04.an Information Security Engineering Paradigm for Overcoming Information Security Crisis

7/31/2019 04.an Information Security Engineering Paradigm for Overcoming Information Security Crisis

1/9

An Information Security Engineering Paradigm for Overcoming Information

Security Crisis

Yeun-hee Jei, Ick-whan Bae, Sung-ja Choi and Gang-soo Lee

Dept of Computer Engineering,Hannam University, Dae-jeon, 306-791, KOREA

[email protected]

Abstract

The information security crisis should be over-

came by means of information security engineering

paradigm. However, definition, approach andparadigm on security engineering are not clear yet. Inthis paper we survey on definitions on security

engineering, and propose a new definition andparadigm. Approaches and research topics on securityengineering, to overcome the security crisis, modeled

and described. Results of paper are useful forestablishing consensus on security engineering in

community of information security and cryptography.

1 Introduction

An information security engineering is becomesfrequently and confusingly used terminology incomputer engineering, software engineering and Webengineering community. However, meaning of theterminology is so various that there has confusion insecurity community according to user's context,viewpoint and background. Thus we need commondefinition on security engineering, as well as newsecurity engineering paradigm and technologies.

Moreover, it is very hard to distinct the differencebetween computer science and computer engineeringas well as the difference between security science (orcryptography) and security engineering. Subjects ofcomputer and information security are so inter-

disciplinary subject that they can not be easilyclassified into science or engineering.Information security, especially, is an inter-

disciplinary subject that converged from computer,mathematics, physics, law, physiology, and so on.Stakeholders in information security area, such asresearcher, developer, policy maker, manager,administrator, adviser, and so on, have so various

viewpoints, paradigms and technical back-grounds thatthere is the communication problem among thestakeholders.

To cope with those problems, we survey definitionsand paradigms ofsecurity engineeringand propose a

new definition and paradigm of security engineering interms of the security crisis and software engineering.Than we model and propose research topics on securityengineering. Our research object is to firmly constructdisciplinary structure of the subject of securityengineering.

Problem of security crisis, that is a motivationalstatus for development of security engineering, is

presented in Section 2. Research result, definition andparadigm on security engineering are presented inSection 3. Model and propose research topics are

presented in Section 4. Finally, Section 5 hasdiscussion and conclusion.

2 The Security Crisis

2.1 The software crisis and the web crisisSoftware engineering, which is composed of

Structured Software Engineering (SSE), Object-oriented Software Engineering (OOSE), andComponent-based Software Engineering (CBSE), is atechnology for overcome the status ofsoftware crisis inlate of 1960's [1]. However, the software crisis is notover-come yet. Note that the software crisis meansstatue of delaying, over-costing and poor quality indevelopment of software and increasing maintenancecost.

In late of 1990's, there happened the statue of the

web crisis, which means statue of delaying, over-costing and poor quality in development of web system,

because of brute-force development of the web systems.Thus research and development on web engineeringare

beginning by applying software engineeringtechnology,

2006 International Conference on Hybrid Information Technology (ICHIT'06)0-7695-2674-8/06 $20.00 2006


2/9

management, economics, psychology, industrial design,etc [2], [3], [4]. For example, optimal (cost-effective)

decision of the capacity of web and DB server,response-time, number of concurrently connectingusers, size of communication bandwidth are activity onweb engineering Fig. 1 presents three crisis andrelationship among software engineering, webengineering and security engineering

2.2 The security crisisMany of security product (e.g., firewall, VPN, IDS)

and security system, that is an integrated andimplemented information system by using security

products, has been developed without systematic andformal requirement analysis/modeling, design,implementation and test phase. Developer's major

target is only implementation (coding) of product. Thus,they did not use engineering (especially, softwareengineering) technology, resulting poor formalityof product and documentation.

