Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

A Methodology for CC-based Security Requirements Analysis and Specification by using Misuse Case Model

Misuse Case 모델을 이용한 CC기반의 보안요구사항 분식 및 명제 방법론

  • Published : 2004.06.01
Download PDF
⟨ Previous Next ⟩

Abstract

All information system is information security system that enforced security function. To improve qualify of information security system, suity requirement analysis and specification must be Performed by consistently and typically at early requirement analysis step. In this paper, we propose a security requirements analysis and specification model and process by using Misuse Case Model that extends UML's Use Case Model. And, we propose a cost-effective security product selection algorithm that security product is sufficient of all constructed security functional requirements. It may raise quality of information security system that developed through proposed model and process.

모든 정보시스템은 보안기능이 강화된 정보보호시스템이라 할 수 있으며, 정보보호시스템의 품질을 높이기 위해서는 초기 요구사항 분석 단계에서 보안요구사항을 정형적이며 일관적으로 분석 및 명세하여야 한다. 본 논문에서는 UML의 Use Case 모델을 확장한 Misuse Case 모델을 이용하여 보안요구사항을 분석 및 명세하는 모델과 프로세스를 제시하였으며, 도출된 보안기능요구사항들을 제품화한 비용효과적인 보안제품 선정 알고리즘을 제시하였다. 제시한 모델 및 프로세스를 통해 개발된 정보보호시스템의 품질을 제고할 수 있을 것이다

Keywords

References

  1. 정보보호시스템 평가/인증 가이드 한국정보보호진흥원
  2. Common Criteria for Information Technology Security Evaluation(version2.1) CCIMB-99-031 CC
  3. Common Evaluation Methodology(version1.0) CEM-99/045 CC
  4. Final Interpretations
  5. CCRA(Arrangement on the Recongnition of Common Criteria Certificates)
  6. UML in a Nutshell, O'Reilly S.Alhir
  7. Object-Oriented Software Engineering:A Use Case Driven Approach I.Jacobson(et al.)
  8. Proc. TOOLS-USA'99 Use Case Pitfalls:Top 10 Problems from Real Projects Using Use Cases S.Lilly
  9. Proc. 14th Norwegian Informatics Conference(NIK'2001) Capturing Security Requirements through Misuse Cases G.Sindre;A.L.Opdahl
  10. Proc. 7th International Workshop on Requirements Engineering:Foundation of Software Quality(REFSQ'2001) Templates for Misuse Case Description G.Sindre;A.L.Opdahl
  11. IEEE Software v.20 no.1 Misuse Cases-Use Cases with Hostile Intent I.Alexander https://doi.org/10.1109/MS.2003.1159030
  12. Computing and Control Engineering v.14 no.1 Misuse Cases Help to Elicit Non-Functional Requirements I.Alexander https://doi.org/10.1049/cce:20030108
  13. Proc. 8th International Workshop on Requirements Engineering:Foundation for Software Quality(REFSQ'02) Modeling the Interplay of Conflicting Goals with Use and Misuse Cases I.Alexander
  14. Proc. 37th Technology of Object-Oriented Lanauages and Systems(TOOLS-37 Pacific 2000) Eliciting Security Requirements by Misuse Cases J.McDermott
  15. Proc. Annual Computer Security Applications Conference(ACSAC'99) Using Abuse Case Models for Security Requirements Analysis J.McDermott;C.Fox
  16. Proc. 17th Annual Computer Security Applications Conference(ACSAC'01) Abuse Case Based Assurance Arguments J.McDermott
  17. Journal of Object Technology(JOT) v.2 no.3 Security Use Cases Donald,G.Firesmith https://doi.org/10.5381/jot.2003.2.3.c6
  18. 한국전자거래학회지 v.8 no.3 PP의 보안환경을 위한 위협문장 생성방법 고정호;이강수
  19. ISO/IEC PDTR 15446, Draft Information technology-Security techniques-Guide for the production of protection profiles and security targets
  20. CC Profiling Knowledge base Report List of Threat, Attack, Policy, Assumption, and Environment Statement Attribute NIAP
  21. PP-008, DBMS Protection Profile,EAL3, Issue 2.1 Oracle
  22. Oracle 8, Security Targer, Release 8.0.5.