Browse > Article
http://dx.doi.org/10.14400/JDC.2019.17.8.221

A Study on Analysis of Security Functional Requirements for Virtualization Products through Comparison with Foreign Countries' Cases  

Lee, Ji-Yeon (Department of Business Administration, Dongnam Health University)
Publication Information
Journal of Digital Convergence / v.17, no.8, 2019 , pp. 221-228 More about this Journal
Abstract
The importance of security for virtualization products has been increased with the activation policy of cloud computing and it is necessary to analyze cyber security threats and develop security requirements for virtualization products to provide with more secure cloud environments. This paper is a preliminary study with the purpose of developing security functional requirements through analyzing security features and cyber security threats as well as comparison of foreign countries' cases for virtualization products. To do this, the paper compares evaluation schemes for virtualization products in US and UK foreign countries, and analyzes the cyber security threats, security objectives and security requirements in both countries. Furthermore, it proposes the essential checking items and processes for developing security functional requirements about security features of virtualization products to contribute to its more secure development and the establishment of related security evaluation standards.
Keywords
Cloud Computing; Virtualization Product; Cyber Threat; Security Requirement; Common Criteria; Protection Profile;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 S. Y. Ma, J. H. Ju & J. S. Moon. (2015). The Security Requirements Suggestion based on Cloud Computing Security Threats for Server Virtualization System. Journal of the Korea Institute of Information Security & Cryptology, 25(1), 95-105.   DOI
2 F. Swiderski & W. Snyder. (2004). Threat Modeling. Microsoft Press.
3 J. H. Lee, H. Lee & I. H. Kang. (2015). Technical Trends on Threat Modelling for Secure Software Development. Review of Korea Institute of Information Security and Cryptology,25(1), 32-38.
4 J. H. Jung. (2017). An Exploratory Study for Activating Cloud Computing: Focusing on Legislative Alternatives. Journal of Korean Association for Regional Society, 20(4), 73-96.
5 S. W. Ahn. (2019). Policy and Directions for Revitalizing Domestic Cloud Computing. Research Report of Software Policy & Research Institute, 2018-009, 1-103.
6 E. B. Choi. (2018). A Virtualization Management Convergence Access Control Model for Cloud Computing Environments. Journal of Convergence for Information Technology, 8(5), 69-75.   DOI
7 S. H. Lee. (2015). Cloud Computing Issues and Security Measure. Journal of Convergence for Information Technology, 5(1), 31-35.   DOI
8 S. Y. Choi & K. M. Jeong. (2018). The Security Architecture for Secure Computing Environment. Journal of the Korea of Computer and Information, 23(12), 81-87.
9 I. S. Lee & D. M. Jang. (2017). A Study on Methods for Providing Security Service in Cloud Computing. Proceedings of Symposium of the Korean Institute of Communications and Information Sciences, 1052-1053.
10 Y. S. Kim. (2014). Technical Trends on Hypervisor-based Virtualization Security in Cloud Computing, KISA Internet & Security Focus.
11 J. H. Kim. H. M. Jung & H. J. Cho. (2017). Design Plan of Secure IoT System based on Common Criteria. Journal of the Korea Convergence Society, 8(10), 61-66.   DOI
12 J. H. Park, S. Y. Kang & S. J. Kim. (2018). Study of Security Requirements of Smart Home Hub through Threat Modelling Analysis and Common Criteria, Journal of the Korea Institute of Information Security & Cryptology, 28(2), 513-528.   DOI
13 W. R. Jeon, J. Y. Kim, Y. S. Lee & D. H. Won. (2006). Development of Protection Profile for Smartphone Operating System based on Common Criteria 3.1. Journal of the Korea Institute of Information Security & Cryptology, 22(1), 117-130.
14 D. B. Lee. (2015). A Study on Protection Profile for Multi-Function Devices. Journal of The Korea Institute of Information Security and Cryptology, 25(5), 1257-1258.   DOI
15 CPA(Commercial Product Assurance). https://www.ncsc.gov.uk/scheme/commercial-product-assurance-cpa.
16 NCSC. (2018). CPA Security Characteristic, CPA-SC Server Virtualisation 1.22.
17 NCSC. (2018). CPA Security Characteristic, CPA-SC Client Virtualisation 1.22.
18 NIAP(National Information Assurance Partnership). https://www.niap-ccevs.org.
19 NIAP. (2016). Protection Profile for Virtualization Version 1.0. https://www..niap-ccevs.org/Profile/PP.cfm.
20 NIAP. (2016). Extended Package for Server Virtualization Version 1.0. https://www..niap-ccevs.org/Profile/PP.cfm.
21 CCMB. (2017). Common Criteria for Information Technology Security Evaluation. Version 3.1, Revision 5.
22 NIAP. (2016). Extended Package for Client Virtualization Version 1.0. https://www..niap-ccevs.org/Profile/PP.cfm.