Additionally, many of developers developed securityproduct without quality (i.e., security) management bymeans of their implementation skill (e.g., using ofvisual tool, cryptographic library, DB connectivitylibrary, Web application). Thus it is hard to securityassurance. Most of security system implemented byusing cryptographic library or component (e.g.,cryptographic modules in OpenSSL), non-assuredcommercial software development tool (e.g., JBuilder,Power Builder, Visual Basic, Delphi, and so on) and

various library (communication, DB connectivity, GUI,cryptographic library).

Therefore, there are the following problems: deteriorating in quality of information security

product and system: poor security, availability,reliability

declining in productivity of the product: excess anddelay of development cost and time

increasing maintenance cost: decrease security due tomodification and changing

over-protecting: protection cost is larger than value ofasset to be protected

Those problems are phenomenon ofsecurity crisis,which is similar to conventional software crisis andweb crisis. Thus, security engineering technology isstrongly needed to overcome the security crisis, as ifsoftware engineering and web engineering are toovercome the software and web crisis, respectively.

3 Definition and Viewpoint of Security

Engineering

3.1 Conventional definitions of security engineeringHowe firstly had used the term security

engineering in 1992 with following definition:System security engineering is defined as anempirically based methodology for composing andevaluating systems within a structure of standards andwhich encompasses operation as well as planningdesign implementation and operation [5].

We have surveyed definition and approach ofsecurity engineering in the following references: Howe[5], Anderson [6], SSE-CMM (System SecurityEngineering- CMU Maturity Model) [7], OPF (OpenProcess Framework) [10, ISSE (Information SystemsSecurity Engineering) [11], Wikipedia [9], Devanbu-Stubblebine-Shreyas [13], [14], Vaughan-Henning [15],Scheumacher [16], Amoroso [17]. Kim-Kwon [26].

Definitions in the references have listed in a paper[25]. From analysis of the conventional definitions,common approach of security engineering fromconventional definitions is shown in Table 1.

Table 1. Common approach of conventional securityengineeringdefinitions



3/9

common approach of securityengineering

definitions

Evolving discipline: There in no commondefinition on Security Engineering.Security engineering is an evolvingdiscipline. As such, a precise definition

with community consensus does not existtoday.

all

Whole life-cycle: Security engineeringcovers overall development process (life-cycle)

Howe, Anderson,SSE-CMM,

ISSE, Vaughan-Henning

Risk management: Security engineering isthe same approach as riskmanagement(identification, evaluationanalysis)

OPF, SSE-CMM,Vaughan-Henning,

Scheumacher)

Engineering: Security engineering has the"the principle of optimality" and thecost-effective solutions.

Scheumacher,OPF

Inter-disciplinary subject: Securityengineering is an inter-disciplinary

subject technology from computerengineering/science, cryptography,mathematics, physics, law, economics,

physiology, and so on.

Anderson, SSE-CMM, Wikipedia

Software engineering approach: Securityengineering is an application of bothsystem engineering and softwareengineering.

Anderson, SSE-CMM, Devanbu-

Stubblebine-Shreyas,

Vaughan-

Henning, Kim-Kwon

3.2 A new definition of security engineeringSecurity engineering is defined by a set of

methodologies and technologies for fast and cheapdevelopment and operation (i.e. maintenance) of highquality (i.e., security) security systems (or informationsecurity systems) by means of applying cryptology,information security technology and softwareengineering.

Security engineering covers all phases of life-cycle,those are requirement analysis, design, implementation,testing, maintenance phase, of development of asecurity system. Note that security engineering is asystematic development technology forsecurity system.The security system is a information system that isdeveloped by using security products such as intrusiondetection system, Firewall, smart card, computer virusvaccine product.

3.3 View on security engineering(1) Common objects of engineering

Most of engineering subjects, including securityengineering, electrical, mechanical, civil, chemical,system and bio-medical engineering, have thefollowing common objects:

Standard and assurance: All material, process,product, quality should be standarded by standardorganizations (e.g., ISO/IEC, ANSI, BS, KS, JIS) and

be assured by evaluation and certification authority.For example, in security engineering, cryptographic

algorithms (e.g., DES, AES, and so on) andcryptographic protocols (e.g., SET, SSL), should bestandarded and assured.

