DOI QR코드

DOI QR Code

A Method for Quality Evaluation of Firewall

침입차단시스템의 품질평가 방법

  • 이하용 (서울벤처정보대학원대학교 정보관리학과) ;
  • 권원일 ((주)STA컨설팅) ;
  • 양해술 (호서대학교 벤처전문대학원 정보경영학과)
  • Received : 2010.10.06
  • Accepted : 2010.12.17
  • Published : 2010.12.31

Abstract

International standard is the documents that is constructed based on general and common characteristics of software. Thus, it is necessary to consider the characteristics of product and optimize the evaluation method by using related standard to adapt to some specific knowledge information security products. Also, because rapid development of software field was obliged to change the international standard, the content and construction of standard has changed, it is necessary to construct the evaluation method with this change. In this paper, we developed the evaluation model that can support the quality enhancement by evaluating the quality level and extracting the improvement method of firewall. For this, we surveyed and analyzed the trend and the technical elements of firewall and considering the general quality requirements and unique quality requirements, and proposed the quality evaluation model and method.

Keywords

Firewall;Knowledge Information Security;Quality Evaluation

References

  1. 권원일, "지식정보보안 제품별 품질평가 방법론 연구", 한국인터넷진흥원 위탁연구과제 최종보고서, 2009. 11.
  2. ISO/IEC 15408-1:2009 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 1: Introduction and general model.
  3. ISO/IEC 15408-2:2008 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2: Security functional components.
  4. ISO/IEC 15408-3:2008 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 3: Security assurance components.
  5. ISO/IEC 25000:2005 Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) -- Guide to SQuaRE.
  6. 홍만표 역, Panko, R. Raymond, "정보보호개론 (Corporate Computer and Nework Security)", 한티미디어, 2006.
  7. IDC, "세계 정보보호산업 시장 전망 보고", 2008.
  8. ISO/IEC 9126, "Information Technology - Software Quality Characteris- tics and metrics - Part 1, 2, 3".
  9. ISO/IEC 14598, "Information Technology - Software product evaluation - Part 1,2,3,4,5,6".
  10. 한국정보보호진흥원, "침입차단시스템 보호프로파일 V2.0", 2008. 4.
  11. Azuma, M., "Software Quality Evaluation System : Quality Models, Metrics and Processes - International Standards and Japanese Practice", Information and Software Technology, 1996.
  12. Moller, K.H. and Paulish, D.J., "Software Metrics", Chapmen & Hall(IEEE Press), 1993.
  13. ISO/IEC 12119, "Information Technology - Software Package - Quality requirement and testing".
  14. 정지환, 김상영, 황션명, "네트워크 보안성능 평가방법에 관한 연구", 2001.
  15. KISA 연구보고서, "통합시스템 보안성 평가체계 및방법 연구", 2006.
  16. KISA 연구보고서, "정보보호제품 성능시험 및 보안취약성 분석 연구", 2002.