• Convergence Security Journal
• /
• v.3 no.1
• /
• pp.51-57
• /
• 2003

By analysing the development process of Intrusion Detection System Protection Profile, we suggest the development method of Security Functional Requirements of Common Criteria- based Protection Profile and discuss how the method satisfies the requirements of If product or system Protection Profile in the development process.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.175-176
• /
• 2014

Identification and authentication of the security requirements of the application area. Individual ID for uniquely be identified. Standard length of the password is limited and should be applied in combination. And must be changed periodically. ID/PW authentication scheme non-reinforced must be provided. The authentication process is defined in the security requirements should be satisfied.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.919-939
• /
• 2021

As a next-generation communication technology, 5G networks are capable of handling large amounts of traffic based on higher speeds, shorter communication delays, and higher connectivity compared to 4G networks. In this 5G network environment, base stations are installed all over the city at high density due to their characteristics, and are connected to user terminals to provide services. Therefore, if the base station is damaged by a malicious attacker, it is expected to cause great damage to users and society as a whole. So the need for secure communication equipment such as 5G base stations has emerged. Therefore, in this paper, we propose the security functional requirements derived using threat modeling, a systematic methodology for 5G base stations, and the security assurance requirements at the level that can cope with the backdoor issues. The security requirements proposed in this paper can be used for base station design and development to construct a secure network environment as a security evaluation standard for 5G base stations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.235-255
• /
• 2019

Recent technological advances and industry changes, the game industry is maximizing fun by supporting cross-play that can be enjoyed by different platform users in PC, Mobile and Console games. If the boundaries are lost through the cross play, unexpected security threats can occur due to new services, even if existing security is maintained above a certain level. The existing online game security researches are mostly fraud detection that can occur in PC and mobile environment, but it is also necessary to study the security of the console game as cross play becomes possible. Therefore, this paper systematically identifies the security threats that can occur when enjoying cross play against console game users using STRIDE and LINDDUN threat modeling, derives security requirements using the international common evaluation standard.

• International Journal of Computer Science & Network Security
• /
• v.23 no.8
• /
• pp.63-76
• /
• 2023

Identity and access management in cloud computing is one of the leading significant issues that require various security countermeasures to preserve user privacy. An authentication mechanism is a leading solution to authenticate and verify the identities of cloud users while accessing cloud applications. Building a secured and flexible authentication mechanism in a cloud computing platform is challenging. Authentication techniques can be combined with other security techniques such as intrusion detection systems to maintain a verifiable layer of security. In this paper, we provide an interactive, flexible, and reliable multi-factor authentication mechanisms that are primarily based on a proposed Authentication Method Selector (AMS) technique. The basic idea of AMS is to rely on the user's previous authentication information and user behavior which can be embedded with additional authentication methods according to the organization's requirements. In AMS, the administrator has the ability to add the appropriate authentication method based on the requirements of the organization. Based on these requirements, the administrator will activate and initialize the authentication method that has been added to the authentication pool. An intrusion detection component has been added to apply the users' location and users' default web browser feature. The AMS and intrusion detection components provide a security enhancement to increase the accuracy and efficiency of cloud user identity verification.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.11
• /
• pp.79-83
• /
• 2016

In this paper, we define four levels of analysis, design, implementation, and testing of the configuration of the development phase by S/W development life cycle. In particular, it dealt with the stage of the analysis phase to prepare an information system developed intensively. Details of the derivation of the information security requirements, it can be seen that comes from the perspective of confidentiality, integrity, availability and accountability, etc. It dealt with from the first manifestations of the projects planning to final planning to establish information security in activities of the Information Security requirements. As an example exhibited by assessing the information security analysis phase activities of S corporations, it can be seen that the improved sales rise in information security activities.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.11-17
• /
• 2012

According to ISO/IEC 9000, quality to satisfy users' requirements when using the product or service is defined as the characteristics of the synthesized concept. Secure web application coding information systems with the reliability and quality of service is one of the determining factor. Secure coding in order to achieve the quality based on the model is necessary. The reason is that the security is in quality properties in the range of non-functional requirements that necessitates. Secure coding for the design of quality systems based on the quality of the definition of quality attributes, quality requirements, quality attribute scenarios are defined, and must be set. To this end, referring to IEEE 1061 quality model for web application, quality model structure is developed. Secure web application architecture design is composed of coding quality of the model systems, web applications draw interest to stakeholders, decision drivers secure coding architecture, quality attributes, eliciting quality requirements of the security settings, creating web application architecture descriptions and security framework.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1151-1163
• /
• 2022

As wireless communication functions begin to be installed in vehicles, cyberattacks that exploit vulnerabilities in wireless communication functions are increasing. To respond to this, UNECE enacted the UN R156 regulation to safely distribute the software installed in the vehicle by using the wireless communication function. The regulations specify the requirements necessary to safely distribute the software for vehicles, but only the abstract requirements are presented without information on the components and detailed functions necessary to develop and implement the requirements. Therefore, in this paper, we propose a security evaluation standard that can evaluate whether a safe SUMS is built using threat modeling, a method for systematically analyzing security threats.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.33-41
• /
• 2023

In recent years, advanced persistent threat (APT) attack organizations have exploited various vulnerabilities and attack techniques to target companies and institutions with national core technologies, distributing ransomware and demanding payment, stealing nationally important industrial secrets and distributing them on the black market (dark web), selling them to third countries, or using them to close the technology gap, requiring national-level security preparations. In this paper, we analyze the attack methods of attack organizations such as Kimsuky and Lazarus that caused industrial secrets leakage damage through APT attacks in Korea using the MITRE ATT&CK framework, and derive 26 cybersecurity-related administrative, physical, and technical security requirements that a company's security system should be equipped with. We also proposed a security framework and system configuration plan to utilize the security requirements in actual field. The security requirements presented in this paper provide practical methods and frameworks for security system developers and operators to utilize in security work to prevent leakage of corporate industrial secrets. In the future, it is necessary to analyze the advanced and intelligent attacks of various APT attack groups based on this paper and further research on related security measures.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.34 no.4
• /
• pp.72-81
• /
• 2011

In this paper, we propose adaptive convergence security policies and management technologies to improve security assurance in the home networking environment. Many security issues may arise in the home networking environment. Examples of such security issues include the user privacy, the service security, the integrated networking security, the middleware security and the device failure. All these security issues, however, should be fulfilled in phase due to many difficulties including deployment cost and technical complexity. For instance, fundamental security requirements such as authentication, access control and prevention of crime and disaster should be addressed first. Then, supplementary security policies and diverse security management technologies should be fulfilled. In this paper, we classify these requirements into three categories, a service authentication, a user authentication and a device authentication, and propose security policies and management technologies for each requirement. Since the home gateway is responsible for interconnection of many home devices and external network access, a variety of context information could be collected from such devices.