Quantification: Development and maintenance costand time, quality of product and man-month should bequantifiably measured. Thus they can be controlledand managed. In security engineering, evaluationassurance level, risk level, reliability and securitystrength should be quantifiably measured.

Cost-effective: We should maximize the return ofinterest which is the principle of economics.

User centric: Output or product should be useful forend user.

Effectiveness: All solutions should be practical andfeasible, even they are not optimal solution.

Documentation: All material, process, product,quality should be formally documented.

(2) Relating technologySecurity engineering technology has the following

relating technologies: Information security technology: cryptography,cryptographic protocol, security service (e.g., non-repudiation, authentication, access control, and so on)and conventional information security technology

Software engineering technology: architecturetechnology for cryptographic object or component

Security evaluation technology: information securitysystem evaluation (or assessment) and authentication

technology Security management technology: organization'ssecurity management technology, security policytechnology, risk evaluation technology, and so on.Additionally there are two approaches on security

engineering and software engineering Security engineering for software: Securityengineering and cryptographic technologies are usedfor the purpose of protecting source code of software.Copyright protection technology such as digitalwatermark, DRM technology, and so on is theexample.

Software engineering for security: It is narrow viewon security engineering. Conventional software

technologies are applied to security engineering. Notethat security engineering is an instance of softwareengineering.

(3) Principles on security engineering Minimization of development cost and developmentduration in a security product development.



4/9

Maximization of quality (security, usability,maintainability, and so on) of a developed security

product. Providing just as much as needed assurance level andsecurity function in security system construction.

Obtain maximum security strength by using minimumcost in security system construction.

4. Approaches on Security engineering

4.1 Security requirement engineeringIn software engineering paradigm, a requirement

engineeringis defined as follows [28]: The process ofstudying user needs to arrive at a definition of system,HW, or SW requirements....[where a requirement is

defined as] A condition or capability needed by a

user to solve a problem or achieve an objective; A

condition or capability that must be met or possessedby a system or system component to satisfy a contract,

standard, specification, or other formally imposeddocument; a documented representation of a

condition or capability as in or.

Additionally, requirement engineering process has

the following processes [1]: Feasibility study:

generate a feasibility report, Requirements

elicitation and analysis (i.e., generate a system model):discovery (by means of view point, interview,scenarios, Use-case, etc.), classification andorganization, prioritization and negotiation,

documentation, Requirement specification: generate

a user and system requirement , Requirement

validation: validity check, consistency check,

completeness check, realism check, verifiabilityIn security engineering paradigm, the securityrequirement engineering means that systematic andengineering method are used in analyzing securityfunctional and assurance requirement and developing aSecurity Functional Requirement Specification (SFRS).The SFRS is regarded as a Security Target (ST) thatdeveloped by conforming and using a ProtectionProfile (PP) [18].

Security requirement engineering is consisted of

security environment analysis, selection of security

object and security function, specification of

SFRS/PP/ST, which are comparable to feasibility

study, requirements elicitation and analysis,

requirement specification, respectively, in therequirement engineering process [1].

(1) Security environment analysis (risk analysis)It is consisted of asset value evaluation, threat and

vulnerability analysis, security policy development.Asset value evaluation: classify and estimate type and

value of asset that to be protected by information

security product/system. We should develop areasonable asset classification schema forclassifying type of assets, as well as an efficient assetvalue estimation method [19]. Note that, in insurancefield and new technology market, there are many

applicable research results on asset value estimation. Threat analysis: Threat or attack scenario (orprocedure, algorithm, scenario) is specified andanalyzed by using threat and attack models such asattack tree [24], Petri net, mis-use case diagram.Result of the threat analysis is vulnerability(weakness), technical complexity level, resultingdamage level, and likely-hood level of threat (attack)

Development of organizational security policy:Security policy template for similar organizationsthat have similar security environment has beendeveloped in computer network community orgovernment such as SAN. Each organization easilyderives a security policy by customizing the template.A security policy simulation method should beresearched, because the pre-evaluation of the policy isimportant. In this case, specification of security policymust be formal, simulative and executable. Nothat Petri net is a recommended security policyspecification model since it is formal, simulative andexecutable.

