A Study on Proving RMF A&A in Real World for Weapon System Development
|
|
Cho, Kwangsoo
(ICSP(Institute of Cyber Security & Privacy), School of Cybersecurity, Korea University)
Kim, Seungjoo (ICSP(Institute of Cyber Security & Privacy), School of Cybersecurity, Korea University) |
| 1 | L. Sion, et al, "Solution-aware data flow diagrams for security threat modeling", Proceedings of the 33rd Annual ACM Symposium on Applied Computing. pp. 1425-1432, Apr. 2018. |
| 2 | P. Frijns, R. Bierwolf and T. Zijderhand, "Reframing security in contemporary software development life cycle", 2018 IEEE International Conference on Technology Management, Operations and Decisions (ICTMOD), pp. 230-236, Nov. 2018. |
| 3 | H. Aranha, et al, "Securing Mobile e-Health Environments by Design: A Holistic Architectural Approach", 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 1-6, Oct. 2019. |
| 4 | K. M. Kaariainen, "Improving security in software development process: Case Tieto AS", MS Thesis, South-Eastern Finland University of Applied Sciences, May 2019. |
| 5 | M. T. Baldassarre, et al, "Privacy oriented software development", International Conference on the Quality of Information and Communications Technology, pp. 18-32, Aug. 2019. |
| 6 | P. Siddhanti, P. M. Asprion and B. Schneider, "Cybersecurity by Design for Smart Home Environments", Proceedings of the 21st International Conference on Enterprise Information Systems (ICEIS), pp. 587-595, 2019. |
| 7 | S. Ramalingan, et al, "A Holistic Systems Security Approach Featuring Thin Secure Elements for Resilient IoT Deployments", Sensors, vol.20, no.18, pp. 5252, Sep. 2020. DOI |
| 8 | S. Evangelou, "Auditing and extending security features of IoT platforms", Diploma Thesis, University of Thessaly, Jul. 2020. |
| 9 | M. Howard and S. Lipner, "The Security Development Lifecycle - SDL: A Process for Developing Demonstrably More Secure Software", Microsoft Press, May 2006. |
| 10 | T. M. MIR, et al, "Threat analysis and modeling during a software development lifecycle of a software application", U.S. Patent No 8,091,065, 2012. |
| 11 | V. John and M. Gary, "Building Secure Software: How to Avoid Security Problems the Right Way", Addison-Wesley, Aug. 2001. |
| 12 | R. Egan, et al, "Cyber operational risk scenarios for insurance companies", British Actuarial Journal, vol. 24, Feb. 2019. |
| 13 | V. Casola, et al, "A novel Security-by-Design methodology: Modeling and assessing security by SLAs with a quantitative approach", Journal of Systems and Software, vol.163, May 2020. |
| 14 | M. Bendel, "An Introduction to Department of Defense IA Certification and Accreditation Process(DIACAP)", 2006. |
| 15 | A. Kott, J. Ludwig and M. Lange, "Assessing mission impact of cyberattacks: toward a model-driven paradigm", IEEE Security & Privacy, vol.15, no.5, pp. 65-74, Oct. 2017. DOI |
| 16 | A. Sanchez-Gomez, J. Diaz and D. Arroyo, "Combining usability and privacy protection in free-access public cloud storage servers: review of the main threats and challenges", arXiv preprint arXiv:1610.08727, 2016. |
| 17 | S. Harrison, et al, "A security evaluation framework for UK e-goverment services agile software development", arXiv preprint arXiv:1604.02368, Apr. 2016. DOI |
| 18 | E. Chen, et al, "Designing security into software during the development lifecycle", U.S. Patent Application No 13/619,581, 2013. |
| 19 | Hyunsuk Cho, Sungyong Cha and Seungjoo Kim, "A Case Study on the Application of RMF to Domestic Weapon System", Journal of The Korea Institute of Information Security & Cryptology, 29(6), pp. 1463-1475, Dec. 2019. DOI |
| 20 | Jiseop Lee, et al, "Research for construction Cybersecurity Test and Evaluation of Weapon System", Journal of The Korea Institute of Information Security & Cryptology, 28(3), pp. 765-774, Jun. 2018. DOI |
| 21 | NIST, "Standards for Security Categorization of Federal Information and Information Systems", FIPS 199, 2004. |
| 22 | NIST, "Guide for Conducting Risk Assessments", NIST SP 800-30, 2012. |
| 23 | M. A. Amutio, J. Candau, and J. A. Manas, "MAGERIT-version 3.0 Methodology for Information Systems Risk Analysis and Management, Ministry of Finance and Public Administration", Jul. 2014. |
| 24 | W. Hassan, et al, "Latest trends, challenges and solutions in security in the era of cloud computing and software defined networks", Int J Inf & Commun Technol ISSN, vol.2252, no.8776, 2019. |
| 25 | H. Rygge and A. Josang, "Threat poker: solving security and privacy threats in agile software development", Nordic Conference on Secure IT Systems, pp. 468-483, Nov. 2018. |
