DOI QR코드

DOI QR Code

An Adaptation of F(I)MEA Technique for security analysis on Software Defined Network Technology for IoT services

사물인터넷 서비스를 위한 소프트웨어 정의 네트워크 기술의 보안 분석을 위한 F(I)MEA 기법 적용

  • Kim, Green (Division of IT Convergence Information Security, Konkuk University) ;
  • Han, Keun-Hee (Graduate School of Information Security, Korea University) ;
  • Kim, Kee-Cheon (Division of Computer Science and Engineering, Konkuk University)
  • 김그린 (건국대학교 IT융합 정보보호학과) ;
  • 한근희 (고려대학교 정보보호대학원) ;
  • 김기천 (건국대학교 컴퓨터공학과)
  • Received : 2016.03.15
  • Accepted : 2016.03.30
  • Published : 2016.03.31

Abstract

The rapid development of IoT leads new kinds of services which does not existed. And, it requires several changes on existing network. Software Defined Network is one of the future network technology which can deal with problems from these kinds of changes. The strong point of Software Defined Network is flexibility and scalability. However, In some cases, these factors could be the security vulnerabilities. In this paper, we present adaptation of F(I)MEA technique for the security analysis on Software Defined Network Technology for IoT services.

Acknowledgement

Supported by : 정보통신기술진흥센터

References

  1. AlgirdasAvizienis,Jean-ClaudeLaprie,BrianRandell,CarlLandwehr."BasicConceptsandTaxonomyofDependableandSecureComputing".Jan2004.
  2. M.Coughlin."ASurveyofSDNSecurityResearch".
  3. S.Scott-Hayward,S.Natarajan,S.Sezer"ASurveyofSecurityinSoftwareDefinedNetworks".CommunicationsSurveys&Tutorials,IEEE,2015.
  4. S.Scott-Hayward,G.O'CallaghanandS.Sezer"SDNsecurity:Asurvey",FutureNetworksandServices,IEEE,2013.
  5. R.Kloeti,"OpenFlow:ASecurityAnalysis,"Available:ftp://yosemite.ee.ethz.ch/pub/students/2012-HS/MA-2012-20-signed.pdf,2013.
  6. KevinBenton,L.JeanCamp,ChrisSmall."OpenFlowvulnerabilityassessment",ProceedingsofthesecondACMSIGCOMMworkshoponHottopicssoftwaredefinednetworking.2013.
  7. DiegoKreutz,FernandoM.V.Ramos,PauloVerssimo,"Towardssecureanddependablesoftware-definednetworks",ProceedingsofthesecondACMSIGCOMMworkshoponHottopicsinsoftwaredefinednetworking.2013.
  8. A.Gorbenko,V.Kharchenko,O.Tarasyuk,A.Furmanov"F(I)MEA-techniqueofWebServicesAnalysisandDependabilityEnsuring",LectureNotesinComputerScience,2006.
  9. E.Babeshko,V.Kharchenko,A.Gorbenko,"ApplyingF(I)MEA-techniqueforSCADA-basedIndustrialControlSystemsDependabilityAssessmentandEnsuring",DepCoS-RELCOMEX,2008.
  10. O.Illiashenko,V.Kharchenko,A.Kovalenko,"CyberSecurityLifecycleandAssessmentTechniqueforFPGA-basedI&Csystems",Design&TestSymposium,2013.
  11. ISO/IEC27000,Informationtechnology-Securitytechniques-Informationsecuritymanagementsystems-Overviewandvocabulary,InternationalOrganizationforStandardizationandInter nationalElectrotechnicalCommission,2009.
  12. ISO/IEC27001:2005,Informationtechnology-Securitytechniques-Informationsecuritymanagementsystems-Requirements,InternationalOrganizationforStandardizationandInternationalElectrotechnicalCommission,2005.
  13. ISO/IEC27002:2005,Informationtechnology-Securitytechniques-Codeofpracticeforinformationsecuritymanagement,InternationalOrganizationforStandardizationandInternationalElectrotechnicalCommission,2005
  14. ISO31000,RiskManagement,Riskassessmenttechniques,InternationalOrganizationforStandardizationandInternationalElectrotechnicalCommission,2009.