(2) Security object and security function selection

Given results of security environment analysis,protecting asset to be protected, value of the asset andthreat, we must drive security objects. Then we mustdrivesecurity function (or countermeasure, control) toaccomplish the security objects. Security functionincludes physical, technical, managerial

countermeasure. Recall that the word function, (i.e.,IT based information security function) is generallyused in security product evaluation context such as CC.Instead, word control is used in security managementof operational system such as C&A and ISMS, Security Function Selection Problem: This is aproblem for optimal selection (design) of securityfunctions or controls in context of securityengineering. Problem is described as follow:

maximize PiXi

subject to WiXi Y

where, Pi: profit of feasible security function iXi : usage portion of feasible security function i

(e.g., 0%, 60%, 100%)Wi : acquisition and operation cost of feasible

security function iY: Total security related budget (constraint)

Note that feasible security function i is a functionthat does not violate security policy and operationalenvironment (e.g., network, OS, hardware). IfXi hasonly 0% or 100% (i.e., non-dividable), then it is 0/1knapsack problem (i.e., NP-complete problem), else it



5/9

isgeneral knapsack problem (i.e., optimal solution canbe obtained by using a polynomial time algorithm).

Generally a security function i can not be divided,(i.e. Xi is 0% or 100%), thus the Security Functionselection problem is a 0/1 knapsack problem that is

optimal solution can be obtained by a non-deterministicpolynomial time algorithm. Optimal solution can beobtained only if numbers of feasible security functionsis small (e.g., 10 ~ 20)

(3) Specification ofPP, ST and SFRS

Results of Security environment analysis andsecurity object and security function selection should

be formally specified in SFRS, PP or ST. Note that PPis common security function and assurancerequirement for a type of security product such asSmartcard OS, VPN, Firewall and DBMS. ST is thoseof specific security products such as Multos, Oracle 9iand Windows CE. Finally, SFRS is those of specificinformation system such as Hannam university.

Most of PP, ST and SFRS are specified by semi-formal and textual form. Thus we need more formal,executable and verifiable specification and modelingmethod such as security context UML (mis-use casediagram).

Aspect oriented requirement analysis andspecification is a recommended research topic onsecurity requirement analysis [23]. Note that aspectoriented paradigm, based on separation, localizationand cross-cutting concern, is useful for analysis,design an implementations of reliability, security,caching, synchronization function. The concern is arequirement function, aspect is a modular unitdesigned to implement a concern.

4.2 Security architecture and pattern(1) Security architecture

In security engineering context,security architecturedesign is a problem described below: Given a set ofsecurity component or module (e.g., firewall, VPN, andso on) that performs unit security function (e.g., accesscontrol, authentication, and so on), and their costs,evaluated assurance levels (EAL) and security strength,we must integrate, organize and construct an optimal

security architecture that has maximal security byusing minimal cost.

Security architecture design is comparable to Legoblock. Quality of architecture can be measured by

means of evaluating coupling (i.e., interfacecomplexity) between components and cohesion ofinternal of a component.

