Security Requirements Analysis on IP Camera via Threat Modeling and Common Criteria
|
|
Park, Jisoo
(고려대학교 정보보호대학원 정보보호학과)
Kim, Seungjoo (고려대학교 사이버국방학과/정보보호대학원) |
| 1 | Microsoft, Security Development Lifecycle [Internet], https://www.microsoft.com/en-us/sdl/. |
| 2 | Cisco, Cisco Secure Development Lifecycle(SDL) [Internet], http://www.cisco.com/c/en/us/about/security-center/security-programs/secure-development-lifecycle.html. |
| 3 | VMware, VMware Security Development Lifecycle [Internet], http://www.vmware.com/security/sdl.html. |
| 4 | OWASP, OWASP Secure Development Lifecycle Cheat Sheet [Internet], https://www.owasp.org/index.php/Secure_SDLC_Cheat_Sheet. |
| 5 | Guttorm Sindre and Andreas L. Opdahl, "Capturing Security Requirements through Misuse Cases," in Proceedings of the Norsk Informatikkonferanse, Bergen, 2001. |
| 6 | Guttorm Sindre and Andreas L. Opdahl, "Eliciting security requirements with misuse cases," Requirements Engineering, Vol.10, Issue 1, pp.34-44, 2005. DOI |
| 7 | Edward G. Amosoro, "Fundamentals of computer security technology," AT&T Bell labs, 1994. |
| 8 | Chris Salter, O. Sami Saydjari, Bruce Schneier, and Jim Wllner, "Toward A Secure System Engineering Methodology," in Proceedings of the 1998 Workshop on New Security Paradigms, pp.2-10, 1998. |
| 9 | Bruce Schneier, Attack Trees [Internet], https://www.schneier.com/academic/archives/1999/12/attack_trees.html. |
| 10 | Adam Shostack, "Experiences Threat Modeling at Microsoft," Microsoft, 2008. |
| 11 | Microsoft, Microsoft Threat Modeling Tool 2016 [Internet], https://www.microsoft.com/en-us/download/details.aspx?id=49168. |
| 12 | Goncalo Martins, Sajal Bhatia, Xenofon Koutsoukos, Keith Stouffer, CheeYee Tang, and Richard Candell, "Toward a Systematic Treat Modelling Approach for Cyber-Physical Systems," in Proceedings of National Symposium on Resilient Critical Infrastructure, Philadelphia, 2015. |
| 13 | Dr. Marnix Dekker and Dr.Giles Hogben, "Appstore security - 5 lines of defence against malware," European Network and Information Security Agency(ENISA), 2011. |
| 14 | Tong Xin and Ban Xiaofang, "Online Banking Seucurity Analysis based on STRIDE Threat Model," International Journal of Security and its Applications 8, pp.271-282, 2014. DOI |
| 15 | Anthony Hadding, and Dr. J. Zalewski, "Threat Modeling in Embedded Systems," Dissertation, Florida Gulf Coast University, 2012. |
| 16 | Kristian Beckers, Stephan Fabbender, Maritta Heisel, and Santiago Suppan, "A Threat Analysis Methodology for Smart Home Scenarios, Technical Report," in Proceeding of the International Workshop on Smart Grid Security, Munich, pp.94-124, 2014. |
| 17 | Anton Bretting and Mei Ha, "Vehicle Control Unit Security using Open Source AUTOSAR," M.S. disseration, University of Gothenburg, Gothenburg, Sweden, 2015. |
| 18 | Katrina Mansfield, Timothy Eveleigh, Thomas H. Holzer, and Shahryar Sarkani, "DoD Comprehensive Military Unmanned Aerial Vehicle Smart Device Ground Control Station Threat Modeling," Defense ARJ, USA, 2015. |
| 19 | CERT, Software Engineering Institute, Carnegie Mellon University, OCTAVE [Internet], http://www.cert.org/resilience/products-services/octave/. |
| 20 | DistriNet Research Group, LINDDUN [Internet], https://distrinet.cs.kuleuven.be/software/linddun/contributors.php. |
| 21 | Octotrike, Trike [Internet], http://octotrike.org/home.shtml. |
| 22 | Tony UcedaVelez, "Real World Threat Modeling using the PASTA Methodology," in Proceedings of OWASP AppSec Research 2012, Athens, 2012. |
| 23 | OWASP, Threat Risk Modeling [Internet], https://www.owasp.org/index.php/Threat_Risk_Modeling. |
| 24 | Donn B. Parker, "Our Excessively Simplistic Information Security Model and How to Fix it," ISSA Journal of Requirements Engineering, Springer-Verlag, 2010. |
| 25 | Shostack, Adam, Threat Modeling: Designing for Security," John Wiley & Sons, 2014. |
| 26 | Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, and Dianxiang Xu, "Security Test Generation using Threat Trees," in Proceedings of Automation of Software Test on ICSE Workshop, 2009. |
