¥°. ¼ ·Ð
ÃÖ±Ù ÄÄÇ»ÅÍ ±â¼úÀÇ ±Þ¼ÓÇÑ ¹ßÀüÀ¸·Î ÀÎÇØ ±âÁ¸ÀÇ ÅؽºÆ® À§ÁÖÀÇ »ç¿ëÀÚ È¯°æ¿¡¼ ¹þ¾î³ª À̹ÌÁö, ±×·¡ÇÈ, ¿Àµð¿À ¹× ºñµð¿À µ¥ÀÌÅÍ µîÀ» Á¦°øÇÏ´Â ¸ÖƼ¹Ìµð¾î »ç¿ëÀÚ È¯°æÀ¸·Î º¯È¯ÇÏ°í ÀÖ´Ù.¿î¿µÃ¼Á¦ ¹× ÀÀ¿ëÇÁ·Î±×·¥¿¡´Â ÇÁ·Î±×·¥ °³¹ß °úÁ¤ÀÇ ¿À·ù·Î ÀÎÇÏ¿© Ãë¾à¼ºÀ» °¡Áö°Ô µÈ´Ù. ¶ÇÇÑ ÀÎÅͳÝÀÌ Æø³Ð°Ô º¸±ÞµÇ¸é¼ ³×Æ®¿öÅ©¸¦ ÅëÇÑ ½Ã½ºÅÛ Ä§ÇØ»ç·Ê°¡ Áõ°¡ÇÏ°í ÀÖ´Ù. ÀÌ¿Í °°Àº ½Ã½ºÅÛ Ä§ÇØ»ç°íÀÇ ´ëºÎºÐÀÌ ½Ã½ºÅÛ¿¡ Á¸ÀçÇÏ´Â Ãë¾à¼ºÀ» ¾Ç¿ëÇÏ¿© ħÅõÇÏ´Â °ÍÀÌ´Ù. µû¶ó¼, ÀÌ·¯ÇÑ Ãë¾à¼ºÀ» Á¦°ÅÇϱâ À§ÇÑ ÆÐÄ¡ ÇÁ·Î±×·¥ÀÇ ¼³Ä¡°¡ ½Ã½ºÅÛÀÇ º¸¾È¼ºÀ» ³ôÀ̴µ¥ ÀÖ¾î¼ ¸Å¿ì Áß¿äÇÏ´Ù. º¥´õµé·ÎºÎÅÍ »õ·Î¿î ÆÐÄ¡°¡ Á¦°øµÇ¸é Áï°¢ÀûÀ¸·Î ½Ã½ºÅÛ¿¡ ¼³Ä¡ÇÏ¿©¾ß ÇÑ´Ù. ÇÏÁö¸¸, ´ëºÎºÐÀÇ ½Ã½ºÅÛ °ü¸®ÀÚµéÀÌ ÁÖ±âÀûÀ¸·Î º¥´õµé¿¡ Á¢¼ÓÇÏ¿© ´ë»ó ÆÐÄ¡¸¦ ´Ù¿î¹Þ¾Æ ¼³Ä¡ÇÏÁö ¸øÇÏ°í ÀÖ´Â ½ÇÁ¤ÀÌ¾î¼ ¸¹Àº ½Ã½ºÅÛµéÀÌ Ä§ÇØ»ç°í¿¡ ¹«¹æºñ »óÅÂÀÌ´Ù. ÃÖ±Ù ÀÌ·¯ÇÑ ¹®Á¦Á¡À» ÇØ°áÇϱâ À§ÇÏ¿© ÆÐÄ¡ ºÐ¹è ½Ã½ºÅÛÀ» ¿î¿µÇÏ¿© °ü¸®´ë»ó ½Ã½ºÅ۵鿡 ´ëÇÑ ÆÐÄ¡ °ü¸®¸¦ ¼öÇàÇÏ°íÀÚ ÇÏ´Â ¿¬±¸°¡ ÁøÇà ÁßÀÌ´Ù. ÇÏÁö¸¸ ±âÁ¸ÀÇ ¿¬±¸°¡ ÆÐÄ¡¸¦ ºÐ¹èÇÏ´Â ¹æ¹ý»óÀÇ ¹®Á¦Á¡µéÀ» ÇØ°áÇϴµ¥ ¸¹¡¦(»ý·«)
|
[1] F.Bergadano, B. Crispo, M. Eccettuato, `Secure WWW Transactions Using Standard HTTP and Java Applets`, 3rd USENIX Workshop on Electronic Commerce, pp. 109-119, 1998. [2] Whitfield Diffie, Paul C. Van Oorschot and Michael, J. Wiener, `Authentication and Authenticated Key Exchanges`, Designs Codes and Cryptography, pp. 107-125, 1992. [3] Charlie Lai Li Gong, Larry Steve Lodin, Eugene H. Spafford, `Authentication and Authorization in the Java Platform`, 15rh ANNUAL Computer Security Applications Conference, 1999. [4] Mark Crosbie, Ivan Krsul, Steve Lodin, Eugene H. Spafford, `A Secure Message Broadcast System(SMBS)¡°, CSD-TR-96-019, 1997. [5] A. Freier, P. Karlton, and P. Kocher, The Secure Protocol Version3, 1995. [6] T. Dierks and C. Allen, `The TLS Protocol version 1.0`, Internet Engineering Task Force Internet Draft, 1997. [7] Paul Ashley, Gary Gaskel, Joris Claessens and Mark Vandenwauver, `Intranet Security technologies Sesame or SSL?¡°, Proceedings of the AUUG98 Conference Sydney, pp. 133-142, 1998. [8] Tony Bartoletti and Lauri A Dobbs, ¡°Secure Software Distribution System`, 1997. [9] Mohd A. Bashar, G Krishnan, M.G. Kuhn, E.H. Spafford, S.S. Wagstaff, Jr., `Low-Threat Security Patches and Tools`, ICSM 97, 1997. [10] LLNL, `SafePatch`, Lawrence Livemore National Laboratory [11] C. Kaufman, DASS(Distributed Authentication Security Service)`, Network Working Group Request for Comments: 1507`, 1993. [12] G. Caronni and M Waldvogel, `Efficient Security for Large and Dynamic Multicast Group`, (WETICE 98) IEEE Comp Society Press, 1998. [13] Cross-Platform Security Patch Management, http://www.patchlink.com/products/emanage ment_services/patchlink_update.html [14] http://java.sun.com/j2se/1.4.1/docs/guide/security/
|