융합정보논문지 (Journal of Convergence for Information Technology)

중소기업융합학회 (Convergence Society for SMB)
권호 표지
DOI QR코드

DOI QR Code

5G 통신 네트워크 가상화 환경에서 보안 서비스의 위협 진단 체크리스트

Threat Diagnostic Checklists of Security Service in 5G Communication Network Virtualization Environment

  • 홍진근 (백석대학교 미래기술융합연구소/스마트IT공학부)
  • Hong, Jin-Keun (FCTech/Division of Smart IT Engineering, Baekseok University)
  • 투고 : 2021.09.06
  • 심사 : 2021.10.20
  • 발행 : 2021.10.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 논문의 연구목적은 5G 통신네트워크 보안에서 표준화가 진행되고 있는 상황에서 주요 고려 사항인 슬라이싱 보안 정책에 대한 방향을 검토하고, 5G 통신 네트워크 가상화의 보안 취약점 진단 항목들을 도출하며, 위험관리에 대한 주요 논의 사항들을 분석하고 제시하는데 있다. 연구방법은 유럽 핵심보안 연구기관인 ENISA(European Union Agency for Cybersecurity)의 5G 통신네트워크의 가상화 보안 정책 방향과, 국외 주요 관련 저널로부터 5G 통신네트워크의 가상화 보안정책과 취약점 분석 등의 연구 내용을 분석에 활용하였다. 본 논문의 연구 결과에서는 5G 통신 네트워크의 가상화 보안에서 보안구조를 정리하였고, 보안 위협들과 위험관리 요소를 도출하였다. 또한 위험관리 영역에서 보안 서비스별로 취약점 진단 항목들을 도출하였다. 본 연구의 기여도는 여전히 논의 되고 있는 5G 통신 네트워크 가상화 보안에서 보안 위협 항목들을 요약하였다는 것과, 유럽의 5G 통신네트워크 사이버보안 방향을 파악 할 수 있었다는 것, 그리고 5G 통신 네트워크의 가상화 보안에 고려되어야 하는 취약점 진단 항목들을 도출하였다는 데 있다. 아울러 본 연구의 결과는 국내 5G 통신네트워크 가상화 보안을 위한 취약점 진단 항목들을 개발하는데 기초 자료로 활용 될 수 있다. 향후 5G 통신네트워크 가상화 보안의 취약점 진단 항목에 대한 상세한 진단 프로세스를 연구하는 것이 필요하다.

The purpose of this paper is to review the direction of the slicing security policy, which is a major consideration in the context of standardization in 5G communication network security, to derive security vulnerability diagnosis items, and to present about analyzing and presenting the issues of discussion for 5G communication network virtualization. As for the research method, the direction of virtualization security policy of 5G communication network of ENISA (European Union Agency for Cybersecurity), a European core security research institute, and research contents such as virtualization security policy and vulnerability analysis of 5G communication network from related journals were used for analysis. In the research result of this paper, the security structure in virtualization security of 5G communication network is arranged, and security threats and risk management factors are derived. In addition, vulnerability diagnosis items were derived for each security service in the risk management area. The contribution of this study is to summarize the security threat items in 5G communication network virtualization security that is still being discussed, to be able to gain insights of the direction of European 5G communication network cybersecurity, and to derive vulnerabilities diagnosis items to be considered for virtualization security of 5G communication network. In addition, the results of this study can be used as basic data to develop vulnerability diagnosis items for virtualization security of domestic 5G communication networks. In the future, it is necessary to study the detailed diagnosis process for the vulnerability diagnosis items of 5G communication network virtualization security.

