Browse > Article
http://dx.doi.org/10.9717/kmms.2015.18.11.1342

Fault Tree Analysis and Failure Mode Effects Analysis for Software Security Improvements in Mobile Banking Information Systems  

Kim, So Young (Dept. of Information Systems, Pukyong Nat. Univ.)
Kim, Myong Hee (Dept. of IT Convergence and Application Engineering, PuKyong Nat. Univ.)
Park, Man-Gon (Dept. of IT Convergence and Application Engineering, PuKyong Nat. Univ.)
Publication Information
Journal of Korea Multimedia Society / v.18, no.11, 2015 , pp. 1342-1350 More about this Journal
Abstract
Due to rapid development of mobile device technologies, the mobile banking through Internet has become a major service of banking information systems as a security-critical information systems. Recently, lots of mobile banking information systems which handle personal and transaction information have been exposed to security threats in vulnerable security control and management processes, mainly software systems. Therefore, in this paper, we propose a process model for software security improvements in mobile banking information system by application of fault tree analysis(FTA) and failure modes and effects analysis(FMEA) on the most important activities such as 'user authentication' and 'access control' and 'virus detection and control' processes which security control and management of mobile banking information systems are very weak.
Keywords
Software Security; Security-Critical Information Systems; Mobile Banking Information Systems; Fault Tree Analysis(FTA); Failure Modes and Effects Analysis;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 H.G. Shin, “Year 2013 Predictive Analysis of Information Security Trends in Banking IT,” Journal of Payment Settlement and IT, Vol. 51, pp. 581-586, 2013.
2 J.S. Seong, “A Study on the Prevention of Security Incident,” Journal of Security Engineering, Vol. 9, No. 6, pp. 503-510, 2012.
3 M.H. Kim, W. Toyib, and M.G. Park, “An Integrative Method of FTA and FMEA for Software Security Analysis of a Smart Phone,” Korean Information Processing Society Transactions on Computer and Communication Systems, Vol. 2, No. 12, pp. 541-552, 2013.
4 S.M. Jang and M.G. Park, “A Study on the Fault Analysis and Security Assessment for Smart Card Management System,” Journal of Korea Multimedia Society, Vol. 17, No. 1, pp. 52-59, 2014.   DOI
5 M.H. Kim, E.J. Jin, and M.G. Park, “Fault Tree Analysis and Fault Modes and Effect Analysis for Security Evaluation of IC Card Payment Systems,” Journal of the Korean Multimedia Society, Vol. 16, No. 1, pp. 87-99, 2013.   DOI
6 Ubiquitous Management Academy Consulting, http://consulting.u-mac.co.kr/pds/quality/list.asp?sch_head=m_title&sch_string=fmea (accessed on April., 1, 2015).
7 J.H. Lee, “Usage and Problems of Authentication Certificate on Smart Environment,” Journal of Internet and Security Focus, Korea Internet and Security Agency, Vol. 3, pp. 23-53, 2013.
8 B.K. Lee, A Research on Discovering New Vulnerabilities and Analyzing Methods in Domestic Mobile Environment, KISA-WP-2012-0009, Research Report of the Korea Internet & Security Agency, 2012.
9 S.Y. Kim, M.H. Kim, and M.G. Park, “A Study on the Information Security Control and Management Process in Mobile Banking System,” Journal of the Korean Multimedia Society, Vol. 18, No. 2, pp. 218-232, 2015.   DOI
10 J.C. Ryu, A Study of Malware Detection Based on Mobile OS, KISA-WP-2010-0057, Research Report of the Korea Internet & Security Agency, 2010.
11 J. Nie and X. Hu, "Mobile Banking Information Security and Protection Methods," Proceeding 2008 International Conference on Computer Science and Software Engineering, pp. 587-590, 2008.
12 White Paper of FIS Consulting Services, http://www.fisglobal.com/ucmprd-pub/groups/public/documents/document/c028786.pdf (accessed on April, 1, 2015).
13 K. Streff and J. Haar, “An Examination of Information Security in Mobile Banking Architectures,” Journal of Information Systems Applied Research, Vol. 2, No. 2, pp. 1-16, 2009.