Browse > Article
http://dx.doi.org/10.3745/KTCCS.2021.10.5.145

Derivation of Security Requirements for Cloud Managing Security Services System by Threat Modeling Analysis  

Jang, Hwan (한국방송통신대학교 정보과학과)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.10, no.5, 2021 , pp. 145-154 More about this Journal
Abstract
Recently, the introduction of Cloud Managing Security Services System to respond to security threats in cloud computing environments is increasing. Accordingly, it is necessary to analyze the security requirements for the Cloud Managing Security Services System. However, the existing research has a problem that does not reflect the virtual environment of the cloud and the data flow of the Cloud Managing Security Services System in the process of deriving the requirements. To solve this problem, it is necessary to identify the information assets of the Cloud Managing Security Services System in the process of threat modeling analysis, visualize and display detailed components of the cloud virtual environment, and analyze the security threat by reflecting the data flow. Therefore, this paper intends to derive the security requirements of the Cloud Managing Security Services System through threat modeling analysis that is an improved existing research.
Keywords
Cloud Managing Security Services System; Threat Modeling Analysis; Security Function Requirements;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Jae-Ki Kim, Jeong-Hoon Shin, and Seung-Joo Kim, "Study on the Femtocell Vulnerability Analysis Using Threat Modeling," KIPS Transactions on Computer and Communication Systems, Vol.5, No.8 pp.197-210, Aug. 2016.   DOI
2 National Institutes of Standards and Technology, "NIST Cloud Computing Standards Roadmap," Jul. 2013.
3 Cloud Security Alliance, "Defined Categories of Security as a Service," 2016.
4 Hye-Won KIM, Ho-Jun Yu, and Jae-Woo Lee, "Research on technical security threats of email cloud security service (E-mail SecaaS) Focusing on threat modeling techniques," Korea Institute of Information Security And Cryptology, pp.57-64(8). 2017.
5 Jisoo Park and Seungjoo Kim, "Security Requirements Analysis on IP Camera via Threat Modeling and Common Criteria," Korea Information Processing Society, Vol.6, No.3 121-123. 2017.
6 Korea Internet & Security Agency, "Casebook of Cloud Security Support Project," 2019.
7 Jang Hwan, "Cloud SOC's forensic compliance reflects the shared responsibility model". Proc. Conference on Information Security and Cryptography, pp.41-44, 2020.
8 Ye-Seul Cha and Seung-joo Kim, "A Study on Security Requirements of Electric Vehicle Charging Infrastructure Using Threat Modeling," Journal of The Korea Institute of Information Security & Cryptology, Vol.27, No.6, pp.1441-1455, Dec. 2017.   DOI
9 Tong Xin and Ban Xiaofang, "Online Banking Security Analysis based on STRIDE Threat Model," International Journal of Security and Its Applications, Vol.8, No.2, pp.271-282, 2014.   DOI
10 Jeong-Seok Jo and Jin Kwak, "STRIDE and HARM Based Cloud Network Vulnerability Detection Scheme," Journal of The Korea Institute of Information Security & Cryptology, VOL.29, NO.3, pp.599-612, Jun. 2019.   DOI
11 The Open Web Application Security Project, "OWASP Top Ten Web Application Security Risks | OWASP" [Internet], https://owasp.org/www-project-top-ten.
12 James Sanfilippo, Tamirat Abegaz, Bryson Payne, and Abi Salimi, "STRIDE-Based Threat Modeling for MySQL Databases," Proceedings of the Future Technologies Conference, pp.368-378, 2019.
13 Hong Paul, Lee Sangmin, Park Minsu, and Kim Seungjoo, "Threat-Based Security Analysis for the Domestic Smart Home Appliance," KIPS Transactions on Computer and Communication Systems, Vol.6, No.3, pp.143-158, Mar. 2017.   DOI
14 Telecommunications Technology Association, "TTA Inf ormation and Communication Glossary" [Internet], https://terms.tta.or.kr/main.do.
15 Seung-Wan Son, Kwang-Seok Kim, Jung-Won Choi, and Gang-Soo Le, "Development of Managing Security Services System Protection Profile," Journal of Digital Contents Society, Vol.16 No.2, pp.345-353, 2015.   DOI
16 Malik Nadeem Anwar, Mohammed Nazir, Adeeb, and Mansoor Ansari, "Modeling Security Threats for Smart Cities: A STRIDE-Based Approach," Proc. Smart Cities-Opportunities and Challenges, pp.387-396, 2020.
17 Eun-ju Park, Seung-joo Kim, "Derivation of Security Requirements of Smart Factory Based on STRIDE Threat Modeling," Journal of The Korea Institute of Information Security & Cryptology, Vol.27, No.6, pp.1467-1482, Dec. 2017.   DOI
18 Seung-young Ma, Jung-ho Ju, and Jong-sub Moon, "The security requirements suggestion based on cloud computing security threats for server virtualization system," Journal of The Korea Institute of Information Security & Cryptology, Vol.25, No.1, pp.95-105, Feb. 2015.   DOI
19 Soo-young Kang and Seung-joo Kim, "Analysis of Security Requirements for Secure Update of IVI(In-Vehicle-Infotainment) Using Threat Modeling and Common Criteria," Journal of The Korea Institute of Information Security & Cryptology, Vol.29, No.3, pp.613-628, Jun. 2019.   DOI
20 In-Kyung Oh, Jae-Wan Seo, Min-Kyu Lee, Tae-Hoon Lee, Yu-Na Han, Ui-Seong Park, Han-Byeol Ji, Jong-Ho Lee, Kyu-Hyung Cho, and Kyounggon Kim, "Derivation of Security Requirements of Smart TV Based on STRIDE Threat Modeling," Journal of The Korea Institute of Information Security & Cryptology, Vol.30, No.2, pp.213-230, 2020.   DOI