| 26 | W. Douglas and R. Simon. "Applying Secure Software Engineering (SSE) Practices to Critical Space System Infrastructure Development", In: 14th International Conference on Space Operations, pp. 2392, 2016. |
| 27 | B. J. Greer, "Cybersecurity For Healthcare Medical Devices", PhD Thesis, Utica College, May 2018. |
| 28 | J. Wynn, et al, "Threat Assessment & Remediation Analysis (TARA)", MITRE, Oct. 2011. |
| 29 | B. Naqvi and A. Seffah, "A methodology for aligning usability and security in systems and services", 2018 3rd International Conference on Information Systems Engineering (ICISE), pp. 61-66, May 2018. |
| 30 | L. J. Moukahal, M. A. Elsayed and M. Zulkernine, "Vehicle Software Engineering (VSE): Research and Practice," IEEE Internet of Things Journal, vol. 7, no. 10, pp. 10137-10149, Jun. 2020. DOI |
| 31 | F. Nabi, J. Yong and X. TAO, "Classification of logical vulnerability based on group attacking method", Journal of Ubiquitous Systems & Pervasive Networks, vol.14, no.1, pp. 19-26, 2021. DOI |
| 32 | Jin-Keun Hong, "Component Analysis of DevOps and DevSecOps", Journal of the Korea Convergence Society, 10(9), pp. 47-53, Sep. 2019. DOI |
| 33 | A. Sanchez-Gomez, et al, "Review of the main security threats and challenges in free-access public cloud storage servers", Computer and Network Security Essentials. Springer, pp. 263-281, Aug. 2018. |
| 34 | N. Alhirabi, O. Rana and C. Perera, "Designing Security and Privacy Requirements in Internet of Things: A Survey", arXiv preprint arXiv:1910.09911, Oct. 2019. |
| 35 | K. Chermana, H. Pemmaiah, "Cleansing Legacy Data for GDPR Compliance: A Case Study", PhD Thesis, Auckland University of Technology, 2019. |
| 36 | J. Geismann and E. Bodden, "A systematic literature review of model-driven security engineering for cyber-physical systems", Journal of Systems and Software, vol. 169, Nov. 2020. |
| 37 | E. A. Wanniarachchi, "Program security evaluation using dynamic disassembly of machine instructions in virtualized environments", PhD Thesis, 2016. |
| 38 | M. M. Jakeri and M. F. Hassan, "A Review of Factors Influencing the Implementation of Secure Framework for in-House Web Application Development in Malaysian Public Sector", 2018 IEEE Conference on Application, Information and Network Security (AINS), pp. 99-104, Nov. 2018. |
| 39 | H. F. Atlam, et al, "Internet of Things Forensics: A Review", Internet of Things, vol.11, May 2020. |
| 40 | J. Heilmann, "Application Security Review Criteria for DevSecOps Processes", MS Thesis, Lulea University of Technology, Jun. 2020. |
| 41 | Sungyong Cha, et al, "Security evaluation framework for military iot devices", Security and Communication Networks, vol. 2018, pp. 1-12, May 2018. |
| 42 | M. Kern, et al, "A Cybersecurity Risk Assessment Process for Model Based Industry 4.0 Development", 23th World Multi-Conferebce on Systemics, Cybernetics and Informatics (WMSCI), 2019. |
| 43 | M. W. Meersman, "Developing a Cloud Computing Risk Assessment Instrument for Small to Medium Sized Enterprises: A Qualitative Case Study Using a Delphi Technique", PhD Thesis, Northcentral University, May 2019. |
| 44 | A. Hudic, et al. "Towards a unified secure cloud service development and deployment life-cycle", 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 428-436, Aug. 2016. |
| 45 | C. J. D'Orazio, et al, "A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps", Applied Mathematics and Computation, vol. 293, pp. 523-544, Jan. 2017. DOI |
| 46 | M. Alenezi and S. Almuairfi, "Essential activities for Secure Software Development", International Journal of Software Engineering & Applications (IJSEA), vol. 11, no. 2, Mar 2020. |
| 47 | S. A. Ehikioya, E. Guillemot, "A critical assessment of the design issues in e-commerce systems development", Engineering Reports, vol.2, no.4, Mar. 2020. |
| 48 | T. Pavleska, et al, "Cybersecurity Evaluation of Enterprise Architectures: The e-SENS Case", IFIP Working Conference on The Practice of Enterprise Modeling, pp. 226-241, Nov. 2019. |
| 49 | P. De Cremer, et al, "Sensei: Enforcing secure coding guidelines in the integrated development environment", Software: Practice and Experience, vol.50, no.9, pp. 1682-1718, Jun. 2020. DOI |
| 50 | DoD, "Risk Management Framework (RMF) for DoD Information Technology (IT)", DoDI 8510.01, 2014. |
| 51 | F. Y. Akeel, "Secure data integration systems", PhD Thesis, University of Southampton, Oct. 2017. |
