Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2021.11.10.144

Threat Diagnostic Checklists of Security Service in 5G Communication Network Virtualization Environment  

Hong, Jin-Keun (FCTech/Division of Smart IT Engineering, Baekseok University)
Publication Information
Journal of Convergence for Information Technology / v.11, no.10, 2021 , pp. 144-150 More about this Journal
Abstract
The purpose of this paper is to review the direction of the slicing security policy, which is a major consideration in the context of standardization in 5G communication network security, to derive security vulnerability diagnosis items, and to present about analyzing and presenting the issues of discussion for 5G communication network virtualization. As for the research method, the direction of virtualization security policy of 5G communication network of ENISA (European Union Agency for Cybersecurity), a European core security research institute, and research contents such as virtualization security policy and vulnerability analysis of 5G communication network from related journals were used for analysis. In the research result of this paper, the security structure in virtualization security of 5G communication network is arranged, and security threats and risk management factors are derived. In addition, vulnerability diagnosis items were derived for each security service in the risk management area. The contribution of this study is to summarize the security threat items in 5G communication network virtualization security that is still being discussed, to be able to gain insights of the direction of European 5G communication network cybersecurity, and to derive vulnerabilities diagnosis items to be considered for virtualization security of 5G communication network. In addition, the results of this study can be used as basic data to develop vulnerability diagnosis items for virtualization security of domestic 5G communication networks. In the future, it is necessary to study the detailed diagnosis process for the vulnerability diagnosis items of 5G communication network virtualization security.
Keywords
Communication; Network; Security; Risk; Virtualization;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D. Czagan. (2014). Qualitative Risk Analysis with the DREAD Model. Technical report(Online). http://resources.infosecinstitute.com/qualitative-risk-analysis-dread-model.
2 I. Alexander. (2003). Misuse cases: use cases with hostile intent. IEEE Software, 20(1), 58-66. DOI : 10.1109/MS.2003.1159030   DOI
3 P. Saitta, B. Larcom & M. Eddington. (2005) Trike v1 methodology document. Draft, work in progress. http://dymaxion.org/trike/Trike_v1_Methodology_Documentdraft.pdf.
4 J. Jurjens. (2002). UMLsec: Extending UML for secure systems development. In International Conference on The Unified Modeling Language (pp. 412-425). Springer, Berlin, Heidelberg. DOI : 10.1007/3-540-45800-X_32   DOI
5 C. Alberts et al. (2003). Introduction to the OCTAVE approach. Carnegie Mellon University, Pittsburgh, PA
6 H. Lohr et al. (2009). Modeling trusted computing support in a protection profile for high assurance security kernels. In International conference on trusted computing (pp. 45-62). Springer, Berlin, Heidelberg.
7 T. UcedaVelez. (2012). Real World Threat Modeling Using the PASTA Methodology. OWASP. Technical report. https://www.owasp.org/images/a/aa/AppSecEU2 012_PASTA.pdf.
8 M. S. Lund, B. Solhaug & K. Stolen. (2010). Model-driven risk analysis: the CORAS approach. Springer Science & Business Media.
9 J. Singh, A. Refaey & A. Shami. (2020). Multilevel Security Framework for NFV Based on Software Defined Perimeter. Journal of IEEE Network, 34(5), 114-119. DOI : 10.1109/MNET.011.1900563   DOI
10 B. Schneier. (1999). Attack trees. Dr. Dobb's J. Technical report(Online). https://www.schneier.com/academic/archives/1999/12/attack_trees.html.
11 J. H. Won, J. W. Hong & Y. Y. You. (2018). A study on the improvement of security threat analysis and response technology by IoT layer. Journal of Convergence for information, 8(6), 149-157. DOI : 10.22156/CS4SMB.2018.8.6.149   DOI
12 M. Kataev, L. Bulysheva, L. Xu, Y. Ekhlakov, N. Permyakova & V. Jovanovic. (2020). Fuzzy model estimation of the risk factors impact on the target of promotion of the software product. Enterprise Information Systems, 14(6), 797-81. DOI : 10.1080/17517575.2020.1713407   DOI
13 Abdullah Jameel Rowaished, Mohammed Mubarak Ghefaily (2021). An Overview into Applications and Risks in 5G NR Technology. Journal of IJECE, 8(3), 1-2. DOI : 10.14445/23488549/IJECE-V8I3P103   DOI
14 B. Young & E. B. ChoiMatthew. (2021). The Security Risks and Challenges of 5G Communications. International Journal of Cyber Research and Education, 3(2), 36-53. DOI : 10.4018/IJCRE.2021070104   DOI
15 Y. Wu, L. Wang, D. Cheng & T. Dai (2021). Information security decisions of firms considering security risk interdependency. Journal of Expert Systems with Applications, 178, 1-15. DOI : 10.1016/j.eswa.2021.114990   DOI
16 Cyral. (n.d.). Threat Modeling With STRIDE(Online). https://cyral.com/glossary/threat-modeling-with-stride/
17 H. J. Mun & G. H. Choi & Y. C. Hwang. (2016). Countermeasure to underlying security threats in IoT communication. Journal of Convergence for Information, 6(2), 37-43. DOI : 10.22156/CS4SMB.2016.6.2.037   DOI
18 J. K. Cho. (2019). Study on improvement of vulnerability diagnosis items for PC security enhancement. Journal of Covergence for Information, 9(3), 1-7. DOI : 10.22156/CS4SMB.2019.9.3.001   DOI
19 R. Khondoker. (2018). SDN and NFV Security: Security Analysis of Software-Defined Networking and Network Function Virtualization (Vol. 30). Springer LNCS Publishing.
20 M. Siavvas, D. Tsoukalas, M. Jankovic & D. Kehagias & D. Tzovaras. (2020). Technical debt as an indicator of software security risk: a machine learning approach for software development enterprises. Enterprise Information Systems, 1-43. DOI : 10.1080/17517575.2020.1824017   DOI