• Title/Summary/Keyword: Security design

Search Result 3,398, Processing Time 0.035 seconds

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

  • Song, Jae-Gu;Lee, Jung-Woon;Lee, Cheol-Kwon;Kwon, Kee-Choon;Lee, Dong-Young
    • Nuclear Engineering and Technology
    • /
    • v.44 no.8
    • /
    • pp.919-928
    • /
    • 2012
  • The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

A Development of the Unified Object-Oriented Analysis and Design Methodology for Security-Critical Web Applications Based on Object-Relational Database - Forcusing on Oracle11g - (웹 응용 시스템 개발을 위한 보안을 고려한 통합 분석·설계 방법론 개발 - Oracle11g를 중심으로 -)

  • Joo, Kyung-Soo;Woo, Jung-Woong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.12
    • /
    • pp.169-177
    • /
    • 2012
  • In the development process of application systems, the most important works are analysis and design. Most of the application systems are implemented on database system. So, database design is important. Also, IT System are confronted with more and more attacks by an increase interconnections between IT systems. Therefore security-related processes belong to a very important process. Security is a complex non-functional requirement that can interaction of many parts in the system. But Security is considered in the final stages of development. Therefore, Their increases the potential for the final product to contain vulnerabilities. Accordingly, Early in development related to security analysis and design process is very important. J2EE gives a solution based on RBAC((Role Based Access Control) for security and object-relational database also has RBAC for security. But there is not a object-oriented analysis and design methodology using RBAC of J2EE and object-relational database for security. In this paper, the unified object-oriented analysis and design methodology is developed for security-critical web application systems based on J2EE and object-relational database. We used UMLsec and RBAC of object-relational database and J2EE for this methodology.

Design of Home Network Security System (홈 네트워크 보안시스템 설계)

  • Seol, Jeong-Hwan;Lee, Ki-Young
    • Proceedings of the IEEK Conference
    • /
    • 2006.06a
    • /
    • pp.193-194
    • /
    • 2006
  • In this paper, the SPINS, a sensor network security mechanism, was researched to design a system to be applied to home network structure and check the security of which degree was ensured by a virtual network of home networking middleware. Sensor Network security mechanism SPINS provides data confidentiality and authentication by SNEP, and provides authenticated broadcast by ${\mu}TESLA$. We designed the system that applied SPINS to home networking middleware basic structure.

  • PDF

Research on Application of Service Design Methodology in IOT Environment

  • Kim, Byung-Taek;Cho, Yun-Sung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.3
    • /
    • pp.53-60
    • /
    • 2017
  • The purpose of this study is to provide empirical and quantitative analysis on user's perceived privacy, security, and user satisfaction when providing visualization information about objects and service provider behaviors that users can not perceive in internet service process. Through previous research, we have examined the importance of privacy and security factors as a key factor to be considered for the characteristics of the Internet of things and the Internet of things. In addition, service blueprint, which is one of the service design methodologies to examine the flow of service usage in providing Internet service of things, was examined. In the flow of things internet service utilization, it is found that the things that are out of the user's cognitive area and the behavior of the service provider take up a large part. Therefore, the hypothesis that the trust of the Internet service security and the satisfaction of the user experience can be improved by providing the security visualization information about the behavior of the object and the invisible service provider in the non-contact aspect of the user and the object. In order to verify the hypothesis, we conducted experiments and questionnaires on the use of virtual objects' internet environment and conducted statistical analysis based on them. As a result, it was analyzed that visual information feedback on non - contact and invisible objects and service provider's behaviors had a positive effect on user's perceived privacy, security, and satisfaction. In addition, we conclude that it can be used as a service design evaluation tool to eliminate psychological anxiety about security and to improve satisfaction in internet service design. We hope that this research will be a great help for the research on application method of service design method in Internet environment of objects.

