文章基本信息

标题：A Study of the Airport Model Based on Security Risk
本地全文：下载
作者：Yong-Suk Kang ; Yang-Ha Chun ; Yong-Tae Shin 等
期刊名称：International Journal of Software Engineering and Its Applications
印刷版ISSN：1738-9984
出版年度：2014
卷号：8
期号：11
页码：67-74
DOI：10.14257/ijseia.2014.8.11.06
出版社：SERSC
摘要：The recent APT attacks including cyber terror are caused by a high level of malicious codes and hacking techniques. The substantive problem is that there are frequent cases in which accounts are seized by malicious hackers and servers are attacked due to a high dependence on the ID/Password system, or account information is exposed through new malicious codes that are not detected by vaccines. This implies that essentially, advanced security management is required, from the perspective of 5A. According to the consideration and research on the big information Security accident cases that have occurred over the last 5 years, the paralysis of A-Bank networks resulted from the non-observance of account management policy, even though there was an account management process, and the user information leakage of B-Portal was caused by APT attacks using malicious codes, but it could prevent it by using the Multi-Factor certification of users to have access to DB or server using OTP, rather than ID/Password. Also, the customer information leakage of C-Capital wouldn't occur, if it deleted the accounts of employees who resigned, in accordance with security policy, and the customer information leakage of KT agencies could be prevented in advance through a verification of users and devices of subcontractors. Lastly, the exposure of internal information of the domestic large company, S to North Korea wouldn't be occurred, if foreign users were not allowed access to particular tasks and networks. The changes of IT environment are represented by Mobile, Cloud and BYOD, and all the devices of IT are being serviced via wired and wireless networks. In this situation, the security model needs to be changed, too into the Airport model which emphasizes prevention, and connection, security and integration of functions from the existing Castle model. The risk-based Airport model consists of 5A (Accounting, Authorization, Authentication, Auditing and Administration), and for applying this model, a preventive process of threatening factors should be designed. This study suggested an application method of the risk-based Airport model to the cyber security environment.
关键词：5A; Airport Model; APT; Castle model