참고문헌
- J. W. Jung, J. D. Kim, Myeong-Gyun Song, Chul-Gu Jin, "A study on Development of Certification Schemes for Cloud Security", Journal of digital Convergence , Vol. 13, No. 8, pp. 43-49, 2015. https://doi.org/10.14400/JDC.2015.13.8.43
- M. S. Gu, YongZhen Li, "A Study of Countermeasures for Advanced Persistent Threats attacks by malicious code," Journal of IT Convergence Society for SMB, Vol. 5, No. 4, pp. 37-42, 2015
- J. H. Allen, S. Barnum, Robert J, Software security engineering - A guide for project managers, Addison-Wesley Professional, pp. 315, 2008.
- M. Ramachandran, Software Security Engineering - Design and applications, Nova Science Publishers, Inc., p. 272, 2012.
- R. Ross, M. McEvilley, J. C. Oren, Systems security engineering - Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, NIST SP 800-160, pp. 242, 2016.
- Common Criteria for Information Technology Security Evaluation, Part1, Part2, Part3 Version 3.1, Revision 4, CCRA, 2012.
- Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 4, CCRA, 2012.
- Kelley Dempsey, Security and Privacy Controls for Federal Information Systemsand Organizations, NIST SP 800-53 Revision 4, 2013.
- http://www.commoncriteriaportal.org.
- E. Gamma, et al., Design patterns - elements of reusable object-oriented software, Addison-Wesley, pp. 431, 1995.
- C. Dougherty, Secure Design Patterns, SEI, CMU, 2009.
- C Secure Coding Guide for e-government SW Development - Operation, Ministry of the Interior, 11-1311000-000330-10, pp. 212, 2012.9.
- Java Secure Coding Guide for e-government SW Development - Operation, Ministry of the Interior, 11-1311000-000330-10, pp. 320, 2012.9.
- https://cve.mitre.org/cve.
- https://www.owasp.org,/index.php/OWASP_Testing_Guide_v4_Table_of_Contents 2017.
- J. H. Kim, J. Y. Go, K. H. Lee, "A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing", Journal of The Korea Convergence Society", Vol. 6, No. 1, pp. 85-91, 2015 https://doi.org/10.15207/JKCS.2015.6.1.085
- H. S. Yang, "A Study on Multi-level Attack Detection Technique based on Profile Table", Journal of The Korea Society of Digital Industry and Information Management, Vol. 10, No. 4, pp89-96, 2014 https://doi.org/10.17662/ksdim.2014.10.1.089
- https://insights.sei.cmu.edu/sei_blog/2013/11/using-v-models-for-testing.html.
- K. M. Goertztel, et al., Software security assurance, IATAC and DACS, 2007.
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=overflow.
- https://cve.mitre.org/data/downloads/index.html.
- https://www.exploit-db.com/.
- http://www.cert.org/secure-coding/tools/.
- https://www.microsoft.com/en-us/SDL.
- P. Manadhata and J. M. Wing, "An Attack Surface Metric," IEEE Transactions on Software Engineering, Vol. 37, Vo. 3, 2011.
- https://www.surfwatchlabs.com/.
- R. M. Blank, Guide for Conducting Risk Assessments, NIST SP 800-30, 2012.
- https://capec.mitre.org.
- Alexander I. "Misuse Cases: Use Cases with Hostile Intent," IEEE Software, Vol. 20, No. 1, pp.58-66, 2003. https://doi.org/10.1109/MS.2003.1159030
- Sindre, G., Opdahl A.L. Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10(1), pp. 34-44, 2005. https://doi.org/10.1007/s00766-004-0194-4
- Barbara Kordy, Ludovic Pietre-Cambacedes, Patrick Schweitzer, DAG-Based Attack and Defense Modeling: Don' Miss the Forest for the Attack Trees, Computer Science Review, Vol. 13, pp. 1-38, 2014.
- J. H. Eom, Park, S. H, Chung, Tai M, "A Study on an Extended Cyber Attack Tree for an Analysis of Network Vulnerability", Journal of the Korea Society of Digital Industry and Information Management, Vol. 6, No. 3, pp. 49-57, 2010
- G. Lee, J Lee, "Petri Net based Models for Specification and Analysis of Cryptographic Protocols", The Journal of Systems and Software, Vol. 37, pp. 141-159, 1997. https://doi.org/10.1016/S0164-1212(96)00112-4
- Yongfu Zhou, "The Network Attack Model based on Hierarchical Expanded Stochastic Petri Net", International Journal of Security and Its Applications, Vol.8, No.6, pp.161-172, 2014. https://doi.org/10.14257/ijsia.2014.8.6.15
- Peter Karpati, Guttorm Sindre, "Towards a hacker attack representation method", Proceedings of the 5th International Conference on Software and Data Technologies, pp. 92-101, 2010.
- https://capec.mitre.org/documents/An_Introduction_to_Attack_Patterns_as_a_Software_Assurance_Knowledge_Resource.pdf.
- Schneider, Thorsten, "Secure Software Engineering Processes: Improving the Software Development Life Cycle to Combat Vulnerability", Software Quality Professional 8, no. 1, 2006.
- I. Flechais, C. Mascolo, M. Angela Sasse, "Integrating Security and Usability into the Requirements and Design Process", International Journal of Electronic Security and Digital Forensics, Vol. 1, Issue 1, pp. 12-26, 2006. https://doi.org/10.1504/IJESDF.2007.013589
- https://www.owasp.org/images/7/76/Jim_Manico_(Hamburg)_-_Securiing_the_SDLC.pdf.
- http://resources.sei.cmu.edu/asset_files/whitepaper/2013_019_001_297287.pdf.
- http://resources.sei.cmu.edu/asset_files/presentation/2016_017_001_493912.pdf.
- A. S. Sodiya,S. A. Onashoga, O. B. Ajayi, "Towards building secure software systems", Proceedings of Issues in Informing Science and Information Technology, Vol. 3, pp. 637-644, 2006.
- M. Zulkernine and S. I. Ahamed, Software Security Engineering: Toward Unifying Software Engineering and Security Engineering, Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues, pp. 19, 2006.