WO2019088671A1 - Procédé de fourniture de service de sécurité de réseau et appareil pour cela - Google Patents

Procédé de fourniture de service de sécurité de réseau et appareil pour cela Download PDF

Info

Publication number
WO2019088671A1
WO2019088671A1 PCT/KR2018/013037 KR2018013037W WO2019088671A1 WO 2019088671 A1 WO2019088671 A1 WO 2019088671A1 KR 2018013037 W KR2018013037 W KR 2018013037W WO 2019088671 A1 WO2019088671 A1 WO 2019088671A1
Authority
WO
WIPO (PCT)
Prior art keywords
nsf
security
management system
i2nsf
information
Prior art date
Application number
PCT/KR2018/013037
Other languages
English (en)
Korean (ko)
Inventor
정재훈
현상원
노태균
위사랑
Original Assignee
성균관대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 성균관대학교 산학협력단 filed Critical 성균관대학교 산학협력단
Publication of WO2019088671A1 publication Critical patent/WO2019088671A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network

Definitions

  • the present invention relates to a system, method and apparatus for providing a network security service, and more particularly, to an information model for a registration interface of network security functions (NSF) in an I2NSF (Interface to Network Security Functions) And a data model.
  • NSF network security functions
  • I2NSF Interface to Network Security Functions
  • a method performed by a security controller includes: Transmitting an instantiation request message for the NSF to the developer's management system; And receiving from the developer management system a registration message indicating the registration of an NSF instance for the required NSF in response to the request message, May be generated by the management system.
  • the NSF instance generated by the developer management system is consistent with the capability information or the signature and the NSF based on a predetermined information model.
  • the method further comprises transmitting a de-instantiation request message to the developer management system for an unnecessary NSF in the security management system, wherein the NSF instance corresponding to the reverse instantiation request message is sent to the developer management system And then deleted.
  • the registration message includes NSF capability information indicating security capabilities of the NSF instance, NSF access information used for network access to a new instance, or a role assigned to an entity And NSF role-based Access Control List (ACL) information that specifies an NSF's access policy to determine whether to allow entity access to the NSF.
  • NSF capability information indicating security capabilities of the NSF instance
  • NSF access information used for network access to a new instance or a role assigned to an entity And NSF role-based Access Control List (ACL) information that specifies an NSF's access policy to determine whether to allow entity access to the NSF.
  • ACL Access Control List
  • the NSF capability information includes at least one of a Network-Security Capabilities field, a Content-Security Capabilities field, an Attack Mitigation Capabilities field, or performance capabilities. .
  • the performance capability may include processing information and bandwidth information.
  • a security controller for managing a network security function (NSF) through a registration interface, comprising: a communication unit for wirelessly or wiredly communicating with an external device; And a processor operatively connected to the communication unit, wherein the processor transmits an instantiation request message for the NSF required for the security management system to a developer's management system, From the developer management system, a registration message indicating the registration of an NSF instance for the required NSF in response to the instantiation request message, wherein the NSF instance can be generated by the developer management system based on the instantiation request message.
  • NSF network security function
  • I2NSF Interface to Network Security Functions
  • the elements of the I2NSF framework can exchange NSF capability sets in a standardized manner.
  • FIG. 1 illustrates an I2NSF (Interface to Network Security Functions) system according to an embodiment of the present invention.
  • I2NSF Interface to Network Security Functions
  • FIG. 2 illustrates the architecture of an I2NSF system according to another embodiment of the present invention.
  • FIG. 5 is a diagram illustrating an instance management sub-model according to an embodiment of the present invention.
  • FIG. 6 is a diagram illustrating a registration sub-model according to an embodiment of the present invention.
  • FIG. 7 is a diagram illustrating an NSF profile, in accordance with one embodiment of the present invention.
  • FIG. 8 is a diagram schematically showing performance capability information according to an embodiment of the present invention.
  • FIGS. 9 and 10 are views illustrating a Role-based Access Control List (ACL) according to an embodiment of the present invention.
  • ACL Role-based Access Control List
  • FIG. 11 is a diagram illustrating a high-level YANG data model of a registration interface according to an embodiment of the present invention.
  • FIG. 14 is a diagram illustrating a high-level YANG data model of NSF capability information according to an embodiment of the present invention.
  • 15 is a diagram illustrating a high-level YANG data model of NSF access information according to an embodiment of the present invention.
  • 16 is a diagram illustrating a high-level YANG data model of an NSF performance capability according to an embodiment of the present invention.
  • 17 is a diagram illustrating a high level YANG data model of a role based ACL according to an embodiment of the present invention.
  • FIG. 18 is a diagram illustrating a data model of an I2NSF registration interface according to an embodiment of the present invention.
  • 19 is a diagram illustrating XML output for a registration interface according to an embodiment of the present invention.
  • FIG. 20 illustrates a block diagram of a network device according to an embodiment of the present invention.
  • NFV Network Functions Virtualization
  • I2NSF Interface to Network Security Functions
  • the purpose of the I2NSF is to define a standardized interface for a heterogeneous network security function (NSF) provided by a number of security solution vendors.
