| Summary: | 碩士 === 國立雲林科技大學 === 電子工程與資訊工程技術研究所 === 88 === In this paper, we propose a dynamically configurable protecting scheme for group-oriented secure system. The main goal of the proposed scheme protects the enterprise from attacking of hackers. Current protecting schemes filter the unauthorized packets based on the host address. However, host-based filtering is lack of flexibility when the users change their machines frequently. Besides, host-based filtering is vulnerable to spoofing attacks, and it can not protect the enterprise against internal intruders.
In the proposed scheme, when user requests a service provided by the enterprise, the request is labeled according to the user’s group. Each service provider filters the illegal service request based on the security policy set by the group leader. The schemes not only supports dynamical configuration on security policy setting but also allows group membership dynamically change. Furthermore, the group-based filtering which is independent of the host address and can protect the enterprise from both external and internal attacks.
|
|---|