Coupling: the manner and degree of interdependencebetween software modules: data > stamp > control >common > contents (Where, data, stamp, controlcoupling is call coupling. A > B: A is more desirablethen B)

Cohesion (=module strength): the manner and degreeto which the task performed by a single softwaremodule are related to on another: functional >sequential > communicational > temporal > logical(procedural) > coincidentalA security architecture is modeled and analyzed by a

Security Block Diagram (SBD).SBD = < N, E >

Where node N is a set of security functional block,module, component or product (security function, non-security function, evaluation result are designated).Types of node are security, interface and non-securitynode. E is a set of edge (interfaces or link amongnodes) between two relating nodes. Types of edge,modeling interface between two nodes, are security andnon-security edge. SBD is useful for estimation of overall EAL or strength of a security system that composed

by evaluated security components. Further study on theanalysis method for SBD is needed.

(2) Security pattern

Security pattern is application of conventionalresearch ofsoftware pattern (a subject in component

base software engineering). There are many researchresults on security pattern in(http://www.securitypatterns.org/). Major subjects of

security pattern are development of an efficient

security pattern description language (e.g., UMLsec in

http://www4.in.tum.de/~umlsec/),

development ofefficient security pattern repository(data base) and

pattern mining method, development of new and

reusable security patterns [16].

4.3 Security implementation(1) Security functional structure in programming

languages

In modern general purpose high level programminglanguage such as Java and C#, there are manyfunctional structures such as exception handling and



6/9

monitor structure. They are useful for concurrentprogramming and fault tolerant programming those arenecessary problems in modern computingenvironments (e.g. parallel, concurrent, distributed,high availability, real-time).

Security monitorandsecurity exception handlerarepossible extensions of conventional monitor andexception handler. Recall that monitor is a modularunit to implement concurrency control function (e.g.,mutual exclusion and synchronization). Securitymonitor is a new modular unit to implement securityfunction (e.g., data/variable level information flowcontrol and access control). Security exception handleris another extended exception handling structure thathas security exception.

(2) Secured programmingRecall that Dijkstras structured programming was

influenced to software engineering (especiallystructured programming). Pascal, C and Java aretypical structured programming languages.We can research secured programming is by

extending the structured programming concept. One ofthe successful research result is secure programmingfor Linux and Unix of David A. Wheeler [29]. He

provides a set of design and implementation guidelinesfor writing secure programs for Linux, Unix systemsand C, C++, Java, Perl, PHP, TCL and Ada95 (e.g.

preventing buffer overflow). Such programs includeapplication programs used as viewers of remote data,web applications (including CGI scripts), networkservers, and setuid/setgid programs.

(3) Runtime security

Security mechanism (e.g., byte code verifier) in Javais regarded as "white box" run-time securitymonitoring mechanism. That is more secure thanMicrosoft's activeX control authentication approach

(i.e., "black box" approach) even Java has lowerusability than authentication approach. Further researchis needed in this area.

4.4 Security assurance

(1) Security test and verificationSecurity testing is an activity of demonstrating that asecurity system or product is not incorrectly developedin conformance to a Security Functional RequirementSpecification (SFRS) (or PP, ST) by using the testcase or penetration test scenario. We need testingengine that automatically generate the test case or

penetration test scenario from SFRS and test andanalyze.

(2) Security validationSecurity validation is an activity of demonstrating

that a SFR (or PP, ST) is really reflected securityrequirements and environment. PP and ST evaluation

in CC evaluation are example of the security validation.Acceptance test, system level evaluation, operationalevaluation, certification and authentication are can beregarded as the security validation.

(3) Security evaluation model

A scheme of information security evaluationconsisted of evaluation criteria, deliverables, andevaluation tools as shows in Figure 3. For each atomic(i.e., non dividable) criteria ci, deliverable di and tool tiare inputs of an atomic evaluation method mi . Resultsof all mi are merged to final resultR.

Result of RL is a function of DL, CL as shows below:

RL = MT(DL, CL)



7/9

RL = {r1, r2, r3, ...., rm} : set of result of evaluation (ri= path, fail, unconclusion) (Example of verdictrule: If at least an ri is unconclusion, then R =unconclusion, else If at least an ri is fail then R=fail else R = pass.

