WO2011108877A2 - 클라이언트 가상화를 이용한 서버의 논리적 분리 시스템 및 방법 - Google Patents
클라이언트 가상화를 이용한 서버의 논리적 분리 시스템 및 방법 Download PDFInfo
- Publication number
- WO2011108877A2 WO2011108877A2 PCT/KR2011/001490 KR2011001490W WO2011108877A2 WO 2011108877 A2 WO2011108877 A2 WO 2011108877A2 KR 2011001490 W KR2011001490 W KR 2011001490W WO 2011108877 A2 WO2011108877 A2 WO 2011108877A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- server
- virtualization
- client
- client terminal
- filter driver
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
Definitions
- the present invention relates to a network separation system, and in particular, in a computer network system composed of a plurality of client terminals and a virtualized server, an authenticated client terminal is connected to a server only through a virtualization environment.
- the present invention relates to a logical separation system and method of a server using client virtualization that enables a more effective protection of the server by allowing access.
- Network separation technology consists of two or more networks separated according to purpose so that network packet data cannot be transmitted between the networks. Therefore, even if one network is damaged due to hacking or the like, the other network is not damaged.
- Prior art related to network separation technology is disclosed in Korean Patent Publication No. 2007-111603 (published on November 22, 2007).
- the above network separation technology may include logically separating and operating a server that stores important information among servers existing in the same corporate network as exists in another network.
- the conventional network separation technique is a method of restricting access to the server through authentication of the client terminal when the client terminal accesses the server in a network where the client terminal and the server coexist rather than the concept of separating the server into a specific network. .
- the present invention has been made in view of the above, and the server is virtualized in a network composed of a plurality of client terminals and servers, and a client terminal whose server access authority is authenticated can access the server only through a virtual environment.
- a logical separation system of a server using client virtualization comprising: a client terminal including a virtual environment generating unit generating a virtual environment, a local storage unit, and a local from a process executed in the virtual environment.
- a virtualization server including an authentication unit for authenticating the client terminal upon receiving an access request to a storage unit, and a server-side virtualization filter driver for allowing or blocking access to the local storage unit according to an authentication result of the client terminal;
- a logical separation system of servers using client virtualization is provided.
- a logical separation method of a server using client virtualization in a system including a client terminal including a client-side virtualization filter driver and a virtualization server including a server-side virtualization filter driver, Receiving, at the client-side virtualization filter driver, a connection request from the executed process to the virtualization server on the network; when the connection request is received through the virtual environment, perform authentication on the client terminal and perform the connection request. Transmitting the to the server-side virtualization filter driver, checking the authentication result for the client terminal in the server-side virtualization filter driver, and if the authentication result is confirmed, the process to the virtualization server.
- a logical separation method of a server using client virtualization is provided, the method including allowing access of the server.
- the present invention allows a client terminal to access a server only through a virtual environment in a network consisting of a plurality of client terminals and a virtualized server, and when a client terminal attempts to access a server, first authenticates the client terminal and then the server.
- the connection request is sent.
- the authentication information of the client terminal is checked once again so that only the client terminal having the right authority is allowed to access the server.
- FIG. 1 is a block diagram of a logical separation system of a server using client virtualization according to an embodiment of the present invention.
- FIG. 2 is an operation control flowchart for logical separation of a server according to an embodiment of the present invention.
- FIG. 3 is an operation control flowchart for logical separation of a server according to another embodiment of the present invention.
- FIG. 1 is a block diagram of a logical separation system of a server using client virtualization according to an embodiment of the present invention.
- the system of the present invention includes a client terminal 100 and a virtualization server 150 installed with a virtualization filter driver 110.
- the client terminal 100 includes a virtual environment generation unit 102 and a virtualization filter driver 110
- the virtualization server 150 includes a virtualization filter driver 130, a local storage unit 132, an authentication unit 134, and
- the authentication information DB 136 is included.
- the virtualization environment 102 generated by the virtual environment generating unit 101 in the client terminal 100 is driven in a user mode of the client terminal 100, and the client terminal 100 is an intranet. It is a tool for accessing to a virtualized server 150 implemented in an in-house network such as (intranet).
- the virtual environment 102 separates the virtualization server 150 to which the processes 104 and 106 in the client terminal 100 attempt to connect as if they exist on logically different networks so that the processes executed in the client terminal 100 may be servers. 150 to prevent access without any restrictions.
