DOI QR코드

DOI QR Code

Efficiency Evaluation Convergence Model of Virtual Private Network based on CC and ISO Standard

CC와 ISO 표준을 기반으로 한 가상사설망의 효율성 평가 융합 모델

  • Lee, Ha-Young (Dept. of Fusion Industry, Seoul Venture University) ;
  • Kim, Jung-Gyu (Dept. of Entrepreneurship, Graduate School of Global Entrepreneurship, Hoseo University)
  • 이하용 (서울벤처대학원대학교 융합산업학과) ;
  • 김중규 (호서대학교 글로벌창업대학원 창업학과)
  • Received : 2015.03.14
  • Accepted : 2015.05.20
  • Published : 2015.05.28

Abstract

Virtual Private Network is a method which can use as a private network using private line. The quality of security of virtual private network is influenced by security auditability, cryptographic support, user data protection, access control, etc., and efficiency is influenced by throughput, latency, the number of cession, etc. In this paper, we constructed a evaluation model based on CC(ISO/IEC 15408) and the quality evaluation standard ISO/IEC 25000 series to evaluate the quality level about efficiency with security performance of virtual private network. We think that this study will contribute to construct the system which can evaluate the quality of virtual private network based on CC and ISO quality evaluation standard.

가상사설망(VPN)은 마치 전용선으로 사설망을 구축한 것처럼 사용할 수 있는 방식을 말한다. 가상사설망의 보안성의 품질은 보안감사성, 암호지원, 사용자 데이터의 보호, 접근통제 등에 좌우되며 효율성의 품질은 패킷처리량, 전송지연, 처리할 수 있는 세션의 수 등에 좌우된다. 본 논문에서는 가상사설망의 보안성을 고려한 효율성에 관한 품질 수준을 평가하기 위해 CC(ISO/IEC 15408)와 ISO/IEC 25000 시리즈의 품질평가 표준을 근간으로 평가모델을 구성하였다. 본 연구를 통해 최근 중요성이 더욱 부각되고 있는 지식정보보안 시스템의 하나인 가상사설망의 품질수준을 CC와 ISO 품질평가 표준에 입각하여 평가할 수 있는 융합 평가체계 구축에 기여할 수 있을 것이라 사료된다.

Keywords

References

  1. Jong-Hoon Han, Jung-Woo Lee, Sung-Han Park, A Dynamic Key Lifetime Change Algorithm for Performance Improvement of Virtual Private Networks, Journal of the Institute of Electronics Engineers of Korea, Vol. 42, No. 10, p. 31, 2005. 10.
  2. Matzjong, Geun-Ok Kim, Hae-Sool Yang, VPN secure quality evaluation system development, The 35th Conference of the KIPS, Vol. 18, No. 1, p. 1331, 2011.
  3. ISO/IEC 15408-1:2009, Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 1: Introduction and general model, ISO, 2009.
  4. ISO/IEC 15408-2:2008, Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2: Security functional components, ISO, 2008.
  5. ISO/IEC 15408-3:2008, Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 3: Security assurance components, ISO, 2008.
  6. http://word.tta.or.kr/terms/terms.jsp : Telecommunications Technology Association, TTA Terminology Dictionary.
  7. Kang-Soo Lee, Young-Soo Kim et al., Virtual Private Network Protection Profile V2.0, Korea Information Security Agency & Hannam University, 2008. 4.
  8. ISO/IEC 9126, Information Technology - Software Quality Characteristics and metrics.
  9. ISO/IEC 12119, Information Technology - Software Package - Quality requirement and testing.
  10. ISO/IEC 25000, Systems and Software Engineering - Systems and Software Quality Requirements and Evaluation(SQuaRE) - Guide to SQuaRE, 2004.
  11. Bong-Hyun Kim, Dong-Uk Cho, Trend and Prospect of Network Security Technology, The Journal of Korean Institute of Communications and Information Sciences(J-KICS)NIPA), Vol. 31, No. 4, 2014.
  12. F. Alkhateeb, A. M. Manasrah and A. R. Bsoul, Bank Web Sites Phishing Detection and Notification System Based on Semantic Web technologies, IJSIA Vol.6 No.4, 2012.
  13. H. Ould-Brahim, et al., "Network based IP VPN Architecture using Virtual Routers", draftietfppvpn-vr-00.txt, 2001.
  14. ISO/IEC 25010, Systems and software engineering -- Systems and software Quality Requirements and Evaluation(SQuaRE) -- system and software quality models, 2011.
  15. ISO/IEC 25051, Software engineering -- Systems and software Quality Requirements and Evaluation(SQuaRE) -- Requirements for quality of Ready to Use Software Product(RUSP) and instructions for testing, 2014.
  16. ISO/IEC 25041, Systems and software engineering -- Systems and software Quality Requirements and Evaluation(SQuaRE) -- Evaluation guide for developers, acquirers and independent evaluators, 2012.