Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.4.669

A Business-Logic Separated Security Framework for Smart Banking  

Seo, Dong-Hyun (Korea Graduate School of Information Security)
Lee, Sang-Jin (Korea Graduate School of Information Security)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.4, 2014 , pp. 669-679 More about this Journal
Abstract
This study introduces server-side security-oriented framework for smart financial service. Most of domestic financial institutions providing e-banking services have employed server-side framework which implement service-oriented architecture. Because such architecture accommodates business and security requirements at the same time, institutions are struggling to cope with the security incidents efficiently. The thesis suggests that separating security areas from business areas in the frameworks makes users to be able to apply security policies in real time without considering how these policies may affect business transactions. Security-oriented frameworks support rapid and effective countermeasures against security threats. Furthermore, plans to avoid significant changes on existing system when institutions implement these frameworks are discussed in the report.
Keywords
Smart Banking; Security Framework; Server Security Architecture;
Citations & Related Records
연도 인용수 순위
  • Reference
1 The Bank of Korea, "Banking services usage statistics throughout the year 2013," The Bank of Korea, pp. 2-4, Feb. 2014.
2 KISA, "Internet incident response statistics," KISA, pp. 133-139, Jan. 2014.
3 Danny Coward and Yutaka Yoshida, "JavaTM Servlet Specification Version 2.4," Sun Microsystems, Inc, pp. 49-55, Nov. 2003.
4 KISA, "Cryptographic algorithm and key length using guide," KISA, pp. 4-9, Jan. 2013.
5 Financial Supervisory Service(FSS), "Enforcement Regulations for electronic banking supervision regulations," Act 11,29, 2008.
6 Republic of Korea National Assembly, Legislation No. 09119, "Information and Communication Network Utilization and Information Protection Act," Act 28, 2008.
7 Apple Inc, MAC addresses in iOS 7, https://developer.apple.com/news/?id=8222013a
8 ISO, "Information security management A.10-11," ISO/IEC 27001, Oct. 2005.
9 OWASP Top 10 2013, https://www.owasp.org/index.php/Top_10_2013
10 Strategy Analytics, Android Captures Record 81 Percent Share of Global Smartphone Shipments in Q3 2013, http://blogs.strategyanalytics.com/WSS/post/2013/10/31/Android-Captures-R ecord-81-Percent-Share-of-Global-Smartphone-Shipments-in-Q3-2013.aspx
11 W3C, Header Field Definitions, http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
12 Oracle Inc, Basic JMS API Concepts, http://docs.oracle.com/javaee/6/tutorial/doc/bncdx.html
13 wikipedia, Java Classloader, http://en.wikipedia.org/wiki/Java_Classloader