- the virtual environment generation unit 101 In order for a user to access the virtualization server 150 through the client terminal 100, the virtual environment generation unit 101 generates a virtual environment 102, and the virtualization server 150 is generated within the created virtual environment 102. You must run a process 104, such as an explorer, that can access. When the process 106 such as the explorer is executed in the state where the virtual environment 102 is not created, the virtual server 150 does not appear on the explorer, for example, thereby making the connection to the virtual server 150 impossible. .
- a process 104 such as an explorer
- the virtualization filter driver 110 is a server connection control driver which is run in the kernel mode of the client terminal 100 and passes to the virtualization server 150 for all processes 104 and 106 that are executed in the client terminal 100. This will filter the connection.
- the virtualization filter driver 110 may execute the virtual environment ( It is checked whether it is executed through 102 or not through the virtual environment 102.
- the virtualization filter driver 110 transmits only the server connection request from the process 104 executed in the virtual environment 102 of the client terminal 100 to the server 150 on the network through authentication of the corresponding client terminal 100.
- the connection request from the process 106 that is not through the virtual environment 102 is blocked.
- the authentication unit ( An authentication server (134) requests authentication of whether the client terminal 100 is authorized to access the server 150.
- the authentication unit 134 includes an authentication information DB (data base) 136 that stores authentication information for checking whether the client terminals 100 and 120 have access to the server.
- the authenticator 134 is implemented as part of the virtualization server 150 in the present embodiment, the authentication unit 134 may be separated from the client terminal 100 and the virtualization server 150 and exist as an independent server.
- the authentication unit 134 checks the authentication information DB 136 to perform authentication for the client terminal, and transmits the authentication result to the virtualization filter driver 110.
- the virtualization filter driver 110 transmits a server connection request from the process 104 to the server 150, and authentication is normally performed. If not performed, it blocks the connection request from the process 104. Therefore, the server 150 is secured by blocking indiscriminate access from the unauthenticated client terminal 100 to the server 150 that stores important information.
- the authentication unit 134 transmits the result of performing authentication on the client terminal 100 to the virtualization filter driver 130 as well as the virtualization filter driver 110.
- the virtualization filter driver 130 When the virtualization filter driver 130 receives a connection request from the virtualization filter driver 110, the virtualization filter driver 130 receives the authentication result of the client terminal 100 from the authentication unit 134, and according to the authentication result, the server of the client terminal 100 ( Allow or block access to 150).
- the authentication unit 134 confirms the authentication result of the provided client terminal 100 by performing authentication in advance.
- the virtualization filter driver 130 allows a server connection of the corresponding client terminal 100 to provide a local storage provided on the server 150. Access to (132).
- the virtualization filter driver 130 considers that the client terminal 100 does not have the server access authority and accesses the server of the client terminal 100. To block.
- FIGS. 1 and 2 illustrates an operation control flow in a logical separation system of a server using client virtualization according to an embodiment of the present invention.
- FIGS. 1 and 2 illustrates an operation control flow in a logical separation system of a server using client virtualization according to an embodiment of the present invention.
- a process 104 such as a searcher capable of accessing the server 150 is executed to request the connection to the server 150.
- connection request to the server 150 as described above is performed by the execution of the process 104 that can be connected to the server 150, and is transmitted to the virtualization filter driver 110.
- the virtualization filter driver 110 is a server connection control driver that runs in the kernel mode of the client terminal 100 to filter the connection to the server 150 for all processes 104 and 106 executed in the client terminal 100. Perform.
- the virtualization filter driver 110 Upon receiving the server 150 connection request, the virtualization filter driver 110 checks whether the process 104 is executed in the virtual environment 102 or the virtual environment 102 is not created ( S204). The virtualization filter driver 110 blocks the server 150 connection request from the process 106 through the virtual environment 102 (S206).
- the client terminal 100 may access the server 150 by the authenticator 134.
- the authentication is requested whether there is a right (S208).
- the authentication unit 134 authenticates whether the server 150 has access authority with respect to the client terminal 100 requested for authentication, and then transmits the authentication result to the virtualization filter driver 110 (S210). At this time, the authentication result is also transmitted to the virtualization filter driver 130 (S212).