  • NSF network security function
  • the present specification also proposes a security management architecture based on the I2NSF framework.
  • the security management architecture may include an I2NSF user, a Security Management System, and / or the instance (s) of the NSF (s) in the lowest layer of the framework.
  • the security management system may include a security controller and a developer's management system.
  • the security controller may include a Security Policy Manager and an NSF Capability Manager.
  • the present specification also proposes a data model for performing a mission for security services (e.g., VoIP-VoLTE) in the I2NSF security management system.
  • a mission for security services e.g., VoIP-VoLTE
  • Application Logic A component of the security management architecture that creates a user perspective security policy to block or mitigate security attacks.
  • the user perspective policy is retrieved from the application logic.
  • - Security Policy Manager A component that maps user-perspective security policies received from the policy updater to lower-level security policies and vice versa.
  • NSF Capability Manager A component that stores the NSF capabilities registered by the developer management system via the registration interface and shares it with the Security Policy Manager to create a corresponding low-level security policy.
  • Event Collector A component that receives events from a security controller, used to update (or create) a user perspective policy in the application logic.
  • NSF Network security function
  • the NSF may operate in various layers of various protocol stacks (e.g., a network layer or another Open System Interconnection (OSI) layer, etc.).
  • OSI Open System Interconnection
  • an NSF a firewall, an Intrusion Prevention System (IPS) / Intrusion Detection System (IDS), a Deep Packet Inspection (DPI) Application Visibility and Control (AVC), Network Virus and Malware Scanning, Sandbox, Data Loss Prevention (DLP), Distribute Denial of Service (DDoS) Mitigation, Transport Layer Security (TLS) proxies, anti-spoofing, and the like.
  • IPS Intrusion Prevention System
  • IDDS Intrusion Detection System
  • DPI Deep Packet Inspection
  • AVC Application Visibility and Control
  • Sandbox Sandbox
  • DLP Data Loss Prevention
  • DLP Distribute Denial of Service
  • TLS Transport Layer Security
  • the architecture / framework of the I2NSF system and the respective components of the I2NSF system will be described. It also demonstrates how the I2NSF facilitates the implementation of security functions in a technology- and vendor-independent manner in Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) environments, ).
  • SDN Software-Defined Networking
  • NFV Network Functions Virtualization
  • the I2NSF framework is used by a user (e.g., an application, an overlay or a cloud network management system, or an enterprise network manager or management system) of the I2NSF system to inform the I2NFS system which traffic (or traffic pattern) Requires a standard interface.
  • the I2NSF system can recognize this standard interface as a set of security rules for monitoring and controlling the behavior of different traffic.
  • the I2NSF framework also provides a standard interface for monitoring flow-based security functions where users are hosted and managed by different administrative domains.
  • FIG. 1 illustrates an I2NSF (Interface to Network Security Functions) system according to an embodiment of the present invention.
  • I2NSF Interface to Network Security Functions
  • the I2NSF user communicates with the network operations management system through the I2NSF Consumer-Facing Interface.
  • the network operations management system communicates with the NSF (s) through the I2NSF NSF-Facing Interface (I2NSF).
  • the developer management system communicates with the network operations management system through the I2NSF registration interface.
  • the I2NSF user may request information (e.g., NSF information) from another I2NSF component (e.g., a network operations management system) and / or a security service provided by another I2NSF component (e.g., developer management system) Service). ≪ / RTI >
  • an I2NSF user may be an overlay network management system, an enterprise network manager system, another network domain administrator, and so on.
  • the I2NSF user may be referred to as an I2NSF client.
  • I2NSF consumer An entity that performs a role assigned to this I2NSF user component may be referred to as an I2NSF consumer.
  • An example of an I2NSF consumer is the need to dynamically inform the underlay network to allow, rate-limit, or deny flow based on a particular field of a packet during a time span
  • a video-conference network manager, enterprise network administrators and management systems that need to request a provider network to enforce specific I2NSF policies for a particular flow
  • An IoT management system (IoT management system) that sends a request to an underlay network to block flows that match a set of specific conditions.
  • I2NSF users can create and deploy high-level security policies. Specifically, I2NSF users need to use network security services to protect network traffic from a variety of malicious attacks. To request this security service, the I2NSF user can create a high-level security policy for the desired security service and notify the network operation management system thereof.
  • the I2NSF user considers the type of NSF (s) required to implement the security policy rule configuration for each NSF (s) or security policy rule configuration I can not.
  • One of the key roles of a network operations management system is to translate high-level security policies (or policy rules) from I2NSF users into low-level security policy rules for specific NSF (s) ).
  • the network operations management system may first determine the type of NSF (s) required to enforce the policies required by the I2NSF user.
  • the network operations management system may then create a low-level security policy for each required NSF (s).
  • the network operations management system may set the generated lower level security policy to each NSF (s).
  • I2NSF NSF-facing interface implies, NSF-facing interface (NFI)