| 27 | Inger Anne Tondel, Jostein Jensen, Lillian Rostad, "Combining misuse cases with attack trees and security activity models," in Availability, Reliability, and Security on ARES'10 International Conference, 2010. |
| 28 | Craig Heffner, "Exploiting Surveillance cameras, Like a Hollywood Hacker," Tactical Network Solutions, 2013. |
| 29 | Mark Yampolskiy, Peter Horvath, Xenofon D. Koutsoukos, Yuan Xue, and Janos Sztipanovits, "Systematic Analysis of Cyber-Attacks on CPS-Evaluating Applicability of DFDbased Approach," in Proceedings of the International Symposium on Resilient Control System, Salt Lake City, pp.55-62, 2012. |
| 30 | Cletus O. Ohaneme, James Eke, Augustine C. O. Azubogu, Emmanuel N. Ifeagwu, and Louisa C. Ohaneme, "Design and Implementation of an IP-Based Security Surveillance System," International Journal of Computer Science Issues, Vol.9, No.5, Sept., 2012. |
| 31 | Sergey Shekyan and Artem Hartutyunyan, "Watching the watchers: hacking wireless IP Security Cameras," Shape Security and Qualys Inc., 2013. |
| 32 | Fransico Falcon, Nahuel Riva, Do you know who's watching you? An in-depth examination of IP Camera attack surface [Internet], https://www.coresecurity.com/corelabs-research/ publications/examination-ip-cameras-attack-surface-ekoparty2013. |
| 33 | Lee Tobin, "Reverse Engineering a CCTV system, A case study," Digital Investigation, Vol.11, No.3, pp.179-186, 2014. DOI |
| 34 | Red ALert, SysSec Lab, "Security threat report Foreignmade CCTV, IP-Camera," NSHC and KAIST, 2015. |
| 35 | CCMB, "Common Criteria for Information Technology Security Evaluation - Part 1 : Introduction and general model," Version 3.1 Revision 4, CCRA, 2012. |
| 36 | CCMB, "Common Criteria for Information Technology Security Evaluation - Part 2 : Security functional components," Version 3.1 Revision 4, CCRA, 2012. |
| 37 | James Ransome and Anmol Misra, "Core Software Security, Security at the source," CRC Press, 2013. |
| 38 | Vineet Saini, Qiang Duan, Vamsi Paruchuri, "Threat Modeling Using Attack Tree," Journal of Computing Science in Colleges, Vol.23, Issue 4, pp.124-131, 2008. |
| 39 | Jae-ki Kim, Jeong-Hoon Shin, and Seung-joo Kim, "Study on the Femtocell Vulnerabiltiy Analysis Using Threat Modeling," The KIPS Tr. Comp. and Comm. Sys. Vol.5, No.8 pp.197-210, 2016. DOI |
| 40 | Suvda Myagmar, Adam J.Lee, William Yurcik, "Threat Modeling as a Basis for Security Requirements," in Symposium on Requirements Engineering for Information Security, Pittsburgh, 2005. |
| 41 | Steven F Burns, "Threat Modeling: A Process to Ensure Application Security," OWSP, 2005. |
| 42 | Caroline Mockel and Ali E. Abdallah, "Threat modeling approaces and tools for securing architectural designs of an E-banking application," in Proceedings of the Information Assurance and Security, pp.149-154, 2010. |
| 43 | Sathya Prakash Kadhirvelan and Andrew Soderberg-Rivkin, "Threat Modelling and Risk Assessment within Vehicular Systems," M.S. dissertation, Chlmers University of Technology, Goteborg, Germany, 2014. |
| 44 | Jia Di and Scott Smith, "A Hardware Threat Modeling Concept for Trustable Integrated Circuits," in Proceedings of the Region 5 Technical Conference, 2007. |
| 45 | Marwan Abi-Antoun, Daniel Wang, and Peter Torr, "Checking Treat Modeling Data Flow Diagrams for Implementation Conformance and Security," in Proceeding of the International conference on Automated Software Engineering, pp.393-396, 2007. |
| 46 | ITSCC, "Supporting Document for Korean National Protection Profile for Network Device," V1.0, 2016. |
| 47 | ITSCC, "Supporting Document for Korean National Protection Profile for Virtual Private Network", V1.0, 2016. |
| 48 | ITSCC, "Supporting Document for Koeran National Protection Profile for Firewall", V1.0, 2016. |
 |
Korea Institute of Science and Technology Information
Gwahangno, Yuseong-gu, Daejeon, 305-806, Korea TEL : +82-42-869-1752
Copyright (c) 2009 KISTI. All Rights Reserved. For more information mail to
webmaster