- the authenticator 134 may be implemented as part of the virtualization server 150, or may be present separately from the client terminal 100 and the virtualization server 150 on the network.
- the virtualization filter driver 110 checks the authentication result of the client terminal 100 transmitted from the authentication unit 134 (S214), and blocks the server connection request from the process 104 when authentication is not normally performed. (S216). When the authentication for the client terminal 100 is normally performed, the server access request is allowed from the process 104 (S218), and the server 150 transmits the access request to the server 150 on the network (S220).
- connection request sent to the server 150 on the network is received by the virtualization filter driver 130.
- the virtualization filter driver 130 checks the server access authority of the client terminal 100 once again using the authentication result provided from the authenticator 134.
- the virtualization filter driver 130 checks the authentication result for the client terminal 100 that has requested the server connection provided from the authentication unit 134 (S222), and the client terminal 100 is not normally authenticated. If it is determined that the terminal is not authorized, the server connection of the client terminal 100 is blocked (S224).
- the virtualization filter driver 130 allows the client terminal 100 to access the server (S226) and the server 150. Access to the local storage unit 132 is provided.
- the client terminal 100 is connected to the server 150 (S228), for example, it is possible to use the necessary information among the information stored in the local storage unit 132 of the server 150.
- FIGS. 1 and 3 are flowchart illustrating an operation control flow of blocking a server connection from a client terminal without a virtualization filter driver installed in a logical separation system of a server using client virtualization according to an exemplary embodiment of the present invention.
- FIGS. 1 and 3 an embodiment of the present invention will be described in detail with reference to FIGS. 1 and 3.
- the virtualization filter driver 130 checks whether there is an authentication result for the client terminal 120 requesting the server connection (S302). In this case, since the client terminal 120 requests a direct connection to the server in the state in which the virtualization filter driver 110 is not installed, the virtualization filter driver 130 does not have an authentication result for the client terminal 120. .
- the virtualization filter driver 130 determines that the client terminal 120 does not have the server access right through the virtualization filter driver 110 to block the server connection (S304).
- connection request to the server 150 of the process in the client terminals 100 and 120 may be regarded as the same as the connection request to the local storage unit 132 provided on the server.
- the server is virtualized in a network composed of a plurality of client terminals and servers, so that the server can be accessed only through the virtual environment of the client terminal.
- the client-side virtualization filter driver installed in the client terminal authenticates whether the client terminal has authority to access the server, and then authenticates the server with the server.
- Send a connection request is received by a server side virtualization filter driver installed on the virtualized server.
- the server-side virtualization filter driver checks the authentication information of the corresponding client terminal again through the authentication unit, and allows access to the server only to the client terminal having the right authority. It is possible to more effectively protect the server from the missing client terminal.
Abstract
Description
Claims (10)
- 클라이언트 가상화를 이용한 서버의 논리적 분리 시스템으로서,가상환경을 생성하는 가상환경 생성부를 포함하는 클라이언트 단말과,로컬 저장부와, 상기 가상환경에서 실행된 프로세스로부터 상기 로컬 저장부로의 액세스 요청 수신 시 상기 클라이언트 단말에 대한 인증을 수행하는 인증부와, 상기 클라이언트 단말의 인증 결과에 따라 상기 로컬 저장부로의 액세스를 허용 또는 차단하는 서버측 가상화 필터 드라이버를 포함하는 가상화 서버를 포함하는클라이언트 가상화를 이용한 서버의 논리적 분리 시스템.
- 제 1 항에 있어서,상기 클라이언트 단말은,상기 클라이언트 단말의 가상환경에서 실행된 프로세스로부터의 상기 로컬 저장부로의 액세스 요청을 상기 가상화 서버로 전송하고, 상기 가상환경을 통하지 않은 프로세스로부터의 상기 로컬 저장부로의 액세스 요청은 차단시키는 클라이언트측 가상화 필터 드라이버를 더 포함하는클라이언트 가상화를 이용한 서버의 논리적 분리 시스템.
- 제 2 항에 있어서,상기 클라이언트측 가상화 필터 드라이버는,상기 가상환경에서 실행된 프로세스로부터 상기 로컬 저장부로의 액세스 요청 수신 시, 상기 인증부로 상기 클라이언트 단말에 대한 인증을 요청하고, 상기 인증부로부터 전송된 인증 결과에 따라 상기 클라이언트 단말에 대한 인증이 정상적으로 수행된 경우 상기 로컬 저장부로의 액세스 요청을 상기 서버측 가상화 필터 드라이버로 전송하며, 상기 인증이 정상적으로 수행되지 않은 경우 상기 로컬 저장부로의 액세스 요청을 차단시키는클라이언트 가상화를 이용한 서버의 논리적 분리 시스템.