  • an information model refers to an expression of a concept of interest in the environment in a form independent of a data repository, a data definition language, a query language, an implementation language, and a protocol.
  • an NSF instance may be created that is necessary in enforcing the security policy rules received from the I2NSF user. That is, in the I2NSF framework, the I2NSF user can determine the security services required for the system. If there is no NSF instance to enforce the security policy requested by the I2NSF user, the security controller may request the developer management system via the registration interface to create the required NSF instance.
  • the NSF instance may be updated. After the NSF instance is registered with the I2NSF framework, the functionality of the NSF instance may change. These changes should be reported to the security controller. To do this, the developer management system can update some NSF instances and notify the security controller of the update via the registration interface.
  • the conventional I2NSF registration interface was used only to register a new NSF instance in the security controller.
  • embodiments of the present invention propose an information model that can be extended at any time to support NSF instantiation / reverse instantiation.
  • the creation / removal of the NSF instance can be performed based on the instance management sub model among the registered interface information models, and the details configuring the NSF profile based on the registration sub model can be defined.
  • the security controller may send an instantiation / re-instantiation request message to the developer management system as needed.
  • the instantiation / re-instantiation request message may include NSF capability information.
  • the developer management system that receives the request from the security controller may generate a corresponding NSF instance based on the NSF capability information and send a response message including information related to the processing result to the security controller.
  • FIG. 6 is a diagram illustrating a registration sub-model according to an embodiment of the present invention.
  • the NSF capability information indicates the ability to probe a new NSF instance.
  • the NSF access information represents information that enables network access to a new instance of another component.
  • NSF role-based ACL information specifies NSF's access policy to determine whether to allow or deny entity access to NSF based on the role assigned to the entity. Detailed model of NSF capability information, NSF access information, and NSF role based ACL information will be described in detail later.
  • the NSF access information indicates information required to perform communication with the NSF.
  • the NSF access information includes an Internet Protocol version 4 (IPv4) address, an Internet Protocol version 6 (IPv6) address, a port number, and / . ≪ / RTI >
  • NSF Capability Information (or NSF Instance Capability)
  • the NSF profile (or NSF capability information) indicating the checking capability of the NSF instance may include capability objects of various NSF instances.
  • an NSF profile (or an NSF capability object) may include at least one of Network-Security Capabilities, Content-Security Capabilities, Attack Mitigation Capabilities, and performance capabilities. . ≪ / RTI >
  • the network security capability indicates the ability to examine and process network traffic using a predefined security policy.
  • Content Security Capability Indicates the ability to analyze traffic content delivered at the application layer.
  • attack mitigation capabilities represent the ability to detect and mitigate various types of network attacks.
  • FIG. 8 is a diagram schematically showing performance capability information according to an embodiment of the present invention.
  • the registration interface proposed in this specification can control the use and restriction of the created instance, and can make an appropriate request according to the status.
  • FIGS. 9 and 10 are views illustrating a Role-based Access Control List (ACL) according to an embodiment of the present invention.
  • ACL Role-based Access Control List
  • the high level YANG data model of the I2NSF registration interface may include a registration request field (or object, information) and an instance management request field (or object, information).
  • the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
  • the object / field / information included in the YANG data model shown in Fig. 11 and the relationship therebetween can be explained by the contents shown in Fig. 11 and / or the contents described in Figs. 3 to 10 above. 1 to 10 will be omitted from the description overlapping with the above description.
  • the registration request field of FIG. 11 described above may be extended as shown in FIG.
  • the registration request (or the registration request object / field / information) may include capability information of the newly created NSF to inform the security controller of the capability.
  • the registration request may also include network access information that allows the security controller to access the NSF.
  • the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
  • the object / field / information included in the YANG data model shown in Fig. 12 and the relationship therebetween can be explained by the contents shown in Fig. 12 and / or the contents described in Figs. 3 to 10 above. 1 to 10 will be omitted from the description overlapping with the above description.
  • FIG. 13 is a diagram illustrating a high-level YANG data model of an instance management request according to an embodiment of the present invention.
  • the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
  • the object / field / information included in the YANG data model shown in FIG. 13 and the relationship therebetween can be explained by the contents shown in FIG. 13 and / or the contents described in FIG. 3 to FIG. 1 to 10 will be omitted from the description overlapping with the above description.
  • FIG. 14 is a diagram illustrating a high-level YANG data model of NSF capability information according to an embodiment of the present invention.
