Browse > Article
http://dx.doi.org/10.3745/KTSDE.2019.8.6.223

A Design of Risk-Based Security Threat Assessment Process for Fighter-Aircraft Airworthiness Security Certification  

Kim, Hyunju (국방대학교 컴퓨터공학전공)
Kang, Dongsu (국방대학교 컴퓨터공학전공/사이버전과정)
Publication Information
KIPS Transactions on Software and Data Engineering / v.8, no.6, 2019 , pp. 223-234 More about this Journal
Abstract
Cyber attacks are an important factor that determines the victory and defeat of Network-centric wars in which advanced weapon systems are highly interlinked. In addition the increasing dependability on software as its develop as the latest fighter is demanding enhanced security measures for fighter software to Cyber attacks. In this paper, we apply the DO-326A, which is an airworthiness security certification standard, to design a risk-based security threat assessment process by reflecting characteristics and operational environment of fighter aircraft. To do this, we add the following steps in security threat assessment stage of DO-326A's airworthiness security certification process. First, we derive security threats of fighter. And then, we scored the security threat in terms of possibility and impact on the fighter. Finally, we determine the security risk severity.
Keywords
Airworthiness Certification; Cyber Attack; Fighter-Aircraft Software; Security Threat; Risk Assessment; Airworthiness Security Certification Process;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Government Accountability Office, FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen, GAO Report, 2015.
2 H. J. Kim and D. S. Kang, "A Study of Fighter-plane Airworthiness Security Certification," in Proceedings of KIPS, Vol.25, No.1, pp.117-120, 2018.
3 D. M. Seo, K. J. Cha, Y. S. Shin, C. H. Jeong, and Y. M. Kim, "Assessment Method of Step-by-Step Cyber Security in the Software Development Life Cycle," Jounal of KIISC, Vol.25, No.2, pp.363-373, 2015.
4 M. G. Han and T. K. Park, "A Study on Intergrated Airworthiness Certification Criteria for Avionics Software Safety and Security," Journal of the Korean Society for Aeronautical & Space Sciences, Vol.46, No.1, pp.86-94, 2018.   DOI
5 RTCA, DO-326A, Airworthiness Security Process Specification, Aug. 6, 2014.
6 RTCA, DO-356, Airworthiness Security Methods and Consideration, Sep. 23, 2014.
7 Adam Shostack, Threat Modeling: Designing for Security, H.Y., Yang, etc., Acorn Publisher, 2016.
8 E. J. Park and S. J. Kim, "Derivation of Security Requirements of Smart Factory Based on STRIDE Threat Modeling," Journal of the Korea Institute of Information Security & Cryptology, Vol.27, No.6, pp.1467-1482, 2017.   DOI
9 J. S. Han, K. J. Kim, and Y. J. Song, Introduction of UML, Hanbit Academy, 2008.
10 G. Sindre and A. L. Opdahl, "Templates for Misuse Case Description," Proceeding of. 7th International Workshop on Requirements Engineering, pp.26-28, 2001.
11 S. S. Choi, S. J. Jang, M. G. Choi, and G. S. Lee, "A Methodology for CC-based Security Requirements Analysis and Specification by using Misuse Case Model," Journal of KIISC, Vol.14, No.3, pp.85-100, 2004.
12 Common Criteria, Common Criteria for Information Technology Security Evaluation Version 3.1, 2017.
13 C. J. Alberts and A. J. Dorofee, OCTAVE Criteria, Version 2.0. Technical Report, Carnegie Mellon Software Engineering Institute, 2001.
14 ISO/IEC 27001, Information technology, Security techniques, Information security management systems, Requirements, 2014.
15 ISO/IEC 27005, Imformation Technology, Security techniques, Information security risk management, 2014.
16 J. H. Ko and K. S. Lee, "A Threat Statement Generation Method for Security Environment of Protection Profil," Journal of Society for e-Business Studies, Vol.8, No.3, pp. 69-86, 2003.
17 Matteo Meucci, Andrew Muller, "Testing Guide 4.0 Release," 2015.
18 J. S. Choi and K. H. Kook, "Secure Coding Rule Selecting Evaluation for Air Warfare System Considering Military Air Worthiness," Journal of Security Engineering, Vol.11, No. 6, pp.439-454, 2014.   DOI
19 CVE Details [Internet], https://www.cvedetails.com/(Search 2018. 12.16.)
20 K. S. Lee, J. H. Ko, S. J. Jang, S. J. Choi, and S. H. Hwang, Analysis of Security Environment for the Common Criteria based protection Profile, Research Report, Korea Information Security Agency, 2002.