키워드

과제정보

This paper is supported of funding of Project of Baekseok University

참고문헌

  1. R. Khondoker. (2018). SDN and NFV Security: Security Analysis of Software-Defined Networking and Network Function Virtualization (Vol. 30). Springer LNCS Publishing.
  2. Abdullah Jameel Rowaished, Mohammed Mubarak Ghefaily (2021). An Overview into Applications and Risks in 5G NR Technology. Journal of IJECE, 8(3), 1-2. DOI : 10.14445/23488549/IJECE-V8I3P103
  3. B. Young & E. B. ChoiMatthew. (2021). The Security Risks and Challenges of 5G Communications. International Journal of Cyber Research and Education, 3(2), 36-53. DOI : 10.4018/IJCRE.2021070104
  4. Y. Wu, L. Wang, D. Cheng & T. Dai (2021). Information security decisions of firms considering security risk interdependency. Journal of Expert Systems with Applications, 178, 1-15. DOI : 10.1016/j.eswa.2021.114990
  5. M. Siavvas, D. Tsoukalas, M. Jankovic & D. Kehagias & D. Tzovaras. (2020). Technical debt as an indicator of software security risk: a machine learning approach for software development enterprises. Enterprise Information Systems, 1-43. DOI : 10.1080/17517575.2020.1824017
  6. M. Kataev, L. Bulysheva, L. Xu, Y. Ekhlakov, N. Permyakova & V. Jovanovic. (2020). Fuzzy model estimation of the risk factors impact on the target of promotion of the software product. Enterprise Information Systems, 14(6), 797-81. DOI : 10.1080/17517575.2020.1713407
  7. J. Singh, A. Refaey & A. Shami. (2020). Multilevel Security Framework for NFV Based on Software Defined Perimeter. Journal of IEEE Network, 34(5), 114-119. DOI : 10.1109/MNET.011.1900563
  8. T. UcedaVelez. (2012). Real World Threat Modeling Using the PASTA Methodology. OWASP. Technical report. https://www.owasp.org/images/a/aa/AppSecEU2 012_PASTA.pdf.
  9. P. Saitta, B. Larcom & M. Eddington. (2005) Trike v1 methodology document. Draft, work in progress. http://dymaxion.org/trike/Trike_v1_Methodology_Documentdraft.pdf.
  10. B. Schneier. (1999). Attack trees. Dr. Dobb's J. Technical report(Online). https://www.schneier.com/academic/archives/1999/12/attack_trees.html.
  11. J. Jurjens. (2002). UMLsec: Extending UML for secure systems development. In International Conference on The Unified Modeling Language (pp. 412-425). Springer, Berlin, Heidelberg. DOI : 10.1007/3-540-45800-X_32
  12. C. Alberts et al. (2003). Introduction to the OCTAVE approach. Carnegie Mellon University, Pittsburgh, PA
  13. I. Alexander. (2003). Misuse cases: use cases with hostile intent. IEEE Software, 20(1), 58-66. DOI : 10.1109/MS.2003.1159030
  14. H. Lohr et al. (2009). Modeling trusted computing support in a protection profile for high assurance security kernels. In International conference on trusted computing (pp. 45-62). Springer, Berlin, Heidelberg.
  15. D. Czagan. (2014). Qualitative Risk Analysis with the DREAD Model. Technical report(Online). http://resources.infosecinstitute.com/qualitative-risk-analysis-dread-model.
  16. M. S. Lund, B. Solhaug & K. Stolen. (2010). Model-driven risk analysis: the CORAS approach. Springer Science & Business Media.
  17. Cyral. (n.d.). Threat Modeling With STRIDE(Online). https://cyral.com/glossary/threat-modeling-with-stride/
  18. H. J. Mun & G. H. Choi & Y. C. Hwang. (2016). Countermeasure to underlying security threats in IoT communication. Journal of Convergence for Information, 6(2), 37-43. DOI : 10.22156/CS4SMB.2016.6.2.037
  19. J. H. Won, J. W. Hong & Y. Y. You. (2018). A study on the improvement of security threat analysis and response technology by IoT layer. Journal of Convergence for information, 8(6), 149-157. DOI : 10.22156/CS4SMB.2018.8.6.149
  20. J. K. Cho. (2019). Study on improvement of vulnerability diagnosis items for PC security enhancement. Journal of Covergence for Information, 9(3), 1-7. DOI : 10.22156/CS4SMB.2019.9.3.001