  • the NSF capability information field (or object, information) of FIGS. 12 and 13 described above can be extended as shown in FIG. [0064] [0052] If looking, the NSF capability information field may include an I2NSF capability field (or object, information), a performance capability field (or object, information).
  • the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
  • the object / field / information included in the YANG data model shown in Fig. 14 and the relationship therebetween can be explained by the contents shown in Fig. 14 and / or the contents described in Figs. 3 to 10 above. 1 to 10 will be omitted from the description overlapping with the above description.
  • 15 is a diagram illustrating a high-level YANG data model of NSF access information according to an embodiment of the present invention.
  • the NSF access information field (or object, information) of Figs. 12 and 13 described above can be extended as shown in Fig. [0042]
  • the NSF access information field may include an NSF address field (or object, information), an NSF port address field (or object, information).
  • the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig. Furthermore, the object / field / information included in the YANG data model shown in Fig. 15 and the relationship therebetween can be explained by the contents shown in Fig. 15 and / or the contents described in Figs. 3 to 10 above. 1 to 10 will be omitted from the description overlapping with the above description.
  • 16 is a diagram illustrating a high-level YANG data model of an NSF performance capability according to an embodiment of the present invention.
  • 17 is a diagram illustrating a high level YANG data model of a role based ACL according to an embodiment of the present invention.
  • the high level YANG data model of the registration interface may include a role based ACL as shown in FIG.
  • FIG. 18 is a diagram illustrating a data model of an I2NSF registration interface according to an embodiment of the present invention.
  • the YANG module for the information model of the data required for the registration interface between the security controller and the developer management system may be as shown in Fig.
  • the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
  • the object / field / information included in the YANG module shown in Fig. 18 and the relationship therebetween can be explained by the contents shown in Fig. 18 and / or the contents described in Figs. 3 to 10 above. 1 to 10 will be omitted from the description overlapping with the above description.
  • 19 is a diagram illustrating XML output for a registration interface according to an embodiment of the present invention.
  • the IDS NSF can be registered using the VoIP / VoLTE security capability through the registration interface.
  • the configuration XML for the above-described registration interface is as shown in FIG.
  • the I2NSF system has the architecture of the I2NSF system described above in Fig. 1 or Fig.
  • the object / field / information included in the YANG module shown in FIG. 19 and the relationship therebetween can be explained by the contents shown in FIG. 19 and / or the contents described in FIG. 3 to FIG. 1 to 10 will be omitted from the description overlapping with the above description.
  • the network device corresponds to the above-described I2NSF system (or security management system), or may be a device included in the I2NSF system.
  • I2NSF system or security management system
  • Examples of the devices included in the I2NSF system may include the above-described I2NSF, security controller, developer management system, NSF, and the like.
  • the memory 2020 may be internal or external to the processor 2010 and may be coupled to the processor 2010 by various well known means.
  • Embodiments in accordance with the present invention may be implemented by various means, for example, hardware, firmware, software, or a combination thereof.
  • an embodiment of the present invention may include one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs) field programmable gate arrays, processors, controllers, microcontrollers, microprocessors, and the like.
  • ASICs application specific integrated circuits
  • DSPs digital signal processors
  • DSPDs digital signal processing devices
  • PLDs programmable logic devices
  • an embodiment of the present invention may be embodied in the form of a module, a procedure, a function, and the like for performing the functions or operations described above, Lt; / RTI >
  • the recording medium may include program commands, data files, data structures, and the like, alone or in combination.
  • Program instructions to be recorded on a recording medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software.
  • a device or terminal according to the present invention may be driven by instructions that cause one or more processors to perform the functions and processes described above.
  • Such instructions may include, for example, interpreted instructions such as script commands, such as JavaScript or ECMAScript commands, or other instructions stored in executable code or computer readable media.
  • the apparatus according to the present invention may be implemented in a distributed manner across a network, such as a server farm, or may be implemented in a single computer device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un système de gestion de sécurité permettant de gérer une fonction de sécurité de réseau (NSF) par l'intermédiaire d'une interface d'enregistrement. Spécifiquement, un procédé effectué par un contrôleur de sécurité comprend les étapes suivantes : transmettre un message de demande d'instanciation pour la NSF nécessaire pour un système de gestion de sécurité à un système de gestion de développeur ; et recevoir, du système de gestion de développeur, un message d'enregistrement indiquant l'enregistrement d'une instance de NSF pour la NSF nécessaire en réponse au message de demande, l'instance de NSF pouvant être produite par le système de gestion de développeur en fonction du message de demande d'instanciation.
PCT/KR2018/013037 2017-10-30 2018-10-30 Procédé de fourniture de service de sécurité de réseau et appareil pour cela WO2019088671A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR20170142840 2017-10-30
KR10-2017-0142840 2017-10-30

