The KIPS Transactions:PartD (정보처리학회논문지D)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Identifying Security Requirement using Reusable State Transition Diagram at Security Threat Location

보안 위협위치에서 재사용 가능한 상태전이도를 이용한 보안요구사항 식별

  • 서성채 (전남대학교 전산학과) ;
  • 유진호 (전남대학교 대학원 전산학과) ;
  • 김영대 (전남대학교 대학원 전산학과) ;
  • 김병기 (전남대학교 전자컴퓨터정보통신공학부)
  • Published : 2006.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

The security requirements identification in the software development has received some attention recently. However, previous methods do not provide clear method and process of security requirements identification. We propose a process that software developers can build application specific security requirements from state transition diagrams at the security threat location. The proposed process consists of building model and identifying application specific security requirements. The state transition diagram is constructed through subprocesses i) the identification of security threat locations using security failure data based on the point that attackers exploit software vulnerabilities and attack system assets, ii) the construction of a state transition diagram which is usable to protect, mitigate, and remove vulnerabilities of security threat locations. The identification Process of application specific security requirements consist of i) the analysis of the functional requirements of the software, which are decomposed into a DFD(Data Flow Diagram; the identification of the security threat location; and the appliance of the corresponding state transition diagram into the security threat locations, ii) the construction of the application specific state transition diagram, iii) the construction of security requirements based on the rule of the identification of security requirements. The proposed method is helpful to identify the security requirements easily at an early phase of software development.

소프트웨어 개발 과정에서 보안 요구사항 식별은 그 중요성으로 최근에 관심이 주목되고 있다. 그러나 기존 방법들은 보안 요구사항 식별 방법과 절차가 명확하지 않았다. 본 논문에서는 소프트웨어 개발자가 보안 위협 위치의 상태전이도로부터 보안 요구사항을 식별하는 절차를 제안한다. 이과정은 상태전이도를 작성하는 부분과 어플리케이션 의존적인 보안 요구사항을 식별하는 부분으로 구성된다. 상태전이도 작성은 1) 공격자가 소프트웨어 취약성을 이용하여 자산을 공격한다는 것에 기반하여 기존에 발생했던 보안 실패 자료를 이용하여 소프트웨어의 취약성을 위협하는 위치를 식별하고, 2) 식별된 위협 위치에 해당하는 소프트웨어 취약성을 방어, 완화시킬 수 있는 상태전이도를 작성하는 과정으로 이루어진다. 어플리케이션 의존적인 보안 요구사항 식별과정은 1) 기능 요구사항을 분석 한 후, 위협 위치를 파악하고, 각 위협 위치 에 해당하는 상태전이도를 적용하고, 2) 상태전이도를 어플리케이션 의존적인 형태로 수정한 후, 3) 보안 요구사항 추출 규칙을 적용하여 보안요구사항을 작성하는 과정으로 구성된다. 제안한 방법은 소프트웨어 개발자가 소프트웨어 개발 초기에 모델을 적용하여 쉽게 보안 요구사항을 식별하는데 도움을 준다.

