• Title/Summary/Keyword: Security Requirements Engineering

Search Result 332, Processing Time 0.036 seconds

A Study on Security Framework in Digital Home Environments (디지털홈 환경에서의 보안 프레임워크 연구)

  • 김도우;한종욱;주홍일;이윤경
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2004.05b
    • /
    • pp.724-727
    • /
    • 2004
  • With the development of modem communication and networking technology, more and more computing and communication facilities, automation equipments, hone information appliances and different type of networking terminals come into home all over the world. The user can control information appliances in home environments. The home environment can communicate with the external network via phone line, wired LAN, wireless LAN, or mixed. However, home information appliances that are connected to the external network are under attack and need to be secured. So specifying suitable security requirements and policies for digital home environment is critical in hone networking environments. This paper analyzes the possible vulnerability to home network, and specifies the security requirements derived from the vulnerability analysis for digital home environment

  • PDF

Traffic Analysis Architecture for Secure Industrial Control System (안전한 제어시스템 환경을 위한 트래픽 분석망 설계)

  • Lee, Eun-Ji;Kwak, Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.5
    • /
    • pp.1223-1234
    • /
    • 2016
  • The Industrial control system is adopted by various industry field and national infrastructure, therefore if it received cyber attack, the serious security problems can be occured in the public sector. For this reason, security requirements of the industrial control system have been proposed, in accordance with the security guidelines of the electronic control system, and it is operated by separate from the external and the internal network. Nevertheless, cyber attack by malware (such as Stuxnet) targeting to control system have been occurred continuously, and also the real-time detection of untrusted traffic is very difficult because there are some difficulty of keeping up with quickly evolving the advent of new-variant malicious codes. In this paper, we propose the traffic analysis architecture for providing secure industrial control system based on the analyzed the security threats, the security requirements, and our proposed architecture.

Detection Mechanism on Vehicular Adhoc Networks (VANETs) A Comprehensive Survey

  • Shobana, Gopalakrishnan;Arockia, Xavier Annie R.
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.6
    • /
    • pp.294-303
    • /
    • 2021
  • VANET is an upcoming technology with an encouraging prospect as well as great challenges, specifically in its security. This paper intends to survey such probable attacks and the correlating detection mechanisms that are introduced in the literature. Accordingly, administering security and protecting the owner's privacy has become a primary argument in VANETs. To furnish stronger security and preserve privacy, one should recognize the various probable attacks on the network and the essence of their behavior. This paper presents a comprehensive survey on diversified attacks and the recommended unfolding by the various researchers which concentrate on security services and the corresponding countermeasures to make VANET communications more secure.

Diagrammatic Formalism for Complex Systems: More than One Way to Eventize a Railcar System

  • Al-Fedaghi, Sabah
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.2
    • /
    • pp.130-141
    • /
    • 2021
  • This paper is in the intersection of software engineering and system engineering, two intimately intertwined disciplines. A dominating theme in this paper is the integral conceptualization of systems at large, as well as an underlying concern with software systems. In the software development life cycle, challenges still exist in translating requirements into a design artifact and then into an implementation (e.g., coding), then validating the results. From our perspective, software engineering requires an integrating paradigm toward a unified modeling orientation. Many methodologies, languages, and tools exist for facilitating system development processes. This paper is a venture into project development. To focus the materials, we concentrate on Harel's novel (and classic) development environment, which integrates a scenario-based engineering object orientation and statecharts through developing a railcar system. The railcar system is used as a detailed sample of translating requirements into a design artifact and then into an implementation, then validating the result. The project is re-cased as a single integrated modeling endeavor to be contrasted with the scenario and statecharts' development. The result of this scheme is an enriched understanding through experimenting with and contrasting various development methods of software projects.

Vulnerability and Security Requirement Analysis on Security Token and Protection Profile Development based on Common Criteria Version 3.1 (보안토큰의 취약성/보안요구사항 분석 및 CC v3.1 기반 보호프로파일 개발)

  • Kwak, Jin;Hong, Soon-Won;Yi, Wan-Suck
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.2
    • /
    • pp.139-150
    • /
    • 2008
  • Recently, financial institutes and industrial companies are adopted to security token such as OTP, smart card, and USB authentication token and so on for secure system management and user authentication. However, some research institutes have been introduced security weaknesses and problems in security tokens. Therefore, in this paper, we analyses of security functions and security requirements in security token performed by analyses of standardization documents, trends, security problems, attack methods for security tokens. Finally, we propose a CC v.3.1 based security token protection profile.