M = {m1, m2, m3, ...., mn} : a set of evaluationmethod

T = {t1, t2, t3, ...., tp} : a set of evaluation tools (e.g.,static analyzer, verifier, test tools)

D = {d1, d2, d3, ...., dq}: a set of deliverables (e.g.,structure design, source code, security target)

C = {c1, c2, c3, ...., cs} : a set of evaluationcriteria(e.g., ITSEC, TCSEC, CC)

DL DL+1 .... DLmax = D

CL CL+1 .... CLmax = C

L {level1, level2, ..., levelLmax}: set of

evaluation levelsIt is important to note that, in some security product

and system evaluation schemes, all set of criteria and

deliverables are not used, but subset of them are usedfor each specific Target evaluation assurance level (e.g.,EAL1 ~ EAL7 in CC) [20]. However, in scheme ofinformation security management system such asISO/IEC 17799 and ISO/IEC 21827 (SSE-CMM),whole set of criteria and deliverables are needed.Optimal and cost-effective evaluation criteria,evaluation tool, and form and contents of deliverablesas well as evaluation methods should be developed incontext of security engineering paradigm [7], [21].

(4) Dependability evaluation

As a user of real information system, he shouldconcurrently consider not only security, but also

availability, reliability and safety. Thus evaluationmethod of the dependability is needed [23]. Thedependability is a property of the system that equatesto its trustworthiness. Trustworthiness essentiallymeans the degree of user confidence that the systemwill operate as they expect and the system will notfail in normal use.

Dimensions to the dependability are reliability(correctness, precision, timeliness),safety andsecurity(confidentiality, integrity, availability). Repair-ability,maintainability, survivability and error tolerance areother system properties can also be considered underthe heading of dependability. Technologies on

dependability engineering should be developed incontext of the engineering of security, reliability,safety engineering.

4.5 Security operation, maintenance and

security management(1) Security process reengineering

Conventional information security systems havebeen suffered from maintenance problem and securitydecline problem, which is status of security crisis,

because they developed with out security engineeringdiscipline.

The Security Process Re-engineering (SPR), byapplying Business Process Re-engineering (BPR)approach, detect the problems (e.g., hot spot, criticalregion, vulnerability , and so on) in development andoperational process, then cost-effectively restructure(i.e., re-engineering) a conventional legacy securitysystem. SPR approach, using with reverse-engineeringmethod, is useful for seamless migration from legacysecurity system to a new security system.

(2) Security economics

Recall that as the quality is a function of cost, as thesecurity is a function of cost. Cost-effectivedevelopment and operation of security system areemphasized in security economics. Analysis of

development and operation cost, return of interest(ROI) and earned value (EV) are research topics insecurity economics. Note that, in B. Boehmsssoftware economics, only development andmaintenance cost estimation methods (i.e., COCOMO),in context of software metrics and complexity, areresearched.

In security economics context, suitable (i.e., cost-effective, non-overprotection, non-overlapped) level ofsecurity strength, security function and securityassurance level should be obtained and accomplished.

Following simple principles are axioms in securityeconomics.

A: acquisition and operation cost of a securityproduct (700$)

V: loss cost of asset to be protected (e.g., 1000$) P: profit from a security product

V A and P = V- AThe principle is simple and a matter of course,

however it is not observed. Thus there happensproblem of over-protection and over-cost.

For example, in a small cost e-commerce site if thesite has high strength of security and long key size,then it needs more computing power, bandwidth,operation cost, and customer becomes feeing trouble(in identification and authentication). The e-commerce

site will be closed and remained with much damagecost and complaining customers.Finally, security economics is similar to web turning

that is a subject of web engineering. It deduces cost-effective decision among cryptographic key length, keymanagement cost, communication and cryptographiccomputation overhead, security assurance level, anduser an operator's usability



8/9

(3) Documentation engineering

Recall that software is consisted of program, database and document. Documents (or deliverables) isregarded as visual image of real program and it'sdevelopment history. Therefore, correct, complete andformal documents for a target of evaluation (e.g.,security software product) are needed for securityevaluation and authentication such as CC and CMVPscheme.