Keywords

References

  1. A. P. Moore, R. J. Ellison, R. C. Linger, 'Attack Modeling for Information Security and Survivability', CMU/SEI2001-TN-001, Mar., 2001
  2. A. P. Moore, R. J. Ellison, L. Bass, M. Klein, F. Bachmann, 'Security and Survivability Reasoning Frameworks and Architectural Design Tactics', CMU/SEI-2004-TN-022, 2004
  3. A. Hall and R. Chapman, 'Correctness by Construction', IEEE Software Vol.19, No.1, pp.18-25, 2002 https://doi.org/10.1109/52.976937
  4. A. V. Lamsweerde, 'Elaborating Security Requirements by Construction of Intentional Anti-Models', Proceedings of the 26th International Conference on Software Engineering (ICSE'04), pp.148-157, 2004
  5. M. Bishop, 'Vulnerabilities Analysis', Web proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (RAID'99), 1999
  6. B. Boehm, 'Software Engineering Economics', Prentice-Hall, 1981
  7. CC, Common Criteria for Information Technology Security Evaluation, Version 2.1, CCIMB-99-031, Aug., 1999
  8. L. Chung, B. Nixon, E. Yu, and J. Mylopoulos, 'Non-Functional Requirements in Software Engineering', Kluwer Academic Publishers, 1999
  9. L. M. Cysneiros and J. C. S. P. Leiter, 'Using UML to Reflect Non-Functional Requirements', Proceedigns of the 11 CASCON, IBM Canada, Toronto Nov 2001, pp.202-216, 2001
  10. L. M. Cysneiros, J. C. S. P. Leiter and J. S. M. Neto, 'A Framework for Integrating Non-Functional Requirements into Conceptual Models', Requirements Engineering Journal, Vol.6, Issue2, pp.97-115, Apr., 2001 https://doi.org/10.1007/s007660170008
  11. L. M. Cysneiros and J. C. S. P. Leiter, 'Integrating Non-Functional Requirements into data modeling', Proceedings of the 4th International Sysmposium on Requirements Engineering, pp.162-171, 1999
  12. D. G. Firesmith, 'Specifying Reusable Security Requirements', Journal of Object Technology(JOT), Vol.3, No.1, 2004 https://doi.org/10.5381/jot.2004.3.1.c6
  13. D. G. Firesmith, 'Security Use Case', Journal of Object Technoly(JOT), Vol.2, No.3, pp.53-64, May/Jun, 2003 https://doi.org/10.5381/jot.2003.2.3.c6
  14. G. McGraw, 'Software Security', IEEE Security & Privacy, pp.80-83, Mar/Apr., 2004 https://doi.org/10.1109/MSECP.2004.1281254
  15. G. Hoglund, G. McGraw, 'Exploiting Software: How to break code', Addison Wesley, 2004
  16. G. Sindre and A. L. Opdahl, 'Capturing Security Requirements through Misuse Cases', Proc. 14th Norwegian Informatics Conference, Norway, pp.26-28, Nov., 2001
  17. I. Alexander, 'Misuse Cases: Use Cases with Hostile Intent', IEEE Software Jan/Feb, 2003, pp.58-66, 2003 https://doi.org/10.1109/MS.2003.1159030
  18. I. V. Krsul, 'Computer Vulnerability Analysis', PhD thesis, Purdue University, 1998
  19. J. McDermott, 'Extracting Security Requirements by Misuse Cases', Proc. 27th Technology of Objected-Oriented Languages and Systems(TOOLS-37 Pacific 2000), Sydney, Australia, pp.120-131, 2000
  20. J. McDermott, C. Fox, 'Using Abuse Case Models for Security Requirements Analysis', Proc. Annual Computer Security Applications Conference (ACSAC'99), pp.55-64, 1999 https://doi.org/10.1109/CSAC.1999.816013
  21. J. A. Whittacker and M. Howard, 'Building More Secure Software With Improved Development Processes', IEEE Security & Privacy, Vol.2, Issue 6, pp.63-65 Nov/Dec., 2004 https://doi.org/10.1109/MSP.2004.95
  22. J. Viega, G. McGraw, 'Building Secure Software', Addison Wesley, 2004
  23. L. Liu, E. yu, J. Mylopoulos. 'Security and Privacy Requirements Analysis within a Social Setting', Proceedings of the 11th IEEE International Requirements Engineering Conference, pp.151-161, 2003
  24. L. M. Cysneiros and J. C. S. P. Leiter, 'Nonfunctional requirements: from elicitation to conceptual models', IEEE Transactions on Software Engineering, Vol.30, No.5, pp.328-350, May, 2004 https://doi.org/10.1109/TSE.2004.10
  25. M. Howard and D. C. LeBlanc, 'Writing Secure Code', 2nd Ed., Microsoft, 2003
  26. M. Schumacher and U. Roedig, 'Security Engineering with Patterns', In PLoP Proceedings 2001
  27. M. Schumacher, 'Security Patterns And Security Standards', in PLoP Proceedings 2001
  28. M. Schumacher and U. Roedig, 'Security Engineering with Patterns,' in PLoP Proceedings 2001
  29. G. McGraw, B. Potter, 'Software Security Testing', IEEE Security & Privacy, Vol.2, Issue 5, pp.81 -85, Sep/Oct., 2004 https://doi.org/10.1109/MSP.2004.84
  30. J. Jurjens, 'UMLsec : Extending UML for secure systems development', In UML 2002, 2002
  31. P. T. Devanbu, S. Stubblebine. 'Software Engineering for Security: A Roadmap', ICSE 2000, pp.227-239, 2000 https://doi.org/10.1145/336512.336559
  32. 서정국, 최경희, 정기현, 박승규, 심재홍, '인터넷 보안 시뮬레이션을 위한 공격모델링', 정보처리학회논문지C, 제11-C권 제2호, pp.183-192, 2004 https://doi.org/10.3745/KIPSTC.2004.11C.2.183
  33. 장세진, 최상수, 이강수, 최희봉, '보안 요구사항 도출 및 명세를 위한 CC기반 Misuse Case 모델', 정보과학회 2004년 춘계학술대회 Vol.31, No.1, pp.0277 -0279, 2004