Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Decision on Replacing Components of Security Functions in COTS Based Information Systems in Security Environment Utilizing ARP

AHP 기법을 이용한 보안환경을 고려한 COTS 기반 정보시스템의 보안기능 컴포넌트 대체 수준 의사결정

  • Choi, Myeong-Gil (Department of Business Administration, Chung-Ang University) ;
  • Hwang, Won-Joo (Department of Information and Communications Engineering, UHRC, Inje University) ;
  • Kim, Myoung-Soo (College of Business Administration, Kangwon National University)
  • Published : 2009.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Enterprises and governments currently utilize COTS (Commercial off-the-Shelf) based information systems which are a kind of component based systems. Especially, COTS are widely utilized as components of information security systems and information systems. This paper suggests an appropriate adaptation level and a cost effective priority to replace security functional components in security environment. To make a cost effective decision on adapting security functional components, this paper develops a hierarchical model of information security technologies and analyzes findings through multiple decision-making criteria.

기업과 정부기관은 COTS를 사용한 정보시스템을 개발하고 있다. 특히, COTS는 정보보호시스템과 정보시스템의 컴포넌트로 활용되고 있다. 본 연구는 보안기능 개발을 위해서 필요한 COTS의 선택 수준과 비용을 고려할 때 COTS 컴포넌트의 우선순위를 제시한다. 보안기능 컴포넌트 선택과 관련된 비용 효과적인 의사결정을 위하여, 본 연구는 정보보호기술을 계층화하고, 다기준의사결정 기법을 사용하여 COTS 컴포넌트의 우선순위를 제시한다.

Keywords

References

  1. 김기현 외, "정보보호 기술 분류", 통신정보보호학회지, 제8권, 제1호, 1998.
  2. 김수동, "객체와 컴포넌트, 그리고 프레임웍", 정보처리학회지, 제10권, 제3호, 2003.
  3. 최성, 윤태권, "CBD 현황과 전망", 정보처리학회지, 제10권, 제3호, 2003.
  4. D.Carney, Assembling Large Systems from COTS Components: Opportunities, Cautions, and Complexities SEI Monographs on Use of Commercial Software in Government Systems, Software Engineering Institute, Pittsburgh, USA, June, 1996.
  5. Meeson, Reginald, Analysis of Secure Wrapping Technologies, Institute for Defense Analyses Alexandria, Va, 1997.
  6. K.Wallnau, Carney and B. Pollabk, How COTS Software Affects the Design of COTS-Intensive Systems, SEI Interactive, June, 1998.
  7. T. L. Saaty, Decision Making for Leaders: The Analytical Hierarchy Process for Decisions in a Complex World, RWS Publications, 1995.
  8. C.Abts, B. Boehms, E.B.Clark, "COCOTS: A COTS Software Integration and Cost Model-Model Overview and Preliminary Data Findings", ESCOM, 2000.
  9. C.Abts, B.Boehms, and E.B.Clark, "COCOTS:A Software COTS-Based Systems Cost Model-Evolving Towards Maintenance Phase Modeling", ESCOM, 2001.
  10. Thomas G.Baker, "Lessons Learned Integrating COTS into Systems", ICCBSS 2002, Lecture Notes in Computer Science, pp.21-30, 2002.
  11. Nicky Boertien, Maarten W.A.Steen, Henk Honkers, "Evaluation of Component-Base-d Development Methods", Proceedings of Sixth CAiSE/IFIP8.1 International Workshop on Evaluation of Modeling Methods in Systems Analysis and Design, 4-5 June, 2001.
  12. Christine L. Braun, "A lifecycle process for the effective reuse of commercial off-the-shelf (COTS) software", Proceedings of the Symposium on Software reusability, pp.29-36, 1999.
  13. Committee on National Security Systems, National Information systems Security Glossary, No. 4009, 2003
  14. Committee on National Security Systems, Revised Fact Sheet, National Information Acquisition Policy, No.11, 2003.
  15. John C. Dean, CD, and Li Li, "Issues in Developing Security Wrapper Technology for COTSs Software Products", ICCBSS 2002, Lecture Notes in Computer Science, Vol. 2255, pp.76-85. 2002. https://doi.org/10.1007/3-540-45588-4_8
  16. J.C. Dean, "Security Wrapper Technology for COTS Software Products", Proceedings of 13th Annual Software Technology Conference, Utah, 2001.
  17. Anthony Earl, "Five Hurdles to the Successful Adoption of Component-Based COTS in a Corporate Setting", ICCBSS 2002, Lecture Notes in Computer Science, Vol.2255, pp.97-107, 2002. https://doi.org/10.1007/3-540-45588-4_10
  18. D.Kunda and L.Brooks, "Identifying and Classifying Processes that Support COTS Component Selection: A Case Study", European Journal of information Systems, Vol.9, No.4, pp.226-234, 2000. https://doi.org/10.1057/palgrave/ejis/3000376
  19. Douglas Kunda, "STACE: Social Technical Approach to COTS Software Evaluation", Component-Bases Software Quality, Lecture Notes in Computer Science, Vol.2693, pp.64-84, 2003. https://doi.org/10.1007/978-3-540-45064-1_4
  20. Maurizio Morisio and Marco Torchiano, "Definition and Classification of COTS: A Proposal", 1st International Contierenee, ICCBSS2002, Lecture Notes in Computer Science, Vol.2255, pp.21-35. 2002. https://doi.org/10.1007/3-540-45588-4_3
  21. NIST, "Security Requirement for Cryptographic Module", FIPS 140-2, 1994.
  22. M.Ochs, D.pfahl, G.. Chrobok-Diening and B. Nothhelfer-Kolb B., "A COTS Acquisition Process: Definition and Application Experience", Proceedings of 11th ESCOM Conference, 2000.
  23. Kie Sung Oh and et al., "A Selection Process of COTS Components Based on the Quality of Software in a Special Attention to Internet", HIS, Lecture Notes in Computer Science, Vol.2713, pp.626-631. 2003. https://doi.org/10.1007/3-540-45036-X_66
  24. Donald J.Reifer and et al., "Estimating the Cost of Security for COTS Software", ICCBSS2003, Lecture Notes in Computer Science, Vol. 2580, pp.178-186. 2003. https://doi.org/10.1007/3-540-36465-X_17
  25. R.Solms, J.H.P.Eloff and S.H.Soms, "Computer Security Management: A Framework for Effective Management Involvement", Information Age, Vol.24, No.4, Oct., pp.217-222. 1990.
  26. Fan Ye and Tim Kelly, "COTS Products Selection for Safety-Critical Systems", ICCBSS 2004, Lecture Notes in Computer Science Vol. 2959, pp.53-62. 2004. https://doi.org/10.1007/978-3-540-24645-9_17