최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기정보처리학회논문지. KIPS transactions on computer and communication systems 컴퓨터 및 통신 시스템, v.6 no.3, 2017년, pp.121 - 134
박지수 (고려대학교 정보보호대학원 정보보호학과) , 김승주 (고려대학교 사이버국방학과)
With rapid increasing the development and use of IoT Devices, requirements for safe IoT devices and services such as reliability, security are also increasing. In Security engineering, SDLC (Secure Development Life Cycle) is applied to make the trustworthy system. Secure Development Life Cycle has 4...
* AI 자동 식별 결과로 적합하지 않은 문장이 있을 수 있으니, 이용에 유의하시기 바랍니다.
핵심어 | 질문 | 논문에서 추출한 답변 |
---|---|---|
신뢰성(Trustworthiness)’있는 시스템이란? | 이러한 IoT와 CPS는 일상생활 및 산업에 직접적인 영향을 끼치는 서비스를 제공하는 만큼 제작과 활용에 있어 높은 수준의 신뢰성(Trustworthiness)이 요구 된다. ‘신뢰성(Trustworthiness)’있는 시스템은 시스템의 Availability, Reliability, Security, Safety를 모두 고려하여 어떠한 상황에서도 안전하게 목적을 달성할 수 있는 시스템을 의미한다. 신뢰성 있는 시스템을 개발 및 운영하기 위한 일련의 과정을 정보보증(Information Assurance)이라 하며 보안 공학(Security Engineering)에서는 안전한 개발 생명주기(Secure Development Life Cycle, SDLC)를 통해 시스템의 정보보증 달성을 지원한다. | |
보안위협모델링이란? | 보안위협모델링은 안전한 개발 생명주기(SDLC) 과정 중 구현 단계 이전에 이해관계자들이 모여 공격자의 입장에서 대상에 존재하는 잠재적인 위협을 식별하는 것을 의미한다. | |
1990년대의 소프트웨어 개발 생명주기 발전과 함께 다양한 보안위협모델링 방법에 대한 연구의 문제점은? | Threat tree는 시스템에 존재하는 위협을 논리적이고 계층 구조로 표현한 것으로 위협들 간의 관계를 시각적으로 이해할 수 있다는 장점이 있다. 이처럼 1990년대에는 시각화하여 위협을 설명하는 방법론을 사용하였지만 점차 소프트웨어의 규모, 복잡도가 증가하면서 표현의 범위, 내용, 구조의 어려움으로 인해 명확성이 떨어지는 어려움이 발생하였다. |
Microsoft, Security Development Lifecycle [Internet], https://www.microsoft.com/en-us/sdl/.
Cisco, Cisco Secure Development Lifecycle(SDL) [Internet], http://www.cisco.com/c/en/us/about/security-center/security-programs/secure-development-lifecycle.html.
VMware, VMware Security Development Lifecycle [Internet], http://www.vmware.com/security/sdl.html.
OWASP, OWASP Secure Development Lifecycle Cheat Sheet [Internet], https://www.owasp.org/index.php/Secure_SDLC_Cheat_Sheet.
Guttorm Sindre and Andreas L. Opdahl, "Capturing Security Requirements through Misuse Cases," in Proceedings of the Norsk Informatikkonferanse, Bergen, 2001.
Guttorm Sindre and Andreas L. Opdahl, "Eliciting security requirements with misuse cases," Requirements Engineering, Vol.10, Issue 1, pp.34-44, 2005.
Edward G. Amosoro, "Fundamentals of computer security technology," AT&T Bell labs, 1994.
Chris Salter, O. Sami Saydjari, Bruce Schneier, and Jim Wllner, "Toward A Secure System Engineering Methodology," in Proceedings of the 1998 Workshop on New Security Paradigms, pp.2-10, 1998.
Bruce Schneier, Attack Trees [Internet], https://www.schneier.com/academic/archives/1999/12/attack_trees.html.
Adam Shostack, "Experiences Threat Modeling at Microsoft," Microsoft, 2008.
Microsoft, Microsoft Threat Modeling Tool 2016 [Internet], https://www.microsoft.com/en-us/download/details.aspx?id49168.
DistriNet Research Group, LINDDUN [Internet], https://distrinet.cs.kuleuven.be/software/linddun/contributors.php.
CERT, Software Engineering Institute, Carnegie Mellon University, OCTAVE [Internet], http://www.cert.org/resilience/products-services/octave/.
Octotrike, Trike [Internet], http://octotrike.org/home.shtml.
Tony UcedaVelez, "Real World Threat Modeling using the PASTA Methodology," in Proceedings of OWASP AppSec Research 2012, Athens, 2012.
OWASP, Threat Risk Modeling [Internet], https://www.owasp.org/index.php/Threat_Risk_Modeling.
Donn B. Parker, "Our Excessively Simplistic Information Security Model and How to Fix it," ISSA Journal of Requirements Engineering, Springer-Verlag, 2010.
Shostack, Adam, Threat Modeling: Designing for Security," John Wiley & Sons, 2014.
Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, and Dianxiang Xu, "Security Test Generation using Threat Trees," in Proceedings of Automation of Software Test on ICSE Workshop, 2009.
Inger Anne Tondel, Jostein Jensen, Lillian Rostad, "Combining misuse cases with attack trees and security activity models," in Availability, Reliability, and Security on ARES'10 International Conference, 2010.
Goncalo Martins, Sajal Bhatia, Xenofon Koutsoukos, Keith Stouffer, CheeYee Tang, and Richard Candell, "Toward a Systematic Treat Modelling Approach for Cyber-Physical Systems," in Proceedings of National Symposium on Resilient Critical Infrastructure, Philadelphia, 2015.
