• Review of KIISC
• /
• v.21 no.6
• /
• pp.67-72
• /
• 2011

카네기멜론 대학의 SEI(Software Engineering Institute)는 개인 의료 정보의 보안을 규정한 HIPP A(Health Insurance Portability and Accountability Act)의 조항을 미 국방부(DoD)가 제청하면서 직면하게 된 보안 준수의 난항을 해결하기 위해서 TATRC(Telemedicine and Advanced Technology Research Center)와 공동으로 자산 식별 및 정보보호 위험평가를 위한 방법론인 OCTAVE를 개발하였다. 이후 조직의 운영 과정에서 발생하는 위험의 내성을 높이기 위한 질적 위험평가 기준이 개발되었으며 이를 통해 조직의 중요한 자산 및 잠재적 위협과 취약점을 식별하는 위험평가 방법으로 발전하였고, 2005년에는 100명이하의 소규모 조직에 적합한 OCTAVE-S가 발표되었다. 오늘날 급변하고 있는 IT 환경에서 기존의 OCTAVE 보다 간소화되고 최적화된 위험평가 프로세스를 제공하기 위해서 2007년에 OCTAVE Allegro 프레임워크가 개발되었다. 본고에서는 기존의 OCTAVE 방법론의 주요 특정을 살펴보고, 정보자산 중심의 OCTAVE Allegro 위험 평가 방법론을 소개한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10d
• /
• pp.67-69
• /
• 2002

레거시 시스템은 수년간 기업에서 많은 노력과 투자하여 개발되어 왔으며 현재는 기업의 중요한 자산으로 여겨지고 있다. 하지만 수많은 수정을 거치면서 시스템은 점차 비구조화 되어지고 그에 따른 문서화 작업이 제대로 이루어지지 않았으며, 과거의 중앙 집중적인 메인 프레임환경을 웹과 같은 분산 환경으로 이전하고자 하는 비즈니스 요구사항이 점차 증대되고 있다. 본 논문에서는 레거시 시스템을 컴포넌트 래핑 기술을 이용하여 엔터프라이즈 자바 빈(EJB)으로 생성하는 지원도구 개발의 일환인 레거시 컴포넌트 식별 기법을 소개한다. 제안된 식별 기법은 비즈니스 로직을 변수 분류(Variable Classification), 슬라이싱 판별 기준, 워크플로워 분석을 이용한 레거시 컴포넌트 후보를 식별하는 방법을 제시한다.

• Journal of KIISE:Software and Applications
• /
• v.34 no.4
• /
• pp.328-341
• /
• 2007

When the decision to initiate a software product line has been taken, the first step is the domain analysis describing the variability in the requirements, the second important step is the definition of a domain architecture that captures the overall structure of a series of closely related products. A domain architecture can be a core asset in product line by describing the commonalities and variabilities of the products contained in the software product line. The variabilities, which are identified at each phase of the core assets development, are diverse in the level of abstraction. Therefore, it is important to clearly define, systematically identify, and explicitly represent variability at the architectural level. However, it is difficult to identify and represent the variability which should be considered at the architecture level, because these may be appeared in architecture elements and in architecture configuration. In this paper, we suggest a method of developing domain architecture as a core asset in product line where commonality and variability are explicitly considered. First of all, we will describe a domain architecture metamodel that can explicitly define commonality and variability concepts by extending the Object Management Group's ($OMG^{TM}$ Reusable Asset Specification eRAS) model. Using the domain architecture metamodel, architecture elements are defined and the variations that can be identified at the architecture level are classified into two types in according th abstract level. Additionally, we describe a domain architecture where commonality and variability are explicitly considered on basis of this metamodel.

• Journal of KIISE
• /
• v.44 no.10
• /
• pp.1071-1080
• /
• 2017

With today's complex networks, asset identification of network devices is becoming an important issue in management and security. Because these assets are connected to the network, it is also important to identify the network structure and to verify the location and connection status of each asset. This can be used to identify vulnerabilities in the network architecture and find solutions to minimize these vulnerabilities. However, in an IoT(Internet of Things) network with a small amount of resources, the Traceroute packets sent by the monitors may overload the IoT devices to determine the network structure. In this paper, we describe how we improved the existing the well-known double-tree algorithm to effectively reduce the load on the network of IoT devices. To balance the load, this paper proposes a new destination-matching algorithm and attempts to search for the path that does not overlap the current search path statistically. This balances the load on the network and additionally balances the monitor's resource usage.

