DOI QR코드

DOI QR Code

A Study on Analysis of Security Functional Requirements for Virtualization Products through Comparison with Foreign Countries' Cases

해외 사례 비교를 통한 가상화 제품의 보안기능 요구사항 분석에 관한 연구

  • Lee, Ji-Yeon (Department of Business Administration, Dongnam Health University)
  • 이지연 (동남보건대학교 경영학과)
  • Received : 2019.05.28
  • Accepted : 2019.08.20
  • Published : 2019.08.28

Abstract

The importance of security for virtualization products has been increased with the activation policy of cloud computing and it is necessary to analyze cyber security threats and develop security requirements for virtualization products to provide with more secure cloud environments. This paper is a preliminary study with the purpose of developing security functional requirements through analyzing security features and cyber security threats as well as comparison of foreign countries' cases for virtualization products. To do this, the paper compares evaluation schemes for virtualization products in US and UK foreign countries, and analyzes the cyber security threats, security objectives and security requirements in both countries. Furthermore, it proposes the essential checking items and processes for developing security functional requirements about security features of virtualization products to contribute to its more secure development and the establishment of related security evaluation standards.

References

  1. J. H. Jung. (2017). An Exploratory Study for Activating Cloud Computing: Focusing on Legislative Alternatives. Journal of Korean Association for Regional Society, 20(4), 73-96.
  2. S. W. Ahn. (2019). Policy and Directions for Revitalizing Domestic Cloud Computing. Research Report of Software Policy & Research Institute, 2018-009, 1-103.
  3. E. B. Choi. (2018). A Virtualization Management Convergence Access Control Model for Cloud Computing Environments. Journal of Convergence for Information Technology, 8(5), 69-75. https://doi.org/10.14801/JAITC.2018.8.2.69
  4. S. H. Lee. (2015). Cloud Computing Issues and Security Measure. Journal of Convergence for Information Technology, 5(1), 31-35. https://doi.org/10.22156/CS4SMB.2015.5.1.031
  5. S. Y. Choi & K. M. Jeong. (2018). The Security Architecture for Secure Computing Environment. Journal of the Korea of Computer and Information, 23(12), 81-87.
  6. I. S. Lee & D. M. Jang. (2017). A Study on Methods for Providing Security Service in Cloud Computing. Proceedings of Symposium of the Korean Institute of Communications and Information Sciences, 1052-1053.
  7. Y. S. Kim. (2014). Technical Trends on Hypervisor-based Virtualization Security in Cloud Computing, KISA Internet & Security Focus.
  8. CCMB. (2017). Common Criteria for Information Technology Security Evaluation. Version 3.1, Revision 5.
  9. J. H. Park, S. Y. Kang & S. J. Kim. (2018). Study of Security Requirements of Smart Home Hub through Threat Modelling Analysis and Common Criteria, Journal of the Korea Institute of Information Security & Cryptology, 28(2), 513-528. https://doi.org/10.13089/JKIISC.2018.28.2.513
  10. W. R. Jeon, J. Y. Kim, Y. S. Lee & D. H. Won. (2006). Development of Protection Profile for Smartphone Operating System based on Common Criteria 3.1. Journal of the Korea Institute of Information Security & Cryptology, 22(1), 117-130.
  11. D. B. Lee. (2015). A Study on Protection Profile for Multi-Function Devices. Journal of The Korea Institute of Information Security and Cryptology, 25(5), 1257-1258. https://doi.org/10.13089/JKIISC.2015.25.5.1257
  12. J. H. Kim. H. M. Jung & H. J. Cho. (2017). Design Plan of Secure IoT System based on Common Criteria. Journal of the Korea Convergence Society, 8(10), 61-66. https://doi.org/10.15207/JKCS.2017.8.1.061
  13. CPA(Commercial Product Assurance). https://www.ncsc.gov.uk/scheme/commercial-product-assurance-cpa.
  14. NCSC. (2018). CPA Security Characteristic, CPA-SC Server Virtualisation 1.22.
  15. NCSC. (2018). CPA Security Characteristic, CPA-SC Client Virtualisation 1.22.
  16. NIAP(National Information Assurance Partnership). https://www.niap-ccevs.org.
  17. NIAP. (2016). Protection Profile for Virtualization Version 1.0. https://www..niap-ccevs.org/Profile/PP.cfm.
  18. NIAP. (2016). Extended Package for Server Virtualization Version 1.0. https://www..niap-ccevs.org/Profile/PP.cfm.
  19. NIAP. (2016). Extended Package for Client Virtualization Version 1.0. https://www..niap-ccevs.org/Profile/PP.cfm.
  20. S. Y. Ma, J. H. Ju & J. S. Moon. (2015). The Security Requirements Suggestion based on Cloud Computing Security Threats for Server Virtualization System. Journal of the Korea Institute of Information Security & Cryptology, 25(1), 95-105. https://doi.org/10.13089/JKIISC.2015.25.1.95
  21. F. Swiderski & W. Snyder. (2004). Threat Modeling. Microsoft Press.
  22. J. H. Lee, H. Lee & I. H. Kang. (2015). Technical Trends on Threat Modelling for Secure Software Development. Review of Korea Institute of Information Security and Cryptology,25(1), 32-38.