• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.865-882
• /
• 2017

To improve passenger convenience and safety, today's vehicle is evolving into a "connected vehicle," which mounts various sensors, electronic control devices, and wired/wireless communication devices. However, as the number of connections to external networks via the various electronic devices of connected vehicles increases and the internal structures of vehicles become more complex, there is an increasing chance of encountering issues such as malfunctions due to various functional defects and hacking. Recalls and indemnifications due to such hacking or defects, which may occur as vehicles evolve into connected vehicles, are becoming a new risk for automakers, causing devastating financial losses. Therefore, automakers need to make voluntary efforts to comply with security ethics and strengthen their responsibilities. In this study, we investigated potential security issues that may occur under a connected vehicle environment (vehicle-to-vehicle, vehicle-to-infrastructure, and internal communication). Furthermore, we analyzed several case studies related to automaker's legal risks and responsibilities and identified the security requirements and necessary roles to be played by each player in the automobile development process (design, manufacturing, sales, and post-sales management) to enhance their responsibility, along with measures to manage their legal risks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.243-250
• /
• 2013

We have entered into an era of smart software system where the many kinds of embedded software, especially SCADA and Automotive software not only require high reliability and safety but also high-security. Removing software weakness during the software development lifecycle is very important because hackers exploit weaknesses which are source of software vulnerabilities when attacking a system. Therefore the coding rule as like core functions of MISRA-C should expand their coding focus on security. In this paper, we used CERT-C secure coding rules for nuclear-related software being developed to demonstrate high-safety software, and proposed how to remove software weakness during development.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.909-928
• /
• 2020

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.280-283
• /
• 2021

SME(small and medium sized enterprise) 환경의 스마트공장 환경에서는 실제 제조라인에서 동작하는 센서(Sensor) 및 액추에이터(Actuator)와 이를 관리하는 PLC(Programmable Logic Controller), 더불어 그러한 PLC를 제어 및 관리하는 HMI(Human-Machine Interface), 그리고 다시 PLC와 HMI를 관리하는 OT(Operational Technology)서버로 구성되어 있으며, 제어자동화를 담당하는 PLC 및 HMI는 공장운영을 위한 응용시스템인 OT서버 및 현장 자동화를 위한 로봇, 생산설비와의 직접적인 연결을 수행하고 있어서 스마트공장 환경에서 보안 기술의 개발이 중점적으로 필요한 영역이다. 이러한 SME 환경의 스마트공장 보안 내재화를 이루기 위해서는, 스마트공장 SW 및 HW 개발 단계에서 IEC 62443-4-1 Secure Product Development Lifecycle에 따른 프로세스 정립 및 IEC 62443-4-2 Component 보안 요구사항과 IEC 62443-3-3 System 보안 요구사항에 적합한 개발 방법론의 도입이 필요하다.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.387-402
• /
• 2020

Conventional automotive development has mainly focused on ensuring correctness and safety and security has been relatively neglected. However, as the number of automotive hacking cases has increased due to the increased Internet connectivity of automobiles, international organizations such as the United Nations Economic Commission for Europe(UNECE) are preparing cybersecurity regulations to ensure security for automotive development. As with other IT products, automotive cybersecurity regulation also emphasize the concept of "Security by Design", which considers security from the beginning of development. In particular, since automotive development has a long lifecycle and complex supply chain, it is very difficult to change the architecture after development, and thus Security by Design is much more important than existing IT products. The problem, however, is that no specific methodology for Security by Design has been proposed on automotive development process. This paper, therefore, proposes a specific methodology for Security by Design on Automotive development. Through this methodology, automotive manufacturers can simultaneously consider aspects of functional safety, and security in automotive development process, and will also be able to respond to the upcoming certification of UNECE automotive cybersecurity regulations.

• International Journal of Computer Science & Network Security
• /
• v.24 no.7
• /
• pp.1-10
• /
• 2024

Software architecture are High-level design decisions shaping a software system's components, structure, and interactions. It can be a blueprint for development, evolution, and ongoing maintenance. This research investigates the communication practices employed by software architects and developers to ensure adherence to the designed software architecture. It explores the factors influencing the selection of follow-up methods and the impact of follow-up frequency on successful implementation. Findings reveal that formalized follow-up procedures are not yet a ubiquitous element within the software development lifecycle. While electronic communication, particularly email, appears to be the preferred method for both architects and developers, physical and online meetings are utilized less frequently. Interestingly, the study suggests a potential confidence gap, with architects expressing concerns about developers' ability to faithfully implement the architecture. This may lead to architects providing additional clarification. Conversely, while most developers reported confidence in their software knowledge, overly detailed architecture documentation may pose challenges, highlighting the need for architects to consider alternative communication strategies. A key limitation of this study is the sample size, restricting the generalizability of the conclusions. However, the research offers valuable preliminary insights into the communication practices employed for architecture implementation, paving the way for further investigation with a larger and more diverse participant pool.

• Nuclear Engineering and Technology
• /
• v.44 no.8
• /
• pp.919-928
• /
• 2012

The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.933-940
• /
• 2015

IT environments such as IoT, SNS, BigData, Cloud computing are changing rapidly. These technologies add new technologies to some of existing technologies and increase the complexity of Information System. Accordingly, they require enhancing the security function for new IT services. Information Security Pre-inspection aims to assure stability and reliability for user and supplier of new IT services by proposing development stage which considers security from design phase. Existing 'Information Security Pre-inspection' (22 domains, 74 control items, 129 detail items) consist of 6 stage (Requirements Definition, Design, Training, Implementation, Test, Sustain). Pilot tests were executed for one of IT development companies to verify its effectiveness. Consequently, for some inspection items, some improvement requirements and reconstitution needs appeared. This paper conducts a study on activation of 'Information Security Pre-inspection' which aims to construct prevention system for new information system. As a result, an improved 'Information Security Pre-inspection' is suggested. This has 16 domains, 54 inspection items, 76 detail items which include some improvement requirements and reconstitution needs.

• Journal of Internet Computing and Services
• /
• v.19 no.6
• /
• pp.133-145
• /
• 2018

Medical systems incurred accidents may result in significant damage for human being. Therefore, performing hazard analysis is important for medical system which is to identify hazard for preventing the accidents and minimizing the potential harm. Hazard analysis that is applied medical systems are difficult to apposite selected, because difference of analysis methods and applied development lifecycle is caused by objective of hazard analysis. It is required to select appropriate hazard analysis at concept phase during development lifecycle, owing to basic requirement elicitation to mitigate or prevent hazard based on identified hazard at concept phase. In this paper, hazard analysis methods, PHA and STPA, are compared at concept phase in which both methods have been applied on the medical system. As a result of compared methods, hazard analyst can be selected optimized hazard analysis methods for concept phase of the medical systems.

• Proceedings of the Korean Institute Of Construction Engineering and Management
• /
• 2007.11a
• /
• pp.77-82
• /
• 2007

This paper discusses on implementation methods for providing data exchange capability of the Construction Project Lifecycle Management System (CPLM). Because most information media currently used in the construction industry are computer files, the system must be capable of handling various file types; however, The goals of PLM cannot be achieved if the contents of the files are communicated freely, which can only be achieved using a standardized information model that has comprehensive coverage of all information produced within the projects (i.e., a BlM). Several methods of adopting the model are investigated here, and a transitional implementation method for K-IFC is suggested, in which a file-based exchange backed by the BlM can evolve into object-level transactions of the BIM with not only advanced data integrity and security, but also improved communications between the project participants.