최근 우리 생활에 스마트 기술의 빠른 전파 때문에 정보 과학 및 기술 분야에 있어서는 스마트 폰의 소프트웨어 보안성이 중요한 이슈가 되고 있다. 보안성 중요 시스템인 스마트 폰은 은행 서비스, 유비쿼터스 홈 관리, 항공 고객의 검색 등의 서비스 시스템에 이용되기 때문에 비용의 리스크, 손실의 리스크, 이용가능 리스크, 그리고 사용상의 리스크에 관련 되어 있다. 스마트 폰의 보안성 이슈는 이들의 관찰된 고장들을 사용하여 소프트웨어 장애 분석을 하는 것이 핵심 접근 방법이다. 본 연구에서는 손으로 조작하는 디바이스들의 수렴하는 보안성과 신뢰성 분석 기법을 얻기 위해서 결함 트리 분석 (FTA)와 고장 모드 효과 분석(FMEA)을 사용하여 스마트 폰의 소프트웨어 보안성 분석을 위한 하나의 유효한 통합적 프레임 워크를 제안한다. 그리고 만약 하나의 고장 모드 효과 분석이 더욱 더 간단해지면 스마트 디바이스들의 보안성 개선뿐만 아니라 고장효과 의 감소를 위해서 제안된 통합적인 프레임 워크는 핵심 해법이 됨을 논의한다.
최근 우리 생활에 스마트 기술의 빠른 전파 때문에 정보 과학 및 기술 분야에 있어서는 스마트 폰의 소프트웨어 보안성이 중요한 이슈가 되고 있다. 보안성 중요 시스템인 스마트 폰은 은행 서비스, 유비쿼터스 홈 관리, 항공 고객의 검색 등의 서비스 시스템에 이용되기 때문에 비용의 리스크, 손실의 리스크, 이용가능 리스크, 그리고 사용상의 리스크에 관련 되어 있다. 스마트 폰의 보안성 이슈는 이들의 관찰된 고장들을 사용하여 소프트웨어 장애 분석을 하는 것이 핵심 접근 방법이다. 본 연구에서는 손으로 조작하는 디바이스들의 수렴하는 보안성과 신뢰성 분석 기법을 얻기 위해서 결함 트리 분석 (FTA)와 고장 모드 효과 분석(FMEA)을 사용하여 스마트 폰의 소프트웨어 보안성 분석을 위한 하나의 유효한 통합적 프레임 워크를 제안한다. 그리고 만약 하나의 고장 모드 효과 분석이 더욱 더 간단해지면 스마트 디바이스들의 보안성 개선뿐만 아니라 고장효과 의 감소를 위해서 제안된 통합적인 프레임 워크는 핵심 해법이 됨을 논의한다.
Recently software security of the smart phone is an important issue in the field of information science and technology due to fast propagation of smart technology in our life. The smart phone as the security critical systems which are utilizing in terminal systems of the banking, ubiquitous home man...
Recently software security of the smart phone is an important issue in the field of information science and technology due to fast propagation of smart technology in our life. The smart phone as the security critical systems which are utilizing in terminal systems of the banking, ubiquitous home management, airline passengers screening, and so on are related to the risk of costs, risk of loss, risk of availability, and risk by usage. For the security issues, software hazard analysis of smart phone is the key approaching method by use of observed failures. In this paper, we propose an efficient integrative framework for software security analysis of the smart phone using Fault Tree Analysis (FTA) and Failure Mode Effect Analysis (FMEA) to gain a convergence security and reliability analysis technique on hand handle devices. And we discuss about that if a failure mode effect analysis performs simpler, not only for improving security but also reducing failure effects on this smart device, the proposed integrative framework is a key solution.
Recently software security of the smart phone is an important issue in the field of information science and technology due to fast propagation of smart technology in our life. The smart phone as the security critical systems which are utilizing in terminal systems of the banking, ubiquitous home management, airline passengers screening, and so on are related to the risk of costs, risk of loss, risk of availability, and risk by usage. For the security issues, software hazard analysis of smart phone is the key approaching method by use of observed failures. In this paper, we propose an efficient integrative framework for software security analysis of the smart phone using Fault Tree Analysis (FTA) and Failure Mode Effect Analysis (FMEA) to gain a convergence security and reliability analysis technique on hand handle devices. And we discuss about that if a failure mode effect analysis performs simpler, not only for improving security but also reducing failure effects on this smart device, the proposed integrative framework is a key solution.
* AI 자동 식별 결과로 적합하지 않은 문장이 있을 수 있으니, 이용에 유의하시기 바랍니다.
문제 정의
In this paper, we propose an integrative methods of software FTA and FMEA for security analysis of a smart phone through integrative approaches of FTA and software FMEA. This integrative methods for security analysis has generated a simple approach procedure for software security analysis of a smart phone.
The analysis starts with a high level failure characterization of smart phones based on everyday user’s experiences.