Thus, systematic and engineered documentationtechnology, that is documentation engineering, is veryimportant. In documentation engineering, cost-effective, standard and optimal development andmanagement technology of documents such asrequirement specification, PP/ST, design specification,implementation report, test report, configurationmanagement report, and so on, should beresearched. The XML-based documentationengineering technology for security evaluation is ahighly recommended research topic.

5 Conclusion

This paper has the following contributions oninformation security community: Survey of conventional definitions on InformationSecurity Engineering

New definition on ISE and SEE paradigm Definition and use of the "Security Crisis"terminology

Useful guide on information security research such assecurity block diagramThe software engineering is to overcome the

software crisis by using general engineeringtechnology and paradigm, the web engineering is toovercome the web crisis by using software engineering.In those contexts, security engineering is a principle,

paradigm and subject for overcoming security crisis bymeans of software engineering, cryptography, law, andso on.

Relationship between computer engineering(including software engineering) and computer science(including discrete mathematics, theory ofcomputation) is compared to relationship betweensecurity engineering and cryptography. That is,security engineering is a inter-disciplinary subject of

computer engineering/science, mathematics, physics,law, economics, physiology, and so on. Cryptography,however, is based on mathematics. It is important tonote that the information security is a combinedsubject of security engineering and cryptography.

In cryptography approach, we need mathematicallysounded and formal cryptographic algorithms as wellas use analytical problem solving method. In security

engineering approach, however, we need only tosatisfy the 'needed level of security' and numericalanalytical problem solving method. That means weshould not pursuit to perform perfect informationsecurity, which is known as an unsolvable problem, but

pursuit to perform cost-effective information securitythat is a paradigm of security engineering.

When we regard software engineering as a class,security engineering is a derived or instanced objectfrom software engineering. That is security engineeringis an instance of software engineering. Thus, we candevelop security engineering technologies by applyingand customizing software engineering technologies.

The definition and paradigm on security engineering,proposed in this paper, are useful for establishingconsensus on security engineering in community ofinformation security and cryptography, since there isnot yet common and formal definition or approach onsecurity engineering. The research topics andapproaches, proposed in this paper, should be solved

by software engineer as well as security engineer insooner or later

Acknowledgements

This work has been supported by a grant NO ****from Korea Ministry of Commerce Industry andEnergy (Security Engineering Research Center ofHannam University). The authors are supported byfund of the second stage of BK-21 of Korea Ministryof Education and Human Resource Development.

References

[1] I. Sommerville, Software Engineering, 7th ed., Pearson-Addison-Wesley, 2004.

[2] S. Murugesan, Y. Deshpande, S. Hansen and A. Ginige,Web Engineering, A New Discipline for Development ofWeb-based Systems, LNCS 2016, pp. 3-13, 2001 (IEEEMultimedia)

[3] Gang-soo Lee, Digital contents paradigm, Journal ofKISS, Korea, 19-2, Feb. 2001.

[4] Soo-jin Chang, Gang-soo Lee, Web engineering for webbased information system - Web modeling anddevelopment process, Journal of KISS, Korea, 21-3,

pp.51-59, March 2003.[5] Howe, D. Information System Security Engineering:

Cornerstone to the Future, Proceedings of the 15thNational Computer Security Conference, Baltimore, MD,Vol. 1, October 15, 1992. pp. 244-251.

[6] Ross J. Anderson, Ross Anderson, Security Engineering -A Guide to Building Dependable Distributed Systems,Wiley&Sons, 2001.

[7] SSE-CMM Architecture -Model Description Document,Version 3.0, June 2003.



9/9

04.an Information Security Engineering Paradigm for Overcoming Information Security Crisis

Documents

Transcript of 04.an Information Security Engineering Paradigm for Overcoming Information Security Crisis