KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

An Integrative Method of FTA and FMEA for Software Security Analysis of a Smart Phone

스마트 폰의 소프트웨어 보안성 분석을 위한 FTA와 FMEA의 통합적 방법

  • 김명희 (부경대학교 정보시스템학과) ;
  • ;
  • 박만곤 (부경대학교 IT융합응용공학과)
  • Received : 2013.10.07
  • Accepted : 2013.11.18
  • Published : 2013.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently software security of the smart phone is an important issue in the field of information science and technology due to fast propagation of smart technology in our life. The smart phone as the security critical systems which are utilizing in terminal systems of the banking, ubiquitous home management, airline passengers screening, and so on are related to the risk of costs, risk of loss, risk of availability, and risk by usage. For the security issues, software hazard analysis of smart phone is the key approaching method by use of observed failures. In this paper, we propose an efficient integrative framework for software security analysis of the smart phone using Fault Tree Analysis (FTA) and Failure Mode Effect Analysis (FMEA) to gain a convergence security and reliability analysis technique on hand handle devices. And we discuss about that if a failure mode effect analysis performs simpler, not only for improving security but also reducing failure effects on this smart device, the proposed integrative framework is a key solution.

최근 우리 생활에 스마트 기술의 빠른 전파 때문에 정보 과학 및 기술 분야에 있어서는 스마트 폰의 소프트웨어 보안성이 중요한 이슈가 되고 있다. 보안성 중요 시스템인 스마트 폰은 은행 서비스, 유비쿼터스 홈 관리, 항공 고객의 검색 등의 서비스 시스템에 이용되기 때문에 비용의 리스크, 손실의 리스크, 이용가능 리스크, 그리고 사용상의 리스크에 관련 되어 있다. 스마트 폰의 보안성 이슈는 이들의 관찰된 고장들을 사용하여 소프트웨어 장애 분석을 하는 것이 핵심 접근 방법이다. 본 연구에서는 손으로 조작하는 디바이스들의 수렴하는 보안성과 신뢰성 분석 기법을 얻기 위해서 결함 트리 분석 (FTA)와 고장 모드 효과 분석(FMEA)을 사용하여 스마트 폰의 소프트웨어 보안성 분석을 위한 하나의 유효한 통합적 프레임 워크를 제안한다. 그리고 만약 하나의 고장 모드 효과 분석이 더욱 더 간단해지면 스마트 디바이스들의 보안성 개선뿐만 아니라 고장효과 의 감소를 위해서 제안된 통합적인 프레임 워크는 핵심 해법이 됨을 논의한다.