An Object-Oriented Analysis and Design Methodology for Security of Web Applications (웹 응용 보안을 위한 객체지향 분석·설계 방법론)

  • Joo, Kyung-Soo;Woo, Jung-Woong
    • Journal of Internet Computing and Services
    • /
    • v.14 no.4
    • /
    • pp.35-42
    • /
    • 2013
  • Nowadays many tasks are performed using the Web. Accordingly, many web-based application systems with various and complicated functions are being requested. In order to develop such web-based application systems efficiently, object-oriented analysis and design methodology is used, and Java EE(Java Platform, Enterprise Edition) technologies are used for its implementation. The security issues have become increasingly important. For such reasons, Java EE provides mechanism related to security but it does not provide interconnections with object-oriented analysis and design methodology for developing web application system. Consequently, since the security method by Java EE mechanism is implemented at the last step only, it is difficult to apply constant security during the whole process of system development from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology emphasized in the security for secure web application systems from the requirement analysis to implementation. The object-oriented analysis and design methodology adopts UMLsec, the modeling language with an emphasis on security for the requirement analysis and system analysis & design with regard to security. And for its implementation, RBAC (Role Based Access Control) of servlet from Java EE technologies is used. Also, the object-oriented analysis and design methodology for the secure web application is applied to online banking system in order to prove its effectiveness.

An Information Security Model for Digital Contents (디지털 콘텐츠의 정보보호 분석 모델)

  • Yoon, Seuk-Kyu;Jang, Hee-Seon
    • Convergence Security Journal
    • /
    • v.10 no.3
    • /
    • pp.9-14
    • /
    • 2010
  • The network architecture and analysis model for evaluating the information security are presented to distribute the reliable and secure multimedia digital contents. Using the firewall and IDS, the function of the proposed model includes the security range, related data collection/analysis, level evaluation and strategy proposal. To develop efficient automatic analysis tool, the inter-distribution algorithm and network design based on the traffic analysis between web-server and user are needed. Furthermore, the efficient algorithm and design of DRM/PKI also should be presented before the development of the automatic information security model.

Design and Implementation of the System Supporting Security Communication between a Web Browser and a CGI Program (웹 브라우져와 CGI 프로그램 사이의 보안 통신을 지원하는 시스템 설계 및 구현)

  • Lee, Jun-Seok
    • The Transactions of the Korea Information Processing Society
    • /
    • v.6 no.3
    • /
    • pp.641-653
    • /
    • 1999
  • The paper is design and implementation of the system to support security communication between a Web Browser and a CGI program by a Web Server using PKI(Public Key Infrastructure. This system uses GSS(Generic Security Service)-API to communicate with PKI, offers a Web user a Client Proxy, and offers a CGI developer there library functions related with security. TLS(Transport Layer Security) supports security communication between a Web Browser and a Web Server, but the system supports security communication between a Web Browser and a CGI program as the protected data received from a Client Proxy are sent to a CGI program, and the CGI program decrypts the data using the library functions supported by this system.

  • PDF

The design and implementation of security kernel assured trusted path (신뢰경로가 보장되는 보안커널 설계 및 구현)

  • 이해균;김재명;조인준
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2001.11a
    • /
    • pp.340-347
    • /
    • 2001
  • Security operating system applied to MAC(Mandatory Access Control) or to MLS(Multi Level Security) gives both subject and object both Security Level and value of Category, and it restrict access to object from subject. But it violates Security policy of system and could be a circulated course of illegal information. This is correctly IPC(Interprocess Communication)mechanism and Covert Channel. In this thesis, I tried to design and implementation as OS kernel in order not only to give confidence of information circulation in the Security system, but also to defend from Covert Channel by Storage and IPC mechanism used as a circulated course of illegal information. For removing a illegal information flow by IPC mechanism. I applied IPC mechanism to MLS Security policy, and I made Storage Covert Channel analyze system call Spec. and than distinguish Storage Covert Channel. By appling auditing and delaying, I dealt with making low bandwidth.

  • PDF

A Study on the Design of Security Metrics for Source Code (소스코드의 보안성 메트릭 설계에 관한 연구)

  • Seo, Dong-Su
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.6
    • /
    • pp.147-155
    • /
    • 2010
  • It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.

The Design of Security Information Management System of CORBA Security with Using (Repository를 활용한 CORBA Security의 보안정보관리 시스템 설계)

  • Ryu, Ki Young;Park, Sang Woo
    • Convergence Security Journal
    • /
    • v.3 no.3
    • /
    • pp.59-66
    • /
    • 2003
  • In this paper the CORBA security services is designed and implemented conforming to the CORBA Security Services Specification. We implemented a Security Information Management system for object-oriented distributed systems based onthe CORBA (Common Object Request Broker Architecture) Security specification baseed on Repository.

  • PDF