There is a few understanding of how and why smart phones fail. This article presents software security analysis of a smart phone using integration of FTA (Fault Tree Anlysis) and FMEA (Failure Mode Effect Analysis). The analysis starts with a high level failure characterization of smart phones based on everyday user’s experiences.
제안 방법
This integrative methods for security analysis has generated a simple approach procedure for software security analysis of a smart phone. The analysis reports are used by smart phone global sales figures and market share with 3rd quarter, software security issue incorporated through operating system, functional flow diagram for software security requirement analysis. On the other hand, the variables of smart phone faults are related to software security system, threat attack model especially for mobile device security, a logic functional block diagram with three aspects for functional diagram such as software, hardware and data logger which are supported by five key aspects of security, threat model of security, three cause of target security, forward and backward integrated security analysis techniques for software FTA and FMEA.
On the other hand, the variables of smart phone faults are related to software security system, threat attack model especially for mobile device security, a logic functional block diagram with three aspects for functional diagram such as software, hardware and data logger which are supported by five key aspects of security, threat model of security, three cause of target security, forward and backward integrated security analysis techniques for software FTA and FMEA. The proposed business processes of integrative methods of software FTA and FMEA for security analysis are followed several steps such as failure mode identification, worksheet preparation of the software FMEA modules comprehensive and effective analysis through forward and backward integrated faults analysis, risk priority number calculation, definition of software security variables on recovery actions for failure, and risk matrix table building. We believe that this procedure is very reliable approach for software security analysis through integration of software FTA and FMEA of a smart phone.
대상 데이터
The analysis starts with a high level failure characterization of smart phones based on everyday user’s experiences. Data for this study spans the two years period and obtained from publicly available web forums, society and communities. The collected data enables the characterizations of the failure, occurrence, detection and severity, identification of the high level failure manifestation, categorization of the user initiated recovery from the device failure and, list of fault related to security of the development tools, web browsers, multimedia and entertainment applications.
참고문헌 (34)
M. Cinque, D. Cotroneo, Z. Kalbarczyk, R. K. Iyer, "How Do Mobile Phones Fail? A Failure Data Analysis of Symbian OS Smart Phones," in Proc. of Dependable Systems and Networks (DSN '07), on 37th Annual IEEE/IFIP International Conference, pp.585-594, Jun., 2007.
A. Shabtai, Y. Fledel, Y. Elovici, "Automated Static Code Analysis for Classifying Android Applications Using Machine Learning," in Proc. of 2010 International Conference on Computational Intelligence and Security (CIS), pp.329-333, Dec., 2010.
H. Reza, S. Buettner, V. Krishna, "A Method to Test Component Off-the-Shelf (COTS) Used in Safety Critical Systems," in Proc. of Information Technology: New Generations 2008 (ITNG08) on Fifth International Conference, pp.189-194, Apr., 2008.
J. White, C. Thompson, H .Turner, B. Dougherty, and D. C. Schmidt, "Primary Title: Wreck Watch: Automatic Traffic Accident Detection and Notification with Smartphones," in Proc. of Mobile Networks and Applications, Springer, Vol.16, pp.285-303, 2011.
Hsiu-Sen Chiang, Woei-Jiunn Tsaur. "Identifying Smartphone Malware Using Data Mining Technology," in Proc. of 20th International Conference on Computer Communications and Networks (ICCCN2011), pp.1-6, Jul. 31-Aug. 4, 2011.
W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, "A Study of Android Application Security," in Proceedings of the 20th USENIX Security Symposium, San Francisco, August, 2011.
Yuan Wei, Jin Qin, "Safety-Driven Software Reliability Allocation in Medical Device Application," in Proc. of Quality, Reliability, Risk, Maintenance, and Safety Engineering (ICQR2MSE), pp.105-109, Jun., 2011.
A. Kumar Maji, Kangli Hao, S. Sultana, S. Bagchi, "Characterizing Failures in Mobile OSes: A Case Study with Android and Symbian," in Proc. of International Symposium on Software Reliability Engineering (ISSRE), pp.249-258, Nov., 2010.
M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, C. Wolf, "Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices," in Proc. of Security and Privacy (SP), on 2011 IEEE Symposium, pp.96-111, May, 2011.
Ashwin Chaugule, Zhi Xu and Sencun Zhu, "A Specification Based Intrusion Detection Framework for Mobile Phones," Applied Cryptography and Network Security, Lecture Notes in Computer Science, Vol.6715, pp.19-37, 2011.
R. Mojdehrakhsh, Wei-Tek Tsai. S. Kirani, L. Elliott, "Retrofitting Software Safety in an Implantable Medical Device," in Proc. of IEEE Software, Vol.11, No.1, pp.41-50, Jan., 1994.
Zhang Hong, Liu Binbin, "Integrated Analysis of Software FMEA and FTA," in Proc. of International Conference on Information Technology and Computer Science 2009 (ITCS09), Vol.2, pp.184-187, Jul., 2009.