Keywords

References

  1. M. Cinque, D. Cotroneo, Z. Kalbarczyk, R. K. Iyer, "How Do Mobile Phones Fail? A Failure Data Analysis of Symbian OS Smart Phones," in Proc. of Dependable Systems and Networks (DSN '07), on 37th Annual IEEE/IFIP International Conference, pp.585-594, Jun., 2007.
  2. A. Shabtai, Y. Fledel, Y. Elovici, "Automated Static Code Analysis for Classifying Android Applications Using Machine Learning," in Proc. of 2010 International Conference on Computational Intelligence and Security (CIS), pp.329-333, Dec., 2010.
  3. H. Reza, S. Buettner, V. Krishna, "A Method to Test Component Off-the-Shelf (COTS) Used in Safety Critical Systems," in Proc. of Information Technology: New Generations 2008 (ITNG08) on Fifth International Conference, pp.189-194, Apr., 2008.
  4. J. White, C. Thompson, H .Turner, B. Dougherty, and D. C. Schmidt, "Primary Title: Wreck Watch: Automatic Traffic Accident Detection and Notification with Smartphones," in Proc. of Mobile Networks and Applications, Springer, Vol.16, pp.285-303, 2011.
  5. Hsiu-Sen Chiang, Woei-Jiunn Tsaur. "Identifying Smartphone Malware Using Data Mining Technology," in Proc. of 20th International Conference on Computer Communications and Networks (ICCCN2011), pp.1-6, Jul. 31-Aug. 4, 2011.
  6. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, "A Study of Android Application Security," in Proceedings of the 20th USENIX Security Symposium, San Francisco, August, 2011.
  7. Yuan Wei, Jin Qin, "Safety-Driven Software Reliability Allocation in Medical Device Application," in Proc. of Quality, Reliability, Risk, Maintenance, and Safety Engineering (ICQR2MSE), pp.105-109, Jun., 2011.
  8. A. Kumar Maji, Kangli Hao, S. Sultana, S. Bagchi, "Characterizing Failures in Mobile OSes: A Case Study with Android and Symbian," in Proc. of International Symposium on Software Reliability Engineering (ISSRE), pp.249-258, Nov., 2010.
  9. M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, C. Wolf, "Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices," in Proc. of Security and Privacy (SP), on 2011 IEEE Symposium, pp.96-111, May, 2011.
  10. Ashwin Chaugule, Zhi Xu and Sencun Zhu, "A Specification Based Intrusion Detection Framework for Mobile Phones," Applied Cryptography and Network Security, Lecture Notes in Computer Science, Vol.6715, pp.19-37, 2011.
  11. R. Mojdehrakhsh, Wei-Tek Tsai. S. Kirani, L. Elliott, "Retrofitting Software Safety in an Implantable Medical Device," in Proc. of IEEE Software, Vol.11, No.1, pp.41-50, Jan., 1994.
  12. Zhang Hong, Liu Binbin, "Integrated Analysis of Software FMEA and FTA," in Proc. of International Conference on Information Technology and Computer Science 2009 (ITCS09), Vol.2, pp.184-187, Jul., 2009.
  13. M. Becher, "Security of smartphones at the dawn of their ubiquitousness," Ph.D. dissertation, University of Mannheim, Oct., 2009.
  14. Shuaifu Dai, Yaxin Liu, Tielei Wang, Tao Wei, Wei Zou, "Behavior-Based Malware Detection on Mobile Phone," in Proc. of 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM10), pp.1-4, Sept., 2010.
  15. N. G. Leveson and P. R. Harvey, "Analyzing Software Safety," in Proc. of IEEE Transactions on Software Engineering, Vol.SE-9, No.5, pp.569-579, Sept., 1983.
  16. D. Dagon, T. Martin, T. Starner, "Mobile Phones as Computing Devices: The Viruses are Coming!" in Proc. of IEEE on Pervasive Computing, Vol.3, No.4, pp.11-15, 2004.
  17. J. Wayne, S. Karen, "Guidelines on Cell Phone and PDA Security," in Proc. of National Institute of Standard and Technology, US Department of Commerce, pp.800-124, 2008.
  18. P. Zheng, L. M. Ni, "Spotlight: The Rise of the Smart Phone," in Proc. of IEEE Distributed Systems Online, Vol.7, No.3, Mar., 2006.
  19. A. Tansu, B. Christian and A. D. Schmidt. "A Probabilistic Diffusion Scheme for Anomaly Detection on Smartphones," Lecture Notes on Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices, pp.31-46, 2010.
  20. B. Scorgie, P. Veeraraghavan, S. Ghosh, "Early Virus Detection for Windows Mobile," in Proc. of 9th Malaysia International Conference Communications (MICC2009), pp.295-300, Dec., 2009.
  21. C. F. Kemerer, B. S. Porter, "Improving the Reliability of Function Point Measurement: An Empirical Study," in Proc. of IEEE Transactions on Software Engineering, Vol.18, No.11, pp.1011-1024, Nov., 1992. https://doi.org/10.1109/32.177370
  22. A. Shabtai, Y. Fledel, Y. Elovici, "Securing Android-Powered Mobile Devices Using SE Linux," in Proc. of IEEE Security & Privacy, Vol.8, No.3, pp.36-44, 2010.
  23. Young Mo Kang, Chanwoo Cho, Sungjoo Lee. "Analysis of Factors Affecting the Adoption of Smartphones," in Proc. of 2011 IEEE International Conference on Technology Management (ITMC), pp.919-925, Jun., 2011.
  24. S. Chandra, P.M. Chen, "Whither Generic Recovery from Application Faults? Fault Study Using Open-Source Software," in Proc. of International Conference on Dependable Systems and Networks (DSN2000), pp.97-106, 2000.
  25. Peichang Wang, Junxing Zhang, Zhixue Chang, "Fault Tolerance of Multiprocessor-Structured Control System by Hardware and Software Reconfiguration," in Proc. of International Conference on Mechatronics and Automation (ICMA07), pp.3745-3749, Aug., 2007.
  26. Y. M. Wang, Y. Huang, W. K. Fuchs, "Progressive Retry for Software Error Recovery in Distributed Systems," in Proc. of The Twenty-Third International Symposium on Fault-Tolerant Computing (FTCS-23), pp.138-144, Jun., 1993.
  27. Y. Huang and C. Kintala. "Software Implemented Fault Tolerance: Technologies and Experience," in Proc. of the 1993 International Symposium on Fault-Tolerant Computing, pp.2-9, Jun., 1993.
  28. Y. Huang, C. Kintala, N. Kolettis, N. D. Fulton, "Software Rejuvenation: Analysis, Module and Applications," in Proc. of the 23rd International Symposium on Fault-Tolerant Computing (FTCS-23), pp.381-390, Jun., 1995.
  29. A. Gopalan, S. Banerjee, A. K. Das, S. Shakkottai, "Random Mobility and the Spread of Infection," in Proc. IEEE of INFOCOM 2011, pp.999-1007, Apr., 2011.
  30. B. S. Medikonda, P. S. Ramaiah, "Integrated Safety Analysis of Software-Controlled Critical Systems," ACM SIGSOFT Software Engineering Notes, Vol.35, No.1, Nov., 2010.
  31. T. Maier, "FMEA and FTA to Support Safe Design of Embedded Software in Safety-Critical Systems," in Proc. of CSR 12th Annual Workshop on Safety and Reliability of Software Based Systems, Bruges, Belgium, 1995.
  32. C. T. Alan and P. M. Steven, "Software Safety Analysis of a Flight Management System Vertical Navigation Function- A Status Report," in Proc. of IEEE the 22th Digital Avionics Systems Conference, Indianapolis, pp.12-16, Oct., 2003.
  33. Tao Jianfeng, Wang Shaoping, and Yao Yiping, "Hybrid Method of Computer Aided FMECA and FTA," Journal of Beijing University of Aeronautics and Astronautics, Beijing, China, Vol.26, No.6, pp.663-665, 2000.
  34. Wildan Toyib and Man-Gon Park, "Process Analysis of Digital Right Management for Web-Based Multicast Content," Journal of Korean Multimedia Society, Vol.14, No.12, pp.1601-1612, Dec., 2011. https://doi.org/10.9717/kmms.2011.14.12.1601

Cited by

  1. FTA-FMEA-based validity verification techniques for safety standards vol.34, pp.3, 2017, https://doi.org/10.1007/s11814-016-0321-1