- 제 2 항에 있어서,상기 클라이언트측 가상화 필터 드라이버는,상기 클라이언트 단말의 커널 모드에서 구동되는클라이언트 가상화를 이용한 서버의 논리적 분리 시스템.
- 제 2 항에 있어서,상기 인증부는,상기 클라이언트 단말의 인증 수행 시 상기 인증 결과를 상기 클라이언트측 가상화 필터 드라이버 및 상기 서버측 가상화 필터 드라이버로 제공하는클라이언트 가상화를 이용한 서버의 논리적 분리 시스템.
- 제 2 항에 있어서,상기 서버측 가상화 필터 드라이버는,상기 클라이언트측 가상화 필터 드라이버가 설치되지 않은 클라이언트 단말로부터 상기 서버 접속 요청 수신 시, 상기 클라이언트 단말에 대한 인증 결과의 유/무를 확인하여 상기 클라이언트 단말의 상기 서버 접속 요청을 차단시키는클라이언트 가상화를 이용한 서버의 논리적 분리 시스템.
- 클라이언트측 가상화 필터 드라이버를 포함하는 클라이언트 단말과 서버측 가상화 필터 드라이버를 포함하는 가상화 서버를 포함하는 시스템에서 클라이언트 가상화를 이용한 서버의 논리적 분리 방법으로서,상기 클라이언트 단말에서 실행된 프로세스로부터 네트워크상의 상기 가상화 서버로의 접속 요청을 상기 클라이언트측 가상화 필터 드라이버에서 수신하는 단계와,상기 접속 요청이 가상환경을 통해 수신된 경우, 상기 클라이언트 단말에 대한 인증을 수행하고 상기 접속 요청을 상기 서버측 가상화 필터 드라이버로 전송하는 단계와,상기 서버측 가상화 필터 드라이버에서 상기 클라이언트 단말에 대한 인증결과를 확인하는 단계와,상기 인증 결과가 확인되는 경우, 상기 프로세스에 대해 상기 가상화 서버로의 접속을 허용하는 단계를 포함하는클라이언트 가상화를 이용한 서버의 논리적 분리 방법.
- 제 7 항에 있어서,상기 접속 요청을 상기 서버측 가상화 필터 드라이버로 전송하는 단계는,상기 클라이언트측 가상화 필터 드라이버에서 상기 프로세스가 상기 가상환경에서 실행된 프로세스인지를 검사하는 단계와,상기 가상환경에서 실행된 프로세스인 경우, 상기 클라이언트 단말에 대한 인증을 수행하는 단계와,상기 클라이언트 단말이 인증된 경우, 상기 접속 요청을 상기 서버측 가상화 필터 드라이버로 전송하는 단계를 포함하는클라이언트 가상화를 이용한 서버의 논리적 분리 방법.
- 제 8 항에 있어서,상기 프로세스 검사단계에서,상기 프로세스가 상기 가상환경에서 실행된 프로세스가 아닌 경우, 상기 클라이언트측 가상화 필터 드라이버는 상기 프로세스로부터의 상기 접속 요청을 차단시키는클라이언트 가상화를 이용한 서버의 논리적 분리 방법.
