Journal of Advanced Navigation Technology (한국항행학회논문지)

The Korean Navigation Institute (한국항행학회)
권호 표지
DOI QR코드

DOI QR Code

A System for Supporting The Cyber Security Control of I&C System

제어계측 시스템 환경에서의 사이버 보안 통제 지원 시스템

  • Jung, Hyun-Mi (Korea Institute of Science and Technology Information) ;
  • Kim, Seok-Hun (Department of MobileMedia, Suwon Women's College) ;
  • Sung, Kyung (Department of ComputerEducation, Mokwon University)
  • 정현미 (한국과학기술정보연구원) ;
  • 김석훈 (수원여자대학교 모바일미디어과) ;
  • 성경 (목원대학교 컴퓨터교육과)
  • Received : 2013.07.15
  • Accepted : 2013.08.30
  • Published : 2013.08.30
Download PDF
⟨ Previous Next ⟩

Abstract

I&C (Instrumentation & Control) system is different from information system and the security design of the two systems are also different. The modeling activity is needed based on the security control guide in order to build I&C system security control. In this paper, the role and by the security control, we designed the relationship (that is, the relation schema) between the documents for 'The system for supporting the cyber security control of I&C system design' based on the security control guide. The designed schema plans 'The system for supporting the cyber security control of I&C system' for observing the security control guide, and is used as the database and content that supports its design and implementation. The process and system of the proposed schema is utilized and designed. The design of the schema and system is intensified in the design phase with the proposed mode and supporting the I&C system cyber security design.

제어계측 시스템과 정보시스템은 서로 차이가 있으며 두 시스템의 보안설계가 다르다. 이러한 문제점을 해결하기 위해 제어계측 시스템의 보안통제를 설계하기 위해서는 보안통제가이드를 기본으로 한 정책 설정 및 모델링 작업의 필요성이 대두되고 있다. 본 논문에서는 제어계측시스템 환경에서 사이버 보안 통제를 지원하기 위하여 보안규제 가이드를 기반으로 역할, 보안 통제 별 및 문서간의 관계스키마를 설계하였고, 설계된 스키마는 보안규제가이드를 준수하기 위한 사이버 보안 통제 구축 지원 시스템의 계획, 설계, 구현을 지원 하는 데이터베이스와 내용으로 활용이 가능하다. 이후 제안된 스키마를 활용하여 시스템 프로세스를 설계하고 제어계측 시스템에 최적화된 보안통제지원 시스템을 개발한다.

Keywords

References

  1. 2004 The White Paper of National Information Security, http://www.nist.go.kr
  2. Ron Derynck , "Cyber-Security and System Integrity for Transportation Networks," VeronoWhitepaper, 2004
  3. Sylvia Osborn, Ravi Sandhu, Qamar Munawer, " Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies," ACM Transactions on Information and System Security, vol. 3, No. 2, Pages 85-106, 2000 https://doi.org/10.1145/354876.354878
  4. National Institute of Standards and Technology , http://hissa.nist.gov/prject/rbac.html
  5. http://www.ecs.syr.edu/chin/cse774/readings/rbac/p34-ferraio.pdf
  6. National Institute of Standards and Technology , http://csrc.nist.go.kr/rbac
  7. http://en.wikipedia.org/wiki/Role-based_access_control
  8. Hyun-Mi Jung, Kyung-Su Han and Gang-Soo Lee ," A Schema Design for Supporting The Cyber Security Control of SCADA ," Journal of Korea Knowledge Information Technology, vol 7, No 6, 2012
  9. The Nuclear Regulatory Commission, http://nrcstp.ornl.gov/slo/regguide571.pdf
  10. Cyber security programs for nuclear facilities; Regulatory Guide 5.71, U.S. Nuclear Regulatory Commission , 2010
  11. Hyun-Mi Jung , Kyung-Su Han, Gang-Soo Lee and Su-Jin Jang "A role-based access analysis for the cyber security management," Journal of Future Game Technology (JFGT), vol. 2, No. 1, 2012