• Title/Summary/Keyword: 사이버보안 시험평가

Search Result 11, Processing Time 0.023 seconds

A study on the application of mission-based weapon system cybersecurity test and evaluation (임무 기반의 무기체계 사이버보안 시험평가 적용 연구)

  • Kim, Ik-jae;Kang, Ji-won;Shin, Dong-kyoo
    • Journal of Internet Computing and Services
    • /
    • v.22 no.6
    • /
    • pp.71-81
    • /
    • 2021
  • This paper examines the ongoing research on ways to improve cybersecurity during the entire life cycle of weapons systems applied in advanced countries such as the United States, analyzes restrictions on obtaining domestic weapons systems, and presents effective security evaluation measures. By consistently performing mission-based risk assessment in the cybersecurity test and evaluation plan suitable for domestic circumstances at all stages of acquisition, important information is provided to major decision-making organizations in a timely manner to support decision-making, and to respond to identified vulnerabilities in cybersecurity. It is proposed to set the rules of engagement so that the protection measures can be verified, and a simulated invasion is proposed. In addition, the proposed cybersecurity test and evaluation system was compared with the domestic weapon system test and evaluation. Through this, the mission-based risk assessment element was grafted into the cybersecurity test and evaluation system research conducted so far to identify risks in a timely manner between acquisition projects, thereby supplementing the capability to support major decision-making.

Research for Construction Cybersecurity Test and Evaluation of Weapon System (무기체계의 사이버보안 시험평가체계 구축방안 연구)

  • Lee, Ji-seop;Cha, Sung-yong;Baek, Seung-soo;Kim, Seung-joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.3
    • /
    • pp.765-774
    • /
    • 2018
  • As the IT technology develops, the military information system develops to the current IT environment for efficient operation and rapid communication, and the threat of cyber attack against the advanced weapon system using network technology is increasing simultaneously. In order to prevent and mitigate these problems, the United States has applied the cybersecurity test evaluation system from the beginning to the beginning of weapon system development. However, in Korea, the evaluation process of cyber security test is weak, and there is concern about the damage due to cyber attack. In this paper, we analyze cybersecurity test evaluation status of U.S. and domestic weapon systems and propose a solution to the problem of cybersecurity test evaluation system.

A Study on Establishment of Evaluation Criteria for Anti-Virus Performance Test (Anti-Virus 성능 시험을 위한 평가 기준 수립 연구)

  • Jeongho Lee;Kangsik Shin;Youngrak Ryu;Dong-Jae Jung;Ho-Mook Cho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.5
    • /
    • pp.847-859
    • /
    • 2023
  • With the recent increase in damage caused by malcious codes using software vulnerabilities in Korea, it is essential to install anti-virus to prevent malicious codes, However, it is not easy for general users to know which anti-virus product has good performance or whether it is suitable for their environment. There are many institutions that provide information on anti-virus performance outside of korea, and these institutions have established their own test environments and test evaluation items, but they do not disclose detailed test environment information, detailed test evaluation items, and results. In addition, existing quality evaluation studies are not suitable for the evaluating the latest anti-virus products because there are many evaluation criteria that do not meet anti-virus product evaluation. Therefore, this paper establishes detailed anti-virus evaluation metrics suitable for the latest anti-virus evaluation and applies them to 9 domestic and foreign anti-virus products to verify the functions and performance of anti-viruses.

Research of Cyber Security Function Test Method for Digital I&C Device in Nuclear Power Plants (원자력발전소 디지털 제어기의 사이버보안 기능 적합성 시험방법 연구)

  • Song, Jae-gu;Shin, Jin-soo;Lee, Jung-woon;Lee, Cheol-kwon;Choi, Jong-gyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.6
    • /
    • pp.1425-1435
    • /
    • 2019
  • The expanded application of digital controls has raised the issue of cyber security for nuclear facilities. To cope with this, the cyber security technical standard RS-015 for Korean nuclear facilities requires nuclear system developers to apply security functions, analyze known vulnerabilities, and test and evaluate security functions. This requires the development of procedures and methods for testing the suitability of security functions in accordance with the nuclear cyber security technical standards. This study derived the security requirements required at the device level by classifying the details of the technical, operational and administrative security controls of RS-015 and developed procedures and methods to test whether the security functions implemented in the device meet the security requirements. This paper describes the process for developing security function compliance test procedures and methods and presents the developed test cases.