A Design for Security Functional Requirements of IoT Middleware System (IoT(Internet of Things) 시스템 미들웨어 보안기능요구사항 설계)

  • Jung, Hyun Mi;Jeong, Kimoon;Cho, Han Jin
    • Journal of the Korea Convergence Society
    • /
    • v.8 no.11
    • /
    • pp.63-69
    • /
    • 2017
  • The middleware in the IoT system is software that acts as a messenger to connect and exchange data between humans and objects, objects and objects. IoT middleware exists in various forms in all areas, including hardware, protocol, and communication of different kinds, which are different in form and purpose. However, IoT middleware exists in various forms across different areas, including hardware, protocol, and communication of different types and purposes. Therefore, even if the system is designed differently for each role, it is necessary to strengthen the security in common. In this paper, we analyze the structure of IoT middleware using Service Oriented Architecture(SOA) approach and design system security requirements based on it. It was defined: Target Of Evaluation(TOE) existing system development method and the object is evaluated by Common Criteria(CC) for verification based otherwise. The proposed middleware system will be correlated with the security problem definition and the security purpose, which will be the basis for implementing the security enhanced IoT system.

A Study on Security Weakness and Threats in Personal Health Record Services (개인건강기록 서비스에서 보안취약성 및 위협요소에 관한 연구)

  • Yi, Myung-Kyu;Hwang, Hee-Joung
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.15 no.6
    • /
    • pp.163-171
    • /
    • 2015
  • Personal Health Records(PHR) service offers patients a convenient and easy-to-use solution for managing their personal health records, crucial medical files, and emergency contacts. In spite of the indispensable advantages, PHR service brings critical challenges that cannot be avoided from consumer side if the security of the data is concerned. The problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the fusion of PHR technology and healthcare. In this paper, therefore, we analyze the various security aspects that are vulnerable to the PHR service and needed to be resolved. Moreover, we analyze the security requirements from the point of view of the PHR users and application service providers and provides the PHR security mechanism for addressing PHR security threats and satisfying PHR security requirements.

Secure Authentication with Mobile Device for Ubiquitous RFID Healthcare System in Wireless Sensor Networks

  • Kim, Jung-Tae
    • Journal of information and communication convergence engineering
    • /
    • v.9 no.5
    • /
    • pp.562-566
    • /
    • 2011
  • As telecommunication technologies in telemedicine services are developed, the expeditious development of wireless and mobile networks has stimulated wide applications of mobile electronic healthcare systems. However, security is an essential system requirement since many patients have privacy concerns when it comes to releasing their personal information over the open wireless channels. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well prepared. In this paper, we analyzed authentication and authorization procedures for healthcare system architecture to apply secure M-health systems in the hospital environment. From the analyses, we estimate optimal requirements as a countermeasure to its vulnerabilities.

The Study on the Cyber Security Requirements of Cyber-Physical Systems for Cyber Security Frameworks (사이버-물리 시스템의 보안 프레임워크 개발을 위한 보안 요구사항 분석 연구)

  • Park, Soo-Youl;Choi, Wook-Jin;Chung, Bo-Heung;Kim, Jeong-Nyeo;Kim, Joo-Man
    • IEMEK Journal of Embedded Systems and Applications
    • /
    • v.7 no.5
    • /
    • pp.255-265
    • /
    • 2012
  • A cyber-physical system(CPS) is a collection of cyber and physical components that interact with each other to achieve a particular application. Here, the CPS is emerged the reliability and security problems. Particularly, the defect of reliability in the data/control transmission under the CPS can lead to serious damage. We discuss the reliability and security problem on CPS architecture. Then we would suggest the considerations of cyber security in industrial control systems built with CPS.

Study on Security Framework of Thin-Client Robot (Thin-Client 로봇 보안 프레임워크에 관한 연구)

  • Kim, Geon-Woo;Han, Jong-Wook
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2008.10a
    • /
    • pp.720-723
    • /
    • 2008
  • RUPI-based robot service provides a variety of robot services guaranteeing extensibility and flexibility by communications between heterogeneous robots and servers. Unlike rich-client robot of high H/W performance and computing ability, as thin-client robot supports limited capability, it has some difficulty in performing security algorithms requiring relatively high computation power. Therefore, in this paper, we propose security framework of thin-client robot containing security threats, security requirements, and security functions.

  • PDF