• Journal of KIISE:Software and Applications
• /
• v.33 no.6
• /
• pp.550-563
• /
• 2006

Software product line engineering is a method that prepares for the future reuse and supports to seamless reuse in application development process. Commonality and variability play central roles in all product line development processes. Reusable assets will become core assets by explicitly representing C&V. Indeed, the variabilities that art identified at each phase of core assets development have different levels of abstraction. In the past, these variabilities have been handled in an implicit manner and without distinguishing the characteristics of each core assets. In addition, previous approaches have depended on the experience and intuition of a domain expert to recognize commonality and variability. In this paper, we suggest a 2-dimensional analyzing method that analyzes the variabilities of core assets in software product line. In horizontal analysis process, the variation types are analyzed in requirements, architecture, and component that are produced at each phase of development process. In vertical analysis process, variations are analyzed in different abstract levels, in which the region of commonality is identified and the variation points are refined. By this method, the traceability of variations between core assets will be possible and core assets can be reused seamlessly.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.264-266
• /
• 2015

Currently as cyber threats grow up targeting nuclear power plants(NPP), licensees must guarantee that computer and information systems of nuclear facilities can be adequately protected against cyber attack. Especially critical system that cause illegal transfer of nuclear material and adverse impact to public safety need protecting. In this paper, we surveying the cyber threat examples targeted at NPP, and taxonomy the method of cyber security for NPPs in korea through analyzing the methodology to identify critical system and address cyber security controls for nuclear facilities.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07b
• /
• pp.295-297
• /
• 2005

CEC, 근접방어무기체계, 지휘통제체계 등에 사용되는 위협평가시스템은 자동위협평가, 방어구역 위협지수, 무기할당 등의 공통된 기능을 포함하고 있고, 시스템 환경의 변화 또는 성능 향상에 따라 수시로 업그레이드가 요구된다. 따라서 본 논문에서는 생산성 향상과 중복투자 방지로 인한 비용감소 효과를 거둘 수 있는 제품계열 방법론을 위협평가시스템 개발에 적용하는 방안을 제안한다. 위협평가시스템의 제품계열 방법론 적용을 위해 핵심자산 개발 프로세스를 수행하여 제품계열 영역지정, 핵심자산, 제품계획을 정의한다. 제품계열 영역지정은 Feature 모델링을 이용하여 공통점과 차이점을 식별하고, 핵심자산은 아키텍처 설계 중심으로, 그리고 각 핵심자산의 부착 프로세스를 종합하여 제품계획을 수립한다.

• Proceedings of the Korean Radioactive Waste Society Conference
• /
• 2016.10a
• /
• pp.519-520
• /
• 2016

• Journal of KIISE:Software and Applications
• /
• v.33 no.3
• /
• pp.277-288
• /
• 2006

Product line engineering (PLE) is a new effective approach to software reuse, where applications are generated by instantiating a core asset which is a large-grained reuse unit. Hence, a core asset is a key element of PLE, and therefore the reusability of the core asset largely determines the success of PLE projects. A tore asset is a reusable part not a whole system, and supports not only variable functions but also common functions. However, there are limitations to evaluate reusability of core asset that has these unique characteristics. This paper proposes a comprehensive quality system for evaluating the reusability of core assets, based on ISO/IEC 9126. We first identify the key characteristics of core assets, and derive the set of quality attributes that characterizes the reusability of core assets. finally, we define metrics for each quality attribute. In addition, we provide guidelines for applying the metrics and perform a case study based on rental product line. Using the proposed quality system, reusability of core assets can be more effectively and correctly evaluated.

• 한국IT서비스학회:학술대회논문집
• /
• 2003.05a
• /
• pp.347-354
• /
• 2003

현업무연속성 관점에서 IDEF 접근방법에 의해서 주요 업무 프로세스를 파악하고, 관련 정보자산을 Skandia 모형으로 식별 한 후에, OCTAVE 접근방법에 의해서 위협을 단계적으로 분석하기 위해서, Nessus Version 1.4.2 를 이용하여 도서관 정보시스템 중에서 가장 중요한 자산인 서버에 대해서 취약성을 평가했다. 기존 OCTAVE 접근방법에 IDEF 접근방법과 Skandia 모형을 동시에 이용하는 수정된 OCTAVE 접근방법을 이용한 취약성 평가 사례를 제시했다.