산업 제어시스템 보안성 평가제도 동향

  • Kim, Woonyon;Park, Eung-Ki;Kim, Sin-Kyu;Jee, Yoon-Seok
    • Review of KIISC
    • /
    • v.29 no.2
    • /
    • pp.5-15
    • /
    • 2019
  • 산업 제어시스템 보안 취약점 발견의 증가, 사이버보안 사고로 인한 정전과 같은 물리적 피해 발생, 4차 산업혁명으로 확산되는 스마트공장 및 스마트시트의 산업 제어시스템 네트워크 연계 증가 등으로 인해 산업 제어시스템에 대한 보안위협이 급증하고 있으며, 이에 대한 보안대책이 요구되고 있다. 본 논문에서는 산업 제어시스템 구성요소에 대한 보안 내재화를 유도하고, 산업 제어시스템의 도입, 운영, 유지보수 과정에서 사이버보안을 고려할 것을 요구하는 산업 제어시스템 보안성 평가제도의 동향에 대해서 설명한다. 구체적으로는 미국, 일본, 프랑스 등의 국가기관, ISA, IEC, UL 등과 같은 국제 표준화 기구, $T{\ddot{U}}V$ $S{\ddot{U}}D$, exida와 같은 글로벌 시험기관, GE와 같은 제조사에서 실시하고 있는 산업 제어시스템 보안성 평가제도를 설명하고, 평가제도를 분류하여 특성을 파악할 수 있도록 제시하였다.

A Study on Establishment of Evaluation Criteria for Mobile Anti-Birus Performance Test (모바일 Anti-Virus 성능 시험을 위한 평가 기준 수립 연구)

  • Jeongho Lee;Kangsik Shin;Youngrak Ryu;Dong-Jae Jung;Ho-Mook Cho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.5
    • /
    • pp.1101-1113
    • /
    • 2024
  • With the recent increase in hacks targeting smartphones, users are becoming increasingly anxious about the security of their smartphones. Using a mobile anti-virus is one of the best ways to reduce this anxiety. However, there aren't many ways for users to learn about mobile anti-virus performance and features. While there are certification organizations that conduct annual performance evaluations of mobile anti-virus products and make them publicly available, they don't disclose the specifics of their testing methods and detailed results. In addition, previous quality evaluation studies are not suitable for evaluating modern mobile anti-viruses due to the existence of evaluation criteria that are not suitable for mobile anti-virus product evaluation or lack of validation. Therefore, this paper establishes detailed mobile anti-virus evaluation metrics suitable for the evaluation of modern mobile anti-viruses and applies them to 10 domestic and international mobile anti-virus products to verify the validity of the established evaluation metrics.

보안 평가, 시험 및 규격에 대한 국제 표준화 동향: ISO/IEC 15408, 18045 개정 로드맵 중심으로

  • Kwangwoo Lee
    • Review of KIISC
    • /
    • v.33 no.4
    • /
    • pp.111-116
    • /
    • 2023
  • 사이버 보안 기술, 위협 및 대응책이 진화함에 따라 정보보호 관련 국제 표준도 지속적인 개정이 필요하다. 특히 ISO/IEC JTC 1/SC 27 (정보보안, 사이버보안 및 프라이버시)에서는 현재까지 233개 표준 출판이 완료되었으며, 65개 프로젝트가 활발하게 진행되고 있다. 본 논문에서는 ISO/IEC JTC 1/SC 27 산하 WG 3 작업반에서 진행되고 있는 보안평가, 시험 및 규격 표준 중에서 IT 보안 평가에 활용되고 있는 ISO/IEC 15408, ISO/IEC 18045을 중심으로 표준화 진행 현황과 향후 개정 추진 방향에 대해 살펴보고자 한다. 또한, 2023년 4월에 열린 ISO/IEC JTC 1/SC 27/WG 3 작업반 회의에서 논의된 주요 표준화 이슈와 대응 방안을 제시한다.