- 제 7 항에 있어서,상기 클라이언트 단말에 대한 인증 결과 확인단계에서,상기 클라이언트 단말이 인증되지 않은 경우, 상기 서버측 가상화 필터 드라이버는, 상기 프로세스로부터의 상기 서버로의 접속을 차단시키는클라이언트 가상화를 이용한 서버의 논리적 분리 방법.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/582,609 US8713640B2 (en) | 2010-03-05 | 2011-03-04 | System and method for logical separation of a server by using client virtualization |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020100019877A KR101089157B1 (ko) | 2010-03-05 | 2010-03-05 | 클라이언트 가상화를 이용한 서버의 논리적 망분리 시스템 및 방법 |
KR10-2010-0019877 | 2010-03-05 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2011108877A2 true WO2011108877A2 (ko) | 2011-09-09 |
WO2011108877A3 WO2011108877A3 (ko) | 2012-02-09 |
Family
ID=44542734
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2011/001490 WO2011108877A2 (ko) | 2010-03-05 | 2011-03-04 | 클라이언트 가상화를 이용한 서버의 논리적 분리 시스템 및 방법 |
Country Status (3)
Country | Link |
---|---|
US (1) | US8713640B2 (ko) |
KR (1) | KR101089157B1 (ko) |
WO (1) | WO2011108877A2 (ko) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101290963B1 (ko) * | 2012-03-26 | 2013-07-30 | 제주대학교 산학협력단 | 가상화 기반 망분리 시스템 및 방법 |
KR101373068B1 (ko) * | 2012-08-27 | 2014-03-11 | 주식회사 신한은행 | 망분리 시스템, 망분리를 위한 더미 웹서버 및 망분리 방법 |
US9507949B2 (en) * | 2012-09-28 | 2016-11-29 | Intel Corporation | Device and methods for management and access of distributed data sources |
KR101394369B1 (ko) | 2012-11-13 | 2014-05-13 | 주식회사 파수닷컴 | 가상 폴더를 이용한 보안 콘텐츠 관리 장치 및 방법 |
WO2014163256A1 (ko) * | 2013-04-01 | 2014-10-09 | 주식회사 앤솔루션 | 가상 사설망을 이용한 네트워크 기반 망분리 시스템 및 방법 |
KR101480443B1 (ko) * | 2013-09-17 | 2015-01-09 | 주식회사 하나은행 | 하이브리드 망 분리 시스템 및 그 방법 |
KR101498965B1 (ko) * | 2014-06-27 | 2015-03-04 | 김영자 | 가상화 기술을 이용한 내외부망 격리 시스템 및 방법 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070010023A (ko) * | 2004-03-03 | 2007-01-19 | 프랑스 뗄레꽁(소시에떼 아노님) | 서비스로의 액세스를 위해 가상 네트워크로의 액세스를가능하게 하는 클라이언트에 대한 인가 방법 및 시스템 |
KR20070058390A (ko) * | 2007-03-23 | 2007-06-08 | 김용구 | 클라이언트 컴퓨터의 가상화와 서버 연동을 이용한 작업연속성과 일관성을 유지하는 시스템 및 그 방법 |
KR20070111603A (ko) * | 2006-05-18 | 2007-11-22 | 이상규 | 클라이언트 및 서버의 보안시스템 |
KR20090027946A (ko) * | 2007-09-13 | 2009-03-18 | 어울림정보기술주식회사 | 정보 자원 관리 시스템 |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7461148B1 (en) * | 2001-02-16 | 2008-12-02 | Swsoft Holdings, Ltd. | Virtual private server with isolation of system components |
US6922774B2 (en) * | 2001-05-14 | 2005-07-26 | The United States Of America As Represented By The National Security Agency | Device for and method of secure computing using virtual machines |
ES2218484T3 (es) * | 2002-03-26 | 2004-11-16 | Soteres Gmbh | Un metodo de proteger la integridad de un programa de ordenador. |
US20050080982A1 (en) * | 2003-08-20 | 2005-04-14 | Vasilevsky Alexander D. | Virtual host bus adapter and method |
US8776050B2 (en) * | 2003-08-20 | 2014-07-08 | Oracle International Corporation | Distributed virtual machine monitor for managing multiple virtual resources across multiple physical nodes |
US8046837B2 (en) * | 2005-08-26 | 2011-10-25 | Sony Corporation | Information processing device, information recording medium, information processing method, and computer program |
KR20080085780A (ko) * | 2007-03-20 | 2008-09-24 | 이상규 | 운영체제의 가상화 방법 |
KR101489301B1 (ko) * | 2008-03-20 | 2015-02-06 | 삼성전자주식회사 | 가상환경 시스템 및 그의 구동방법 |
