ÂÀº MAEC ¾ð¾î¿¡ ´ëÇÑ ¼­·Î ´Ù¸¥ »ç¿ë ¿ëµµ¸¦ ³ªÅ¸³»¸ç ÄÜÅÙÃ÷ »ý¼º, ÄÜÅÙÃ÷ ÀúÀå, ÄÜÅÙÃ÷ ¼Òºñ Áß Àû¾îµµ ÇϳªÀÇ ±â´ÉÀ» Á¦°øÇÑ´Ù. ÀÌ ´É·ÂµéÀ» ÅëÇؼ­ MAEC Ä¿¹Â´ÏƼ »ç¿ëÀÚµéÀº ÁÖ¾îÁø º¸¾Èµµ±¸°¡ MAEC ¾ð¾î¸¦ ¾î¶»°Ô »ç¿ëÇÏ°í ÀÖ°í »ç¿ëÀÚµéÀÇ ¿ä±¸¸¦ ¾î¶»°Ô ÃæÁ·½Ãų ¼ö ÀÖ´ÂÁö¸¦ ÀÌÇØÇÒ ¼ö ÀÖ´Ù.

¶ÇÇÑ º» Ç¥ÁØÀº ´É·ÂÀÌ °®Ãß¾î¾ß ÇÒ ¿ä±¸»çÇ×µéÀ» Á¤ÀÇÇÏ°í ÀÖ°í ÀÌ·¯ÇÑ ¿ä±¸»çÇ×µéÀ» ¸ðµÎ ¸¸Á·ÇÏ´Â °æ¿ì Æò°¡±â°üÀº ÇØ´ç ´É·Â¿¡ ´ëÇØ MAEC ȣȯ¼ºÀ» ÀÎÁ¤ÇÏ°Ô µÈ´Ù. ÀÌ ¹Û¿¡µµ MAEC ȣȯ¼º°ú °ü·ÃµÈ Á¤È®¼º(correctness), ¹®¼­È­(documentation), À¯È¿¼º(validation), ´É·Â¿¡ ´ëÇÑ ±¸Ã¼Àû ¿ä±¸»çÇ×, Æò°¡±â°ü ¿ä±¸»çÇ×, Æò°¡ °á°úÀÇ Ãë¼Ò(revocation) µî¿¡ ´ëÇÑ ¿ä±¸»çÇ×µµ Á¤ÀÇÇÏ°í ÀÖ´Ù.
¿µ¹®³»¿ë¿ä¾à One of the main topics of the standard is capabilities that MAEC-compatible security tools should provide. Also, the concepts, roles and responsibilities related to five capabilities are defined. Capability is a specific function or functions of a security product, service or repository. Each capability targets a different use of the MAEC language and these capabilities enable members of the MAEC community to easily understand how a given product is using the MAEC language and how it might suit their needs.

Also, requirements for a capability that should be met are enumerated. And a capability is shown to satisfy all applicable requirements, then the capability shall receive formal acknowledgement of MAEC compatibility from the review authority. In addition, the standard stipulates standard MAEC compatibility related requirements such as correctness, documentation, validity, specific capability requirements, review authority requirements, revocation, etc.
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAE.IT-X.1546.pdf TTAE.IT-X.1546.pdf            

ÀÌÀü
ICÄ«µåÀÇ ±ÝÀ¶ ¼ÒÇÁÆ®¿þ¾î ¸ðµâÀ» À§ÇÑ º¸¾È ¿ä±¸ »çÇ×
´ÙÀ½
½ºÄÉÀÏ·¯ºí ºñµð¿À ÄÚµù ±â¹Ý ¹Ìµð¾î º¸¾È ÇÁ·¹ÀÓ¿öÅ©