• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.29-35
• /
• 2015

The network security encryption type is divided into two, one is point-to-point, second method is link type. The level of security quality attributes are a system security quality requirements in a networked environment. Quality attributes can be observed and should be able to be measured. If the quality requirements can be presented as exact figures, quality requirements are defined specifically setting quality objectives. Functional requirements in the quality attribute is a requirement for a service function which can be obtained through the encryption. Non-functional requirements are requirements of the service quality that can be obtained through the encryption. Encryption quality evaluation system proposed in this study is to derive functional requirements and non-functional requirements 2 groups. Of the calculating measure of the evaluation index in the same category, the associated indication of the quality measure of each surface should be created. The quality matrix uses 2-factor analysis of the evaluation for the associated surface quality measurements. The quality requirements are calculated based on two different functional requirements and non-functional requirements. The results are calculated by analyzing the trend of the average value assessment. When used this way, it is possible to configure the network security encryption based on quality management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.3
• /
• pp.63-78
• /
• 1998

Recently, to use the evaluated firewall is recognized as a solution to achieve the security and reliability for government and organizarions in Korea. Results of firewall evaluation using ITSEC(Information Technology Security Evaluation Criteria) and CCPP(Common Criteria Protection Peofile)have been announced. Because there are problems to apply ITSECor CCPP for the firewall evaluation in korea environment, korea government and korea Information security Agency (KISA) decided to develop our own security dvaluation critrtia fir firewalls.As a result of the efforts, Korea firewall security evaluation criteria has been published on Feb. 1998. In this paper, we introduce Korea security evaluation criteria for firewalls. The ceiteria consists of functional and assurance requirements that are compatible with CC Evaluation Assurance Levels(EALs)

• Journal of Digital Convergence
• /
• v.17 no.8
• /
• pp.221-228
• /
• 2019

The importance of security for virtualization products has been increased with the activation policy of cloud computing and it is necessary to analyze cyber security threats and develop security requirements for virtualization products to provide with more secure cloud environments. This paper is a preliminary study with the purpose of developing security functional requirements through analyzing security features and cyber security threats as well as comparison of foreign countries' cases for virtualization products. To do this, the paper compares evaluation schemes for virtualization products in US and UK foreign countries, and analyzes the cyber security threats, security objectives and security requirements in both countries. Furthermore, it proposes the essential checking items and processes for developing security functional requirements about security features of virtualization products to contribute to its more secure development and the establishment of related security evaluation standards.

• Journal of The Institute of Information and Telecommunication Facilities Engineering
• /
• v.9 no.1
• /
• pp.13-18
• /
• 2010

As the importance of non-functional requirements has increased, many researchers have become interested in the software development process for non-functional requirements including the notation, modeling, and assessment of non-functional requirements. However, the characteristics of non-functional requirements are so sophisticated and there are many topics which have not been solved until now. In order to address one of the unsolved problems, we propose a systematic software development process to support the management of non-functional requirements. The process consists of six steps, each of which is composed of detailed activities. Using the proposed process, the non-functional requirements can be managed and modeled more effectively and systematically than previous ones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.57-67
• /
• 2003

Security Policy Model is a structured representation using informal, semiformal or formal method of security policy to be enforced by TOE. It provides TOE to get an assurance to mitigate security flaws resulted from inconsistency between security functional requirements and functional specifications. Therefore, Security Policy Model has been required under an hish evaluation assurance level on an evaluation criteria such as ISO/IEC 15408(Common Criteria, CC). In this paper, we present an evaluation method for security policy model based on assurance requirements for security policy model in Common Criteria through an analysis of concepts, related researches and assurance requirements for security policy model.

• Convergence Security Journal
• /
• v.3 no.1
• /
• pp.51-57
• /
• 2003

By analysing the development process of Intrusion Detection System Protection Profile, we suggest the development method of Security Functional Requirements of Common Criteria- based Protection Profile and discuss how the method satisfies the requirements of If product or system Protection Profile in the development process.

• International Journal of Knowledge Content Development & Technology
• /
• v.10 no.1
• /
• pp.7-20
• /
• 2020

For research data to be shared without legal, financial and technical barriers in the Open Science era, data repositories must have the functional requirements asked by DMP and CoreTrustSeal. In order to derive functional requirements for the data repository, this study analyzed the Data Management Plan (DMP) and CoreTrustSeal, the criteria for certification of research data repositories. Deposit, Ethics, License, Discovery, Identification, Reuse, Security, Preservation, Accessibility, Availability, and (Meta) Data Quality, commonly required by DMP and CoreTrustSeal, were derived as functional requirements that should be implemented first in implementing data repositories. Confidentiality, Integrity, Reliability, Archiving, Technical Infrastructure, Documented Storage Procedure, Organizational Infrastructure, (Meta) Data Evaluation, and Policy functions were further derived from CoreTrustSeal. The functional requirements of the data repository derived from this study may be required as a key function when developing the repository. It is also believed that it could be used as a key item to introduce repository functions to researchers for depositing data.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.9-17
• /
• 2002

Traffic engineering function consists of traffic management, capacity management and network planning. In this paper, we present the requirements for each functional traffic management, and also present functional and process model to efficiently to handle the traffic engineering for multimedia internet services. Finally, the traffic management methods for each step are described in detail.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.85-100
• /
• 2004

All information system is information security system that enforced security function. To improve qualify of information security system, suity requirement analysis and specification must be Performed by consistently and typically at early requirement analysis step. In this paper, we propose a security requirements analysis and specification model and process by using Misuse Case Model that extends UML's Use Case Model. And, we propose a cost-effective security product selection algorithm that security product is sufficient of all constructed security functional requirements. It may raise quality of information security system that developed through proposed model and process.

• The KIPS Transactions:PartD
• /
• v.13D no.1 s.104
• /
• pp.67-74
• /
• 2006

The security requirements identification in the software development has received some attention recently. However, previous methods do not provide clear method and process of security requirements identification. We propose a process that software developers can build application specific security requirements from state transition diagrams at the security threat location. The proposed process consists of building model and identifying application specific security requirements. The state transition diagram is constructed through subprocesses i) the identification of security threat locations using security failure data based on the point that attackers exploit software vulnerabilities and attack system assets, ii) the construction of a state transition diagram which is usable to protect, mitigate, and remove vulnerabilities of security threat locations. The identification Process of application specific security requirements consist of i) the analysis of the functional requirements of the software, which are decomposed into a DFD(Data Flow Diagram; the identification of the security threat location; and the appliance of the corresponding state transition diagram into the security threat locations, ii) the construction of the application specific state transition diagram, iii) the construction of security requirements based on the rule of the identification of security requirements. The proposed method is helpful to identify the security requirements easily at an early phase of software development.