DOI QR코드

DOI QR Code

Case Analysis of Legal System and Regulations according to the Needs of S/W Development Security

S/W 개발 보안의 필요성에 따른 법 제도 및 규정 사례 분석

  • Shin, Seong-Yoon (Dept. of Computer Information Engineering, Kunsan National University) ;
  • Jeong, Kil-Hyun (Dept. of Internet Communication, Jangan University)
  • 신성윤 (군산대학교 컴퓨터정보공학과) ;
  • 정길현 (장안대학교 인터넷정보통신과)
  • Received : 2014.07.04
  • Accepted : 2014.09.12
  • Published : 2014.10.31

Abstract

Software Development Security is defined as a sequential procedure such as deleting potential security vulnerability for secure software development, designing or implementing various functions with considering security, and so on. In this paper, we research on domestic or international hacking cases that could damage us mentally or financially. Seventy five percent of Web-site attacks abuses weak points of application programs, or software. We also research on major issues related to software development security with these demerits. And then, we propose public and private laws, regulations, or systems and give some examples with detailed descriptions.

S/W 개발 보안이란 안전한 SW 개발을 위해 잠재적인 보안취약점을 제거하고, 보안을 고려하여 기능을 설계 구현하는 등 SW 개발 과정에서 일련의 보안활동을 말한다. 본 논문에서는 우리에게 정신적, 금전적으로 상당한 피해를 주는 국내외 해킹 사례를 살펴보도록 한다. 웹 사이트 공격의 약 75%가 응용프로그램 즉, S/W의 취약점을 악용한 것임을 상기시킨다. 그리고 이러한 취약점들을 많이 가지고 있는 S/W 개발 보안의 주요 이슈들을 알아보도록 한다. 그리고 보안관련 법 제도 및 규정을 공공부분과 민간부분으로 나누어 제시하도록 한다. 그리고 보안관련 법 제도 및 규정의 세부 내역들을 예를 들어 나타내 보도록 한다.

Keywords

References

  1. Lee, Hanwook, Shin, Hyu Keun, "A Study of The Robust User Authentication Methods for Memory Hacking Attacks," KIISC review, VOL. 23, NO. 6, pp. 67-75, 2013
  2. Choi. June Sung, Kim. Woo Je, Park. Won Hyung, Kook. Kwang Ho, "Defense SW Secure Coding Application Method for Cyberwarfare Focused on the Warfare System Embedded SW Application Level," Journal of the Korean Association of Defense Industry Studies, Vol. 19, No. 2, pp.90-103, 2012
  3. Jiho Bang, Rhan Ha, "Evaluation Methodology of Diagnostic Tool for Security Weakness of e-GOV Software," The Journal of Korea Information and Communications Society," Vol. 38C, No. 4, pp. 335-343, 2013. 4 https://doi.org/10.7840/kics.2013.38C.4.335
  4. P. E. Black, M. Kass, M. Koo, and E. Fong, "Source code security analysis tool functional specification version 1.1," NIST Special Publication 500-268, Feb. 2011.
  5. MOPAS, "Guidelines on building and operating Information Systems," MOPAS Notification No.2012-25, June 2012
  6. Seong-Yoon Shin, Dai-Hyun Jang, Hyeong-Jin Kim, "A Study on Security Measure of Step-Wise Project," Journal of the Korea Institute of Information and Communication Engineering, Vol. 18, No. 4, pp. 771-778, Apr. 2012
  7. Won-Hee Nam, Dea-Woo Park, "A Study on Cloud Network and Security System Analysis for Enhanced Security of Legislative Authority," The Journal of the Korean Institute of Information and Communication Engineering, Vol. 15, No. 6, pp. 1320-1326, 2011. 6 https://doi.org/10.6109/jkiice.2011.15.6.1320
  8. G. McGraw, "Software assurance for security," IEEE Computer, vol. 32, pp. 103-105, Apr. 1999. https://doi.org/10.1109/2.755011
  9. G. McGraw and B. Potter, "Software Security Testing," IEEE Security and Privacy, Vol.2, pp.81-85, Sep. 2004.
  10. B. Arkin, S. Stender and G. McGraw,"Software penetration testing," IEEE Security & Privacy, vol.3, pp. 84-87, Jan.2005.
  11. D.P. Gilliam, T.L. Wolfe, J.S. Sherif and M. Bishop, "Software Security Checklist for the Software Life Cycle," Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 243,Jun. 2003.
  12. http://certlys82.tistory.com/57