• 정보보호학회논문지
• /
• 제14권3호
• /
• pp.85-100
• /
• 2004

모든 정보시스템은 보안기능이 강화된 정보보호시스템이라 할 수 있으며, 정보보호시스템의 품질을 높이기 위해서는 초기 요구사항 분석 단계에서 보안요구사항을 정형적이며 일관적으로 분석 및 명세하여야 한다. 본 논문에서는 UML의 Use Case 모델을 확장한 Misuse Case 모델을 이용하여 보안요구사항을 분석 및 명세하는 모델과 프로세스를 제시하였으며, 도출된 보안기능요구사항들을 제품화한 비용효과적인 보안제품 선정 알고리즘을 제시하였다. 제시한 모델 및 프로세스를 통해 개발된 정보보호시스템의 품질을 제고할 수 있을 것이다

• 융합보안논문지
• /
• 제5권3호
• /
• pp.67-73
• /
• 2005

소프트웨어 개발시 내재될 수 있는 취약성을 최소화하기 위해서는 요구사항 분석단계에서부터 보안 요구사항을 잘 정의하여야 한다. 본 논문에서는 객체지향 개발 방법론에서 소프트웨어 보안 요구사항 명세를 위한 체계적인 방안을 제시한다. 본 논문에서 제시한 방안은 크게 보안 목표 설정, 위협식별, 공격트리 작성 그리고 보안기능 명세로 이루어진다. 이 방법을 이용하면 소프트웨어가 가져야 할 보안 요구사항과 기능을 보다 명확하고 체계적으로 작성할 수 있다.

• 디지털산업정보학회논문지
• /
• 제6권2호
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• 인터넷정보학회논문지
• /
• 제17권5호
• /
• pp.25-32
• /
• 2016

There has been a rapid growth in the development of mobile application resulting from its wide usage for online transaction, data storage and exchange of information. However, an important issue that has been overlooked is the lack of emphasis on the security issues at the early stage of the development. In fact, security issues have been kept until the later stage of the implementation of mobile apps. Requirements engineers frequently ignore and incorrectly elicit security related requirements at the early stage of mobile application development. This scenario has led to the failure of developing secure and safe mobile application based on the needs of the users. As such, this paper intends to provide further understanding of the real challenges in extracting security attributes for mobile application faced by novice requirements engineers. For this purpose, two experiments on eliciting security attributes requirements of textual requirements scenario were conducted. The performance related to the correctness and time taken to elicit the security attributes were measured and recorded. It was found that the process of eliciting correct security attributes for mobile application requires effort, knowledge and skills. The findings indicate that an automated tool for correct elicitation security attributes requirement could help to overcome the challenges in eliciting security attributes requirements, especially among novice requirements engineers.

• 대한조선학회논문집
• /
• 제61권4호
• /
• pp.278-288
• /
• 2024

According to International Association of Classification Societies (IACS) Unified Requirement (UR) E26, ships contracted for construction after July 1, 2024 should be designed, constructed, commissioned and operated taking into account of cyber security. In particular, ship network monitoring tools should be installed in accordance with requirement 4.3.1 in IACS UR E26. In this paper, we propose a Security Information and Event Management (SIEM) security policy model for ships as an effective threat detection method by analyzing the cyber security regulations and ship network status in the maritime domain. For this purpose, we derived the items managed in the SIEM from the maritime cyber security regulations such as those of International Maritime Organization (IMO) and IACS, and defined 14 detection policies considering the status of the ship network. We also presents the detection policy for non-expert crews to understand it, and occurrence conditions depending on the ship's network environment to minimize indiscriminate alarms. We expect that the results of this study will help improve the efficiency of ship SIEM to be installed in the future.

• Journal of information and communication convergence engineering
• /
• 제5권1호
• /
• pp.64-67
• /
• 2007

IT industry strategy trend and home network security technology is presented. First, we consider the development strategy to improve next generation IT industry. Second, we have analyzed the technique for implementing home network. Last, we have analyzed the technique to security home network field.

• 안보군사학연구
• /
• 통권1호
• /
• pp.361-390
• /
• 2003

In this paper, we analyze the security requirement for a circulation of the classified documents. During the whole document process phases, including phases of drafting, sending/receiving messages, document approval, storing and saving, reading, examining, out-sending and canceling a document, we catch hold of accompanied threat factors and export every threat factors of security. We also propose an appropriate and correspondent approach for security in a well-prepared way. Last, we present the security guidelines for security architecture of the classified documents circulation.

• International Journal of Computer Science & Network Security
• /
• 제23권8호
• /
• pp.199-203
• /
• 2023

Influential trend that widely reflected the software engineering industry is service oriented architecture. Vendors are migrating towards cloud environment to benefit their organization. Companies usually offer products and services with a goal to solve problems at customer end. Because customers are more interested in solution of their problem rather than focusing on products or services. In software industry the approach in which customers' problems are solved by providing services is known as software as a service. However, software development life cycle encounters enormous changes when migrating software from product model to service model. Enough research has been done on the overall development process but a limited work has been done on the factors that influence requirements elicitation process. This paper focuses on those changes that influence requirement elicitation process and proposes a systematic methodology for transformation of software from product to service model in a successful manner. The paper then elaborates the benefits that inherently come along with elicitation process in cloud environment. The paper also describes the problems during transformation. The paper concludes that requirement engineering process turn out to be more profitable after transformation of traditional software from product to service model.

• 정보보호학회논문지
• /
• 제23권3호
• /
• pp.471-478
• /
• 2013

산업제어시스템은 초기에 주로 아날로그 형태로 구축되었다. 그러나 산업발전에 따라 운영에 필요한 센서들이 증가하면서 시스템이 복잡해지고 정밀함이 요구되어 디지털 설계의 필요성이 높아졌다. 그런 필요성에 발맞추어 디지털 시스템들의 안정성은 크게 향상되었고, 최근에는 원전을 포함한 대부분의 제어시스템들이 디지털로 설계되고 있다. 산업제어시스템의 디지털 활용이 점차 개방화 표준화되면서 잠재적인 사이버 위협세력에 의한 제어시스템 침투 및 파괴 가능성이 매우 높아졌다. 이에 따라 국내 외에서는 위협의 식별과 효과적인 대책마련을 위하여 다양한 노력을 기울이고 있다. 본 논문은 관련지침 분석을 통해 제어시스템과 원전제어시스템의 공통되는 보안요구사항을 취하고, 향후 원전 인 허가 요건으로 필수적인 원전 사이버보안 체계 개발방안을 제안한다.

• 한국산학기술학회논문지
• /
• 제11권3호
• /
• pp.926-930
• /
• 2010

본 논문은 컴포넌트 기반의 보안 시스템 개발을 위해 요구되는 개발 프레임워크에 관한 것이다. 정보시스템의 개발방법론 적용과 함께, 정보보호 제품의 개발방법론 적용이 현시점에 요구되고 있다. 본 논문에서는 개발방법의 NIST 요구규격, SDLC 단계별 요구기준, 위험평가 주요 보안 가이드 라인을 살펴보았다. 또한 SDLC 주요 보안 요소를 살펴보았고, 컴포넌트 기반 보안 프레임워크 수립에 대한 이해를 돕기 위해, 위협트리 STRIDE 기반의 외부 엔티티에 대한 스푸핑 측면에서 보안설계와 DFD 관계를 분석 제시하였다.