A Study on Security Requirements of Shipboard Combat System based on Threat Modelling

Journal of the Korea Institute of Military Science and Technology Pub Date : 2023-06-05 DOI:10.9766/kimst.2023.26.3.281

Seong-cheol Yun, Tae-shik Shon

{"title":"A Study on Security Requirements of Shipboard Combat System based on Threat Modelling","authors":"Seong-cheol Yun, Tae-shik Shon","doi":"10.9766/kimst.2023.26.3.281","DOIUrl":null,"url":null,"abstract":"The shipboard combat system is a key system for naval combat that supports a command and control process cycle consisting of Detect - Control - Engage in real time to ensure ship viability and conduct combat missions. Modern combat systems were developed on the basis of Open Architecture(OA) to maximize acceptance of latest technology and interoperability between systems, and actively introduced the COTS(Commercial-of-the-shelf). However, as a result of that, vulnerabilities inherent in COTS SW and HW also occurred in the combat system. The importance of combat system cybersecurity is being emphasized but cybersecurity research reflecting the characteristics of the combat system is still lacking in Korea. Therefore, in this paper, we systematically identify combat system threats by applying Data Flow Diagram, Microsoft STRIDE threat modelling methodology. The threats were analyzed using the Attack Tree & Misuse case. Finally we derived the applicable security requirements which can be used at stages of planning and designing combat system and verified security requirements through NIST 800-53 security control items.","PeriodicalId":17292,"journal":{"name":"Journal of the Korea Institute of Military Science and Technology","volume":"39 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of the Korea Institute of Military Science and Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.9766/kimst.2023.26.3.281","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The shipboard combat system is a key system for naval combat that supports a command and control process cycle consisting of Detect - Control - Engage in real time to ensure ship viability and conduct combat missions. Modern combat systems were developed on the basis of Open Architecture(OA) to maximize acceptance of latest technology and interoperability between systems, and actively introduced the COTS(Commercial-of-the-shelf). However, as a result of that, vulnerabilities inherent in COTS SW and HW also occurred in the combat system. The importance of combat system cybersecurity is being emphasized but cybersecurity research reflecting the characteristics of the combat system is still lacking in Korea. Therefore, in this paper, we systematically identify combat system threats by applying Data Flow Diagram, Microsoft STRIDE threat modelling methodology. The threats were analyzed using the Attack Tree & Misuse case. Finally we derived the applicable security requirements which can be used at stages of planning and designing combat system and verified security requirements through NIST 800-53 security control items.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于威胁建模的舰载作战系统安全需求研究

舰载作战系统是海军作战的关键系统，支持由实时探测-控制-交战组成的指挥和控制过程周期，以确保舰船生存能力并执行作战任务。现代作战系统是在开放体系结构(OA)的基础上发展起来的，以最大限度地接受最新技术和系统之间的互操作性，并积极引入COTS(商用货架)。然而，因此，COTS软件和硬件固有的漏洞也出现在作战系统中。虽然强调了作战系统网络安全的重要性，但反映作战系统特点的网络安全研究仍处于空白状态。因此，本文采用数据流图、微软STRIDE威胁建模方法系统地识别作战系统威胁。利用攻击树和误用案例对威胁进行了分析。最后推导出作战系统规划设计阶段适用的安全需求，并通过NIST 800-53安全控制项目对安全需求进行验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of the Korea Institute of Military Science and Technology

自引率

0.00%

发文量