US20100274886A1 (en) * | 2009-04-24 | 2010-10-28 | Nelson Nahum | Virtualized data storage in a virtualized server environment |
US8090797B2 (en) * | 2009-05-02 | 2012-01-03 | Citrix Systems, Inc. | Methods and systems for launching applications into existing isolation environments |
US8824492B2 (en) * | 2010-05-28 | 2014-09-02 | Drc Computer Corporation | Accelerator system for remote data storage |
-
2010
- 2010-03-05 KR KR1020100019877A patent/KR101089157B1/ko active IP Right Grant
-
2011
- 2011-03-04 US US13/582,609 patent/US8713640B2/en active Active
- 2011-03-04 WO PCT/KR2011/001490 patent/WO2011108877A2/ko active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070010023A (ko) * | 2004-03-03 | 2007-01-19 | 프랑스 뗄레꽁(소시에떼 아노님) | 서비스로의 액세스를 위해 가상 네트워크로의 액세스를가능하게 하는 클라이언트에 대한 인가 방법 및 시스템 |
KR20070111603A (ko) * | 2006-05-18 | 2007-11-22 | 이상규 | 클라이언트 및 서버의 보안시스템 |
KR20070058390A (ko) * | 2007-03-23 | 2007-06-08 | 김용구 | 클라이언트 컴퓨터의 가상화와 서버 연동을 이용한 작업연속성과 일관성을 유지하는 시스템 및 그 방법 |
KR20090027946A (ko) * | 2007-09-13 | 2009-03-18 | 어울림정보기술주식회사 | 정보 자원 관리 시스템 |
Also Published As
Publication number | Publication date |
---|---|
US20120331522A1 (en) | 2012-12-27 |
WO2011108877A3 (ko) | 2012-02-09 |
KR101089157B1 (ko) | 2011-12-02 |
KR20110100839A (ko) | 2011-09-15 |
US8713640B2 (en) | 2014-04-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2011108877A2 (ko) | 클라이언트 가상화를 이용한 서버의 논리적 분리 시스템 및 방법 | |
CN101802837B (zh) | 通过对设备的动态地址隔离来提供网络和计算机防火墙保护的系统和方法 | |
US5826014A (en) | Firewall system for protecting network elements connected to a public network | |
US6883098B1 (en) | Method and computer system for controlling access by applications to this and other computer systems | |
CN105430011B (zh) | 一种检测分布式拒绝服务攻击的方法和装置 | |
KR101089154B1 (ko) | 가상환경을 이용한 네트워크 기반 망분리 장치, 시스템 및 방법 | |
KR100929916B1 (ko) | 개인 휴대 단말기에서 접근 상황분석을 통한 중요정보외부유출 차단 시스템 및 방법 | |
US20050138402A1 (en) | Methods and apparatus for hierarchical system validation | |
CN1703867A (zh) | 防火墙 | |
WO2011008017A2 (ko) | 호스트 기반의 네트워크 분리 장치 및 방법 | |
WO2002078293A1 (en) | Method and system for securely permitting mobile code to access network resources | |
CN110012016B (zh) | 混合云环境中资源访问控制的方法及系统 | |
WO2021112494A1 (ko) | 엔드포인트에 기반한 관리형 탐지 및 대응 시스템과 방법 | |
CN108833395B (zh) | 一种基于硬件接入卡的外网接入认证系统及认证方法 | |
KR101286978B1 (ko) | 가상화를 이용한 다중망 연계장치 및 방법 | |
WO2014030978A1 (ko) | 이동식 저장매체 보안시스템 및 그 방법 | |
WO2022169017A1 (ko) | 데이터 보호 시스템 | |
WO2020013354A1 (ko) | 차량용 방화벽의 동작 방법 | |
Duan et al. | Architecture for Multilevel Secure System Design | |
CN115242730A (zh) | 基于正向代理技术的安全式互联网接入方法及其系统 | |
CN115378622A (zh) | 访问控制方法、装置、设备及计算机程序产品 | |
CN116155544A (zh) | 一种船舶控制系统安全信息交互方法 | |
EP1547340B1 (en) | Method, system and computer program product for transmitting a media stream between client terminals | |
CN117375922A (zh) | 一种基于软件定义边界的电力互联网络中对攻击主机的隐蔽监控的系统及方法 | |
WO2016032233A2 (ko) | 데이터 관리 방법, 이를 위한 컴퓨터 프로그램, 그 기록매체, 데이터 관리 방법을 실행하는 사용자 클라이언트, 보안 정책 서버 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 13582609 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 13-11-12) |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11750934 Country of ref document: EP Kind code of ref document: A2 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11750934 Country of ref document: EP Kind code of ref document: A2 |