A Study on the Development and Application of Efficient Evaluation Criteria for Performance Testing of Commercial Open Source Vulnerability Scanning Tools (상용 오픈소스 취약점 스캐닝 도구의 성능 시험을 위한 효율적 평가 기준 개발 및 적용)

  • Shin, Kangsik;Jung, Dong-Jae;Choe, Min-Ji;Cho, Ho-Mook
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.4
    • /
    • pp.709-722
    • /
    • 2022
  • The recent "Log4j Security Vulnerability Incident" has occurred, and the information system that uses the open source "Log4J" has been exposed to vulnerabilities. The incident brought great vulnerabilities in the information systems of South Korea's major government agencies or companies and global information systems, causing problems with open source vulnerabilities. Despite the advantages of many advantages, the current development paradigm, which is developed using open source, can easily spread software security vulnerabilities, ensuring open source safety and reliability. You need to check the open source. However, open source vulnerability scan tools have various languages and functions. Therefore, the existing software evaluation criteria are ambiguous and it is difficult to evaluate advantages and weaknesses, so this paper has developed a new evaluation criteria for the vulnerability analysis tools of open source

Real-time hacking, detection and tracking ICT Convergence Security Solutions Test and Evaluation (실시간 해킹, 탐지 및 추적관리 ICT 융합 보안 솔루션 시험평가)

  • Kim, Seung-Bum;Yang, Hae-Sool
    • Journal of Digital Convergence
    • /
    • v.13 no.4
    • /
    • pp.235-246
    • /
    • 2015
  • Understanding the various unspecified hacking and repeated cyber DDoS attacks, finally was able to find a solution in the methods of attacks. Freely researching approach that combines the attacker and defender, offensive and defensive techniques can be called a challenge to discover the potential in whimsy. In this paper we test and evaluate "KWON-GA", global white hackers team has made by many years of experiences in infiltration and diagnosis under guise of offence is the best defence. And it is knowledge information ICT Convergence security solution which is developed for the purpose of defence, it provide customization policy that can be fit to customer's system environment with needed techniques and it is processed with unique proprietary technology so that it's not possible to scan. And even if it has leaked internally it's impossible to analyze so hackers can't analyze vulnerability, also it can't be abused as hacking tools.

A Study on the Strategy for Improvement of Operational Test and Evaluation of Weapon System and the Determination of Priority (무기체계 운용시험평가 개선전략 도출 및 우선순위 결정)

  • Lee, Kang Kyong;Kim, Geum Ryul;Yoon, Sang Don;Seol, Hyeon Ju
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.177-189
    • /
    • 2021
  • Defense R&D is a key process for securing weapons systems determined by mid- and long-term needs to cope with changing future battlefield environments. In particular, the test and evaluation provides information necessary to determine whether or not to switch to mass production as the last gateway to research and development of weapons systems and plays an important role in ensuring performance linked to the life cycle of weapons systems. Meanwhile, if you look at the recent changes in the operational environment of the Korean Peninsula and the defense acquisition environment, you can see three main characteristics. First of all, continuous safety accidents occurred during the operation of the weapon system, which increased social interest in the safety of combatants, and the efficient execution of the limited defense budget is required as acquisition costs increase. In addition, strategic approaches are needed to respond to future battlefield environments such as robots, autonomous weapons systems (RAS), and cyber security test and evaluation. Therefore, in this study, we would like to present strategies for improving the testing and evaluation of weapons systems by considering the characteristics of the security environment that has changed recently. To this end, the improvement strategy was derived by analyzing the complementary elements of the current weapon system operational test and evaluation system in a multi-dimensional model and prioritized through the hierarchical analysis method (AHP).