Dr. Marnix Dekker and Dr.Giles Hogben, "Appstore security - 5 lines of defence against malware," European Network and Information Security Agency(ENISA), 2011.
Tong Xin and Ban Xiaofang, "Online Banking Seucurity Analysis based on STRIDE Threat Model," International Journal of Security and its Applications 8, pp.271-282, 2014.
Anthony Hadding, and Dr. J. Zalewski, "Threat Modeling in Embedded Systems," Dissertation, Florida Gulf Coast University, 2012.
Kristian Beckers, Stephan Fabbender, Maritta Heisel, and Santiago Suppan, "A Threat Analysis Methodology for Smart Home Scenarios, Technical Report," in Proceeding of the International Workshop on Smart Grid Security, Munich, pp.94-124, 2014.
Anton Bretting and Mei Ha, "Vehicle Control Unit Security using Open Source AUTOSAR," M.S. disseration, University of Gothenburg, Gothenburg, Sweden, 2015.
Katrina Mansfield, Timothy Eveleigh, Thomas H. Holzer, and Shahryar Sarkani, "DoD Comprehensive Military Unmanned Aerial Vehicle Smart Device Ground Control Station Threat Modeling," Defense ARJ, USA, 2015.
Mark Yampolskiy, Peter Horvath, Xenofon D. Koutsoukos, Yuan Xue, and Janos Sztipanovits, "Systematic Analysis of Cyber-Attacks on CPS-Evaluating Applicability of DFDbased Approach," in Proceedings of the International Symposium on Resilient Control System, Salt Lake City, pp.55-62, 2012.
Cletus O. Ohaneme, James Eke, Augustine C. O. Azubogu, Emmanuel N. Ifeagwu, and Louisa C. Ohaneme, "Design and Implementation of an IP-Based Security Surveillance System," International Journal of Computer Science Issues, Vol.9, No.5, Sept., 2012.
Craig Heffner, "Exploiting Surveillance cameras, Like a Hollywood Hacker," Tactical Network Solutions, 2013.
Sergey Shekyan and Artem Hartutyunyan, "Watching the watchers: hacking wireless IP Security Cameras," Shape Security and Qualys Inc., 2013.
Fransico Falcon, Nahuel Riva, Do you know who's watching you? An in-depth examination of IP Camera attack surface [Internet], https://www.coresecurity.com/corelabs-research/ publications/examination-ip-cameras-attack-surface-ekoparty2013.
Lee Tobin, "Reverse Engineering a CCTV system, A case study," Digital Investigation, Vol.11, No.3, pp.179-186, 2014.
Red ALert, SysSec Lab, "Security threat report Foreignmade CCTV, IP-Camera," NSHC and KAIST, 2015.
CCMB, "Common Criteria for Information Technology Security Evaluation - Part 1 : Introduction and general model," Version 3.1 Revision 4, CCRA, 2012.
CCMB, "Common Criteria for Information Technology Security Evaluation - Part 2 : Security functional components," Version 3.1 Revision 4, CCRA, 2012.
James Ransome and Anmol Misra, "Core Software Security, Security at the source," CRC Press, 2013.
Jae-ki Kim, Jeong-Hoon Shin, and Seung-joo Kim, "Study on the Femtocell Vulnerabiltiy Analysis Using Threat Modeling," The KIPS Tr. Comp. and Comm. Sys. Vol.5, No.8 pp.197-210, 2016.
Suvda Myagmar, Adam J.Lee, William Yurcik, "Threat Modeling as a Basis for Security Requirements," in Symposium on Requirements Engineering for Information Security, Pittsburgh, 2005.
Vineet Saini, Qiang Duan, Vamsi Paruchuri, "Threat Modeling Using Attack Tree," Journal of Computing Science in Colleges, Vol.23, Issue 4, pp.124-131, 2008.
Steven F Burns, "Threat Modeling: A Process to Ensure Application Security," OWSP, 2005.
Caroline Mockel and Ali E. Abdallah, "Threat modeling approaces and tools for securing architectural designs of an E-banking application," in Proceedings of the Information Assurance and Security, pp.149-154, 2010.
Sathya Prakash Kadhirvelan and Andrew Soderberg-Rivkin, "Threat Modelling and Risk Assessment within Vehicular Systems," M.S. dissertation, Chlmers University of Technology, Goteborg, Germany, 2014.
Jia Di and Scott Smith, "A Hardware Threat Modeling Concept for Trustable Integrated Circuits," in Proceedings of the Region 5 Technical Conference, 2007.
Marwan Abi-Antoun, Daniel Wang, and Peter Torr, "Checking Treat Modeling Data Flow Diagrams for Implementation Conformance and Security," in Proceeding of the International conference on Automated Software Engineering, pp.393-396, 2007.
ITSCC, "Supporting Document for Korean National Protection Profile for Network Device," V1.0, 2016.
ITSCC, "Supporting Document for Korean National Protection Profile for Virtual Private Network", V1.0, 2016.
ITSCC, "Supporting Document for Koeran National Protection Profile for Firewall", V1.0, 2016.
*원문 PDF 파일 및 링크정보가 존재하지 않을 경우 KISTI DDS 시스템에서 제공하는 원문복사서비스를 사용할 수 있습니다.
출판사/학술단체 등이 한시적으로 특별한 프로모션 또는 일정기간 경과 후 접근을 허용하여, 출판사/학술단체 등의 사이트에서 이용 가능한 논문
※ AI-Helper는 부적절한 답변을 할 수 있습니다.