Publications (1)

Publication Number Publication Date
WO2019088671A1 true WO2019088671A1 (fr) 2019-05-09

Family

ID=66332144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2018/013037 WO2019088671A1 (fr) 2017-10-30 2018-10-30 Procédé de fourniture de service de sécurité de réseau et appareil pour cela

Country Status (2)

Country Link
KR (1) KR102184114B1 (fr)
WO (1) WO2019088671A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110290048A (zh) * 2019-05-17 2019-09-27 国家工业信息安全发展研究中心 政府网络安全信息通报系统
US20210029175A1 (en) * 2019-07-24 2021-01-28 Research & Business Foundation Sungkyunkwan University Security policy translation in interface to network security functions

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110042070A (ko) * 2008-07-01 2011-04-22 인터내셔널 비지네스 머신즈 코포레이션 새로운 네트워크 자원이 서비스 랜드스케이프 인스턴스에 제공되는 경우 동적으로 네트워크 보안 정책 규칙을 갱신하는 방법
KR20140075809A (ko) * 2011-11-01 2014-06-19 제이브이엘 벤쳐스, 엘엘씨 보안 요소를 관리하기 위한 시스템, 방법 및 컴퓨터 프로그램 제품
KR20150105421A (ko) * 2013-01-11 2015-09-16 후아웨이 테크놀러지 컴퍼니 리미티드 네트워크 장치에 대한 네트워크 기능 가상화
KR20170010806A (ko) * 2014-05-28 2017-02-01 후아웨이 테크놀러지 컴퍼니 리미티드 네트워크 관리 시스템을 가상화하기 위한 방법, 장치 및 시스템
KR20170095852A (ko) * 2014-12-11 2017-08-23 비트데펜더 아이피알 매니지먼트 엘티디 네트워크 종점들의 보안 보호와 원격 관리를 위한 사용자 인터페이스

