DOI QR코드

DOI QR Code

Construction of Security Evaluation Criteria for Web Application Firewall

웹방화벽의 보안성 평가 기준의 구축

  • Lee, Ha-Yong (Dept. of Fusion Industry, Seoul Venture University) ;
  • Yang, Hyo-Sik (Samil PricewaterhouseCoopers IT Risk & Security)
  • 이하용 (서울벤처대학원대학교 융합산업학과) ;
  • 양효식 (삼일회계법인 IT Risk & Security)
  • Received : 2017.03.08
  • Accepted : 2017.05.20
  • Published : 2017.05.28

Abstract

To achieve web application security goals effectively by providing web security features such as information leakage prevention, web application firewall system must be able to achieve the goal of enhancing web site security and providing secure services. Therefore, it is necessary to study the security evaluation of web application firewall system based on related standards. In this paper, we analyze the requirements of the base technology and security quality of web application firewall, and established the security evaluation criteria based on the international standards for software product evaluation. Through this study, it can be expected that the security quality level of the web application firewall system can be confirmed and the standard for enhancing the quality improvement can be secured. As a future research project, it is necessary to continuously upgrade evaluation standards according to international standards that are continuously changing.

웹방화벽이 정보유출방지 등의 웹 보안 기능을 효과적으로 제공하여 웹 애플리케이션 보안이라는 목표를 달성하기 위해서는 웹사이트 보안 강화와 안전한 서비스 제공이라는 목표를 달성할 수 있어야 한다. 따라서 관련된 표준을 근간으로 웹방화벽시스템의 보안성 평가를 체계적으로 수행할 수 있는 연구가 필요하다. 본 논문에서는 웹방화벽시스템의 기반 기술과 웹방화벽의 보안성 품질에 관한 요구사항을 분석하고 소프트웨어 제품평가에 관한 국제표준과 정보보안 관련 제품의 평가에 관련된 표준을 근간으로 보안성 품질을 평가하는 기준을 구축하였다. 본 연구를 통해 웹방화벽시스템의 보안성 품질수준을 확인하고 품질향상을 제고할 수 있는 기준의 확보를 기대할 수 있을 것으로 사료된다. 향후 연구과제로 지속적으로 변화하고 있는 국제표준에 따라 평가기준을 지속적으로 업그레이드할 필요가 있다.

Keywords

References

  1. Byung-Jun Jeon, Deok-Byeong Yoon, Seung-Soo Shin, “Improved Integrated Monitoring System Design and Construction,” Journal of Convergence Society for SMB, Vol. 7, No. 1, pp. 25-33, 2017. 2.
  2. Sunghyuck Hong, "DDos attack traffic through the analysis of responses to research," Journal of Convergence Society for SMB, Vol. 4, No. 3, p. 1, 2014. 8.
  3. Bae-Keun Kang, "Research about Quality Analysis of Web Fire Wall System," The Graduate School of Hoseo University, 2009.
  4. Yun-A Hur, Keun-Ho Lee, “A Study on Countermeasures of Convergence for Big Data and Security Threats to Attack DRDoS in U-Healthcare Device,” Journal of the Korea Convergence Society, Vol. 6, No. 4, pp. 243-248, 2015. 8. https://doi.org/10.15207/JKCS.2015.6.4.243
  5. Ju-Hye Oh, Keun-Ho Lee, “Attack Scenarios and Countermeasures using CoAP in IoT Environment,” Journal of the Korea Convergence Society, Vol. 7, No. 4, pp. 33-38, 2016. 7. https://doi.org/10.15207/JKCS.2016.7.4.033
  6. Ha-Young Lee, Hyo-Sik Yang, “Development of Functional Suitability Evaluation Measure of DRM Software,” Journal of digital Convergence , Vol. 14, No. 5, pp. 293-300, 2016. https://doi.org/10.14400/JDC.2016.14.5.293
  7. Ha-Yong Lee, Jung_Gyu Kim, “Quality Evaluation Model about Efficiency for Fingerprint Recognition System,” Journal of digital Convergence, Vol. 12, No. 6, pp. 215-216, 2014. https://doi.org/10.14400/JDC.2014.12.6.215
  8. Sang-Won Kang, In-Oh Jeon, Hae-Sool Yang, "Usability Quality Evaluation Plan of DRM Softwares," Proceedings of The Korea Academia-Industrial Cooperation Society, 2010. 11.
  9. Wikipedia, https://ko.wikipedia.org/wiki/%EC%9B%B9%EB%B0%A9%ED%99%94%EB%B2%BD, 2017. 2. 9.
  10. Sang-Soo Hong, http://www.ciociso.com/news/articleView.html?idxno=11072, 2017. 2. 9.
  11. You-Ji Lee, http://byline.network/2016/06/1-206/, 2017. 2. 10.
  12. ISO/IEC 15408, Information technology--Security techniques--Evaluation criteria for IT security, 1999.
  13. ISO/IEC 18045, Information technology == Security techniques--Methodology for IT security evaluation, 2005.
  14. ISO/IEC 9126-1, 2, 3, 4, Software engineering--Product quality--Part 1, 2, 3, 4, 2001.
  15. ISO/IEC 25041, Systems and software engineering--Systems and software Quality Requirements and Evaluation(SQuaRE)--Evaluation guide for developers, acquirers and independent evaluators, 2012.
  16. ISO/IEC 25051, Systems and software engineering--Systems and software Quality Requirements and Evaluation(SQuaRE)--Requirements for quality of Ready to Use Software Product(RUST) and instructions for testing, 2014.