DOI QR코드

DOI QR Code

해외 사례 비교를 통한 가상화 제품의 보안기능 요구사항 분석에 관한 연구

A Study on Analysis of Security Functional Requirements for Virtualization Products through Comparison with Foreign Countries' Cases

  • 이지연 (동남보건대학교 경영학과)
  • Lee, Ji-Yeon (Department of Business Administration, Dongnam Health University)
  • 투고 : 2019.05.28
  • 심사 : 2019.08.20
  • 발행 : 2019.08.28

초록

클라우드 컴퓨팅 활성화 정책에 따라 가상화 제품에 대한 보안 중요성이 증가하였으며, 보다 안전한 클라우드 환경을 운영하기 위해서는 가상화 제품에 대한 사이버 보안위협 분석 및 보안요구사항 개발이 필요하다. 본 논문은 가상화 제품에 대한 보안특징 및 사이버 보안위협 분석을 통해 보안기능 요구사항 개발을 위한 사전 연구 목적으로 수행되었다. 이를 위해, 미국 및 영국에서 가상화 제품의 보안성 평가를 위해 사용하고 있는 평가제도와 가상화 제품에 대한 보안위협, 보안목적 및 보안요구사항들을 비교했다. 또한, 가상화 제품의 보안특징과 관련된 핵심적인 보안기능 요구사항 개발을 위한 항목 및 절차를 제안하여 보다 안전한 가상화 제품 개발 및 보안 평가기준 마련에 기여하고자 한다.

The importance of security for virtualization products has been increased with the activation policy of cloud computing and it is necessary to analyze cyber security threats and develop security requirements for virtualization products to provide with more secure cloud environments. This paper is a preliminary study with the purpose of developing security functional requirements through analyzing security features and cyber security threats as well as comparison of foreign countries' cases for virtualization products. To do this, the paper compares evaluation schemes for virtualization products in US and UK foreign countries, and analyzes the cyber security threats, security objectives and security requirements in both countries. Furthermore, it proposes the essential checking items and processes for developing security functional requirements about security features of virtualization products to contribute to its more secure development and the establishment of related security evaluation standards.

키워드

참고문헌

  1. J. H. Jung. (2017). An Exploratory Study for Activating Cloud Computing: Focusing on Legislative Alternatives. Journal of Korean Association for Regional Society, 20(4), 73-96.
  2. S. W. Ahn. (2019). Policy and Directions for Revitalizing Domestic Cloud Computing. Research Report of Software Policy & Research Institute, 2018-009, 1-103.
  3. E. B. Choi. (2018). A Virtualization Management Convergence Access Control Model for Cloud Computing Environments. Journal of Convergence for Information Technology, 8(5), 69-75. https://doi.org/10.14801/JAITC.2018.8.2.69
  4. S. H. Lee. (2015). Cloud Computing Issues and Security Measure. Journal of Convergence for Information Technology, 5(1), 31-35. https://doi.org/10.22156/CS4SMB.2015.5.1.031
  5. S. Y. Choi & K. M. Jeong. (2018). The Security Architecture for Secure Computing Environment. Journal of the Korea of Computer and Information, 23(12), 81-87.
  6. I. S. Lee & D. M. Jang. (2017). A Study on Methods for Providing Security Service in Cloud Computing. Proceedings of Symposium of the Korean Institute of Communications and Information Sciences, 1052-1053.
  7. Y. S. Kim. (2014). Technical Trends on Hypervisor-based Virtualization Security in Cloud Computing, KISA Internet & Security Focus.
  8. CCMB. (2017). Common Criteria for Information Technology Security Evaluation. Version 3.1, Revision 5.
  9. J. H. Park, S. Y. Kang & S. J. Kim. (2018). Study of Security Requirements of Smart Home Hub through Threat Modelling Analysis and Common Criteria, Journal of the Korea Institute of Information Security & Cryptology, 28(2), 513-528. https://doi.org/10.13089/JKIISC.2018.28.2.513
  10. W. R. Jeon, J. Y. Kim, Y. S. Lee & D. H. Won. (2006). Development of Protection Profile for Smartphone Operating System based on Common Criteria 3.1. Journal of the Korea Institute of Information Security & Cryptology, 22(1), 117-130.
  11. D. B. Lee. (2015). A Study on Protection Profile for Multi-Function Devices. Journal of The Korea Institute of Information Security and Cryptology, 25(5), 1257-1258. https://doi.org/10.13089/JKIISC.2015.25.5.1257
  12. J. H. Kim. H. M. Jung & H. J. Cho. (2017). Design Plan of Secure IoT System based on Common Criteria. Journal of the Korea Convergence Society, 8(10), 61-66. https://doi.org/10.15207/JKCS.2017.8.1.061
  13. CPA(Commercial Product Assurance). https://www.ncsc.gov.uk/scheme/commercial-product-assurance-cpa.
  14. NCSC. (2018). CPA Security Characteristic, CPA-SC Server Virtualisation 1.22.
  15. NCSC. (2018). CPA Security Characteristic, CPA-SC Client Virtualisation 1.22.
  16. NIAP(National Information Assurance Partnership). https://www.niap-ccevs.org.
  17. NIAP. (2016). Protection Profile for Virtualization Version 1.0. https://www..niap-ccevs.org/Profile/PP.cfm.
  18. NIAP. (2016). Extended Package for Server Virtualization Version 1.0. https://www..niap-ccevs.org/Profile/PP.cfm.
  19. NIAP. (2016). Extended Package for Client Virtualization Version 1.0. https://www..niap-ccevs.org/Profile/PP.cfm.
  20. S. Y. Ma, J. H. Ju & J. S. Moon. (2015). The Security Requirements Suggestion based on Cloud Computing Security Threats for Server Virtualization System. Journal of the Korea Institute of Information Security & Cryptology, 25(1), 95-105. https://doi.org/10.13089/JKIISC.2015.25.1.95
  21. F. Swiderski & W. Snyder. (2004). Threat Modeling. Microsoft Press.
  22. J. H. Lee, H. Lee & I. H. Kang. (2015). Technical Trends on Threat Modelling for Secure Software Development. Review of Korea Institute of Information Security and Cryptology,25(1), 32-38.