| 52 | S. Lipke, "Building a secure software supply chain using docker", MS Thesis, Hochschule der Medien, 2017. |
| 53 | A. Schaad and T. Reski, "Open Weakness and Vulnerability Modeler(OVVL)-An Updated Approach to Threat Modeling", Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, pp. 417-424, Jan. 2019. |
| 54 | Microsoft, "Security Development Lifecycle - SDL Process Guidance Version 5.2", 2012. |
| 55 | NIST, "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy", NIST SP 800-37, 2018. |
| 56 | NIST, "Security Considerations in the System Development Life Cycle", NIST SP 800-64 Revision 2, 2019. |
| 57 | E. Venson, et al, "Costing secure software development: A systematic mapping study", Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1-11, Aug. 2019. |
| 58 | E. Zheng, J. Kao and B. He, "Automated secure software development management, risk assessment, and risk remediation", U.S. Patent No 10,740,469, 2020. |
| 59 | CNSS, "Security Categorization and Control Selection for National Security Systems", CNSSI 1253, 2009. |
| 60 | V. K. Mishra, "Blockchain for Cybersecurity-Standards & Implications", Cybernomics, vol.1, no.5, pp. 11-15, Dec. 2019. |
| 61 | J. Jaskolka, "Recommendations for Effective Security Assurance of Software-Dependent Systems", Science and Information Conference, pp. 511-531, Jul. 2020. |
| 62 | J. Nguyen and M. Dupuis, "Closing the Feedback Loop Between UX Design, Software Development, Security Engineering, and Operations", Proceedings of the 20th Annual SIG Conference on Information Technology Education, pp. 93-98, Sep. 2019. |
| 63 | E. Venson, et al, "The Impact of Software Security Practices on Development Effort: An Initial Survey", 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), pp. 1-12, Sep. 2019. |
| 64 | M. Zarour, M. Alenezi and K. Alsarayrah, "Software Security Specifications and Design: How Software Engineers and Practitioners Are Mixing Things up", Proceedings of the Evaluation and Assessment in Software Engineering, pp. 451-456, Apr. 2020. |
| 65 | E. Venson, "The effects of required security on software development effort", Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Companion Proceedings, pp. 166-169, Jun. 2020. |
| 66 | R. Kumar and R. Goyal, "Assurance of data security and privacy in the cloud: A three-dimensional perspective", Software Quality Professional, vol. 21, no.2, pp. 7-26, Mar. 2019. |
| 67 | A. Jurcut, et al, "Security Considerations for Internet of Things: A Survey", SN Computer Science, vol.1, no.193, pp. 1-19, Jun. 2020. DOI |
| 68 | S. Evangelou and C. Akasiadis, "Security Assessment in IoT Ecosystems", 2020. |
| 69 | Sungyong Cha, Seungsoo Baek and Seungjoo Kim, "Blockchain Based Sensitive Data Management by Using Key Escrow Encryption System From the Perspective of Supply Chain", IEEE Access, vol.8, pp. 154269-154280, Aug. 2020. DOI |
| 70 | Sooyoung Kang and Seungjoo Kim, "CIA-Level Driven Secure SDLC Framework for Integrating Security into SDLC Process", Journal of The Korea Institute of Information Security & Cryptology, 30(5), pp. 909-928, Aug. 2020. DOI |
| 71 | T. Pavleska, et al, "Drafting a Cybersecurity Framework Profile for Smart Grids in EU: A Goal Based Methodology", European Dependable Computing Conference, pp. 143-155, Aug. 2020. |
| 72 | L. David, "DREADful", Microsoft, Aug. 2007. |
| 73 | A. Van den Berghe, et al, "Design notations for secure software: a systematic literature review", Software & Systems Modeling, vol.16, no.3, pp. 809-831, Aug. 2017. DOI |
| 74 | R. Buijtenen and T. Rangnau, "Continuous Security Testing: A Case Study on the Challenges of Integrating Dynamic Security Testing Tools in CI/CD", 17th SC@ RUG, 2019. |
| 75 | A. Johannsen, D. Kant and R. Creutzburg, "Measuring IT security, compliance and data governance within small and medium-sized IT enterprises", Electronic Imaging, vol. 252, pp. 1-11, 2020. |
| 76 | ISO, "Evaluation criteria for IT security(CC)", ISO/IEC 15408, 2009. |
| 77 | NIST, "Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories", NIST SP 800-60, 2008. |
| 78 | NIST, "Security and Privacy Controls for Information Systems and Organizations", NIST SP 800-53, 2020. |
| 79 | DoD, "DoD Program Manager's Guidebook for Integrating the Cyb-ersecurity Risk Management Framework into the System Acquisition Lifecycle", 2015. |
 |
Korea Institute of Science and Technology Information
Gwahangno, Yuseong-gu, Daejeon, 305-806, Korea TEL : +82-42-869-1752
Copyright (c) 2009 KISTI. All Rights Reserved. For more information mail to
webmaster