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110042070A (ko) * 2008-07-01 2011-04-22 인터내셔널 비지네스 머신즈 코포레이션 새로운 네트워크 자원이 서비스 랜드스케이프 인스턴스에 제공되는 경우 동적으로 네트워크 보안 정책 규칙을 갱신하는 방법
KR20140075809A (ko) * 2011-11-01 2014-06-19 제이브이엘 벤쳐스, 엘엘씨 보안 요소를 관리하기 위한 시스템, 방법 및 컴퓨터 프로그램 제품
KR20150105421A (ko) * 2013-01-11 2015-09-16 후아웨이 테크놀러지 컴퍼니 리미티드 네트워크 장치에 대한 네트워크 기능 가상화
KR20170010806A (ko) * 2014-05-28 2017-02-01 후아웨이 테크놀러지 컴퍼니 리미티드 네트워크 관리 시스템을 가상화하기 위한 방법, 장치 및 시스템
KR20170095852A (ko) * 2014-12-11 2017-08-23 비트데펜더 아이피알 매니지먼트 엘티디 네트워크 종점들의 보안 보호와 원격 관리를 위한 사용자 인터페이스

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110290048A (zh) * 2019-05-17 2019-09-27 国家工业信息安全发展研究中心 政府网络安全信息通报系统
US20210029175A1 (en) * 2019-07-24 2021-01-28 Research & Business Foundation Sungkyunkwan University Security policy translation in interface to network security functions
US11632402B2 (en) * 2019-07-24 2023-04-18 Research & Business Foundation Sungkyunkwan University Security policy translation in interface to network security functions

Also Published As

Publication number Publication date
KR20190049579A (ko) 2019-05-09
KR102184114B1 (ko) 2020-11-27
KR102184114B9 (ko) 2022-04-11

Similar Documents

Publication Publication Date Title
WO2021060857A1 (fr) Système de gestion de flux de commande de nœud à base de code d'exécution à distance et procédé associé
WO2013085281A1 (fr) Procédé et dispositif de sécurité dans un service informatique en nuage
KR102136039B1 (ko) 소프트웨어 정의 네트워크에서의 보안
WO2019066295A1 (fr) Système et procédé de journalisation de trafic web permettant de détecter un piratage web en temps réel
WO2023038387A1 (fr) Système de commande d'accès réseau d'application sur la base d'un flux de données, et procédé associé
WO2018101565A1 (fr) Structure de gestion de sécurité dans un environnement de virtualisation de réseau
US7474655B2 (en) Restricting communication service
WO2014069777A1 (fr) Commande de transit pour des données
WO2013065915A1 (fr) Procédé d'interfonctionnement de confiance entre une région de confiance et une région non de confiance, procédé, serveur et terminal pour commander le téléchargement d'applications de confiance, et système de commande les appliquant
WO2023033586A1 (fr) Système de commande d'accès réseau d'une application d'après une commande de session tcp, et procédé associé
US11102174B2 (en) Autonomous alerting based on defined categorizations for network space and network boundary changes
WO2022071985A1 (fr) Optimisation dynamique d'accès d'application de client par l'intermédiaire d'un contrôleur d'optimisation de réseau (noc) de périphérie de service d'accès sécurisé (sase)
WO2016013846A1 (fr) Procédé de traitement de message de demande dans un système de communications sans fil, et appareil associé
WO2016064235A2 (fr) Procédé de gestion d'une ressource enfant d'un membre d'un groupe dans un système de communication sans fil, et dispositif associé
WO2023033588A1 (fr) Système de commande de flux de données dans un terminal de virtualisation, et procédé associé
WO2021261728A1 (fr) Dispositif de communication sécurisée pour une fournir une fonction sécurisée multifonctions, et procédé de fonctionnement associé
WO2019098678A1 (fr) Procédé permettant de fournir un service de sécurité et dispositif associé
WO2019088671A1 (fr) Procédé de fourniture de service de sécurité de réseau et appareil pour cela
WO2022114689A1 (fr) Procédé et dispositif de détection de logiciel malveillant basée sur une image, et système de détection de point d'extrémité basé sur une intelligence artificielle et système de réponse l'utilisant
WO2016126021A1 (fr) Procédé et appareil de traitement de requête pour l'arrêt de réception de notification dans un système de communication sans fil
WO2023211124A1 (fr) Système de commande de connexion de réseau basée sur un contrôleur et procédé associé
WO2023090755A1 (fr) Système de contrôle d'accès au réseau d'instance de virtualisation, et procédé associé
WO2023146304A1 (fr) Système de commande de transmission et de réception d'un fichier d'une application et procédé associé
WO2014077544A1 (fr) Procédé de configuration d'un profil de module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et appareil l'utilisant
WO2023177238A1 (fr) Système de commande de connexion au réseau basé sur un contrôleur, et son procédé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18873268

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18873268

Country of ref document: EP

Kind code of ref document: A1