M. Becher, "Security of smartphones at the dawn of their ubiquitousness," Ph.D. dissertation, University of Mannheim, Oct., 2009.
Shuaifu Dai, Yaxin Liu, Tielei Wang, Tao Wei, Wei Zou, "Behavior-Based Malware Detection on Mobile Phone," in Proc. of 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM10), pp.1-4, Sept., 2010.
N. G. Leveson and P. R. Harvey, "Analyzing Software Safety," in Proc. of IEEE Transactions on Software Engineering, Vol.SE-9, No.5, pp.569-579, Sept., 1983.
D. Dagon, T. Martin, T. Starner, "Mobile Phones as Computing Devices: The Viruses are Coming!" in Proc. of IEEE on Pervasive Computing, Vol.3, No.4, pp.11-15, 2004.
J. Wayne, S. Karen, "Guidelines on Cell Phone and PDA Security," in Proc. of National Institute of Standard and Technology, US Department of Commerce, pp.800-124, 2008.
P. Zheng, L. M. Ni, "Spotlight: The Rise of the Smart Phone," in Proc. of IEEE Distributed Systems Online, Vol.7, No.3, Mar., 2006.
A. Tansu, B. Christian and A. D. Schmidt. "A Probabilistic Diffusion Scheme for Anomaly Detection on Smartphones," Lecture Notes on Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices, pp.31-46, 2010.
B. Scorgie, P. Veeraraghavan, S. Ghosh, "Early Virus Detection for Windows Mobile," in Proc. of 9th Malaysia International Conference Communications (MICC2009), pp.295-300, Dec., 2009.
C. F. Kemerer, B. S. Porter, "Improving the Reliability of Function Point Measurement: An Empirical Study," in Proc. of IEEE Transactions on Software Engineering, Vol.18, No.11, pp.1011-1024, Nov., 1992.
A. Shabtai, Y. Fledel, Y. Elovici, "Securing Android-Powered Mobile Devices Using SE Linux," in Proc. of IEEE Security & Privacy, Vol.8, No.3, pp.36-44, 2010.
Young Mo Kang, Chanwoo Cho, Sungjoo Lee. "Analysis of Factors Affecting the Adoption of Smartphones," in Proc. of 2011 IEEE International Conference on Technology Management (ITMC), pp.919-925, Jun., 2011.
S. Chandra, P.M. Chen, "Whither Generic Recovery from Application Faults? Fault Study Using Open-Source Software," in Proc. of International Conference on Dependable Systems and Networks (DSN2000), pp.97-106, 2000.
Peichang Wang, Junxing Zhang, Zhixue Chang, "Fault Tolerance of Multiprocessor-Structured Control System by Hardware and Software Reconfiguration," in Proc. of International Conference on Mechatronics and Automation (ICMA07), pp.3745-3749, Aug., 2007.
Y. M. Wang, Y. Huang, W. K. Fuchs, "Progressive Retry for Software Error Recovery in Distributed Systems," in Proc. of The Twenty-Third International Symposium on Fault-Tolerant Computing (FTCS-23), pp.138-144, Jun., 1993.
Y. Huang and C. Kintala. "Software Implemented Fault Tolerance: Technologies and Experience," in Proc. of the 1993 International Symposium on Fault-Tolerant Computing, pp.2-9, Jun., 1993.
Y. Huang, C. Kintala, N. Kolettis, N. D. Fulton, "Software Rejuvenation: Analysis, Module and Applications," in Proc. of the 23rd International Symposium on Fault-Tolerant Computing (FTCS-23), pp.381-390, Jun., 1995.
A. Gopalan, S. Banerjee, A. K. Das, S. Shakkottai, "Random Mobility and the Spread of Infection," in Proc. IEEE of INFOCOM 2011, pp.999-1007, Apr., 2011.
B. S. Medikonda, P. S. Ramaiah, "Integrated Safety Analysis of Software-Controlled Critical Systems," ACM SIGSOFT Software Engineering Notes, Vol.35, No.1, Nov., 2010.
T. Maier, "FMEA and FTA to Support Safe Design of Embedded Software in Safety-Critical Systems," in Proc. of CSR 12th Annual Workshop on Safety and Reliability of Software Based Systems, Bruges, Belgium, 1995.
C. T. Alan and P. M. Steven, "Software Safety Analysis of a Flight Management System Vertical Navigation Function- A Status Report," in Proc. of IEEE the 22th Digital Avionics Systems Conference, Indianapolis, pp.12-16, Oct., 2003.
Tao Jianfeng, Wang Shaoping, and Yao Yiping, "Hybrid Method of Computer Aided FMECA and FTA," Journal of Beijing University of Aeronautics and Astronautics, Beijing, China, Vol.26, No.6, pp.663-665, 2000.
Wildan Toyib and Man-Gon Park, "Process Analysis of Digital Right Management for Web-Based Multicast Content," Journal of Korean Multimedia Society, Vol.14, No.12, pp.1601-1612, Dec., 2011.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.