異質多網安全檢測平台建置計畫(III)

Abstract

依據行政院『我國資通安全政策白皮書』、國外經驗與借鏡，設置國家級之「資通安全研究與教學中心(TaiWan Information Security Center, TWISC)」，在中央研究院李德財院士的領導下，於94年成立台灣科技大學心資通安全研究與教學中心(TWISC@NTUST)、交通大學資通安全研究與教學中心(TWISC@NCTU)、與成功大學資通安全研究與教學中心(TWISC@NCKU)，分別從事其專長領域研究、技術建置與推廣。TWISC@NCTU在本計畫主要的目的在於建置一個異質多網安全檢測平台、開發與建置產官學研所需的安全檢測工具，以及提供政府機關、產業界或是財團法人異質多網安全檢測的服務。希望藉由我們所開發各種安全檢測工具來發現異質多網與行動設備潛在的安全問題，讓管理人員以及一般使用者可提早修補漏洞、改善問題以提高行動設備安全性。為了在2011年開發適合產官學研的安全檢測工具，我們已經與多個政府機關、法人以及產業界建立產學合作關係，包括：總統府國家安全會議、法務部調查局、工研院、資策會、行政院研考會、國家資通安全會報技術服務中心、中華電信、友訊科技、宏達電、趨勢科技、喬鼎科技、中科院、教育部等，並了解他們的檢測需求。舉例說明：我們和工研院資通所達成合作共識，開發Android相關安全檢測工具。此外，我們也和宏達電、友訊科技及中華電信合作，執行軟體安全檢測以及惡意程式行為分析。這些單位在Access Point/router、智慧型手機也有滲透檢測之需求。在2011年，我們針對上述單位的需求來開發適當且客製化的檢測工具。此外，我們也積極地與其他單位聯繫以及交流，來開發出更符合產研單位需求的安全檢測工具。在2011年，本計畫開發了7個全新的安全檢測防護工具(請見表1)，且繼續客制化與維護已開發完成的15個檢測工具。同時，我們也持續把適切的檢測工具轉成線上服務，讓更多人可因此受惠。藉由此平台的建置與檢測工具的開發，我們希望提供政府機關、財團法人及高科技廠商網路安全檢測的服務，並且技轉所開發的檢測工具，以幫助上述單位發現漏洞及弱點。如此一來將可提高產業的經濟效益、提升無線產品附加價值、節省因網路攻擊或系統弱點所消耗的產值、節省專業檢測人力並且有效減少各種有線、無線網路環境的攻擊。此外，在2011年我們的成果包含技術移轉1件、先期技術移轉1件、技術服務1件、與產學合作達12件，總金額超越本計畫書所規畫之400萬元。此項成果說明本計畫之建置成果在產業界之可應用性與前瞻性。本計畫之學術以及產業研究均有相當成果。參與本計畫之成員於2011年發表於國際重要期刊之論文數共19篇，發表於國際研討會之論文數共16篇以及國內研討會之論文共2篇。2011年美國專利獲證5件，提出美國以及台灣專利申請各1件。詳細列表請參閱（七）計畫成果。

The goal of TWISC@NCTU is to develope a heterogeneous network security inspection platform and security tools applied in academic, industry and government in practice. This project can provide the services of heterogeneous network security analysis for any cooperative organization. In 2011, we cooperated with National Security Council, Ministry of Justice, ITRI, III, REDC, ICST, Chunghwa Telecom, D-Link, HTC, Trend Micro, Promise, CSIST, Ministry of Education, etc. The project meets the requirements, which were suggested by the cooperative organizations, to disclosure the vulnerabilities of mobile equipment for security improvement. For example, is one of the work items due to the shared view reached with Information and Communications Research Laboratories, ITRI. Additionally, both testing software security and analyzing behaviors of malware in our research comply with the industry demand by HTC, D-Link and Chunghwa Telecom.In 2011, 7 new security testing tools are proposed and implemented with the functionalities required by industry and government, and some functionalities of our project are appropriately turned into on-line services for benefiting the people who are interested in it. With the platform and tools, we anticipate enhancing information security in government sectors, corporations, and hi-tech industries, and we conucted technology transfer with related companies to discover security vulnerabilities in advance. In this way, the quality of network products is increased； the manpower dealing with security threats is reduced； the system vulnerabilities are discovered； finally, the threats in heterogeneous networks are eliminated. Moreover, our team conducted 16 remarkable cooperation projects, which includes industry-university cooperation, technical assistance services, and software licensing, that meet our project goal of 4 million dollars in revenue. This result shows the applicability of our novel techniques. In publication, we have published 7 journal papers, 11 international conference papers, and 1 national conference papers. We also received 3 patents and filed two new patents. Thus, this demonstrated our accomplishments in both academics and industry.