Digital Library[ Search Result ]
Ontology-based Approach to Determine the Conflicts between Security and Usability Requirements in the Requirements Engineering Process
http://doi.org/10.5626/JOK.2018.45.11.1142
Considering the trade-offs or conflicts between security and usability during the requirements engineering (RE) process is a complicated task. This is due to the contrary characteristics of security and usability as well as a lack of research on finding a consensus on the semantics of quality attributes, especially for security and usability. Furthermore, the number of security experts available is decreasing, while a methodology to determine the conflicts between security and usability during the RE process has not yet been developed. We, therefore, propose a novel approach to construct a three-layer ontological knowledge base by linking the keywords from definitions, criteria, and metrics of security and usability. In addition, we discuss the applicability of this knowledge base by examining two case studies with software engineering (SE) students. These case studies show that the participants using the proposed approach (Team A) can derive conflicts that are more precise compared to the participants who did not use the knowledge base (Team B). Moreover, the number of conflicts derived by Team A is half that by Team B. Regardless of the knowledge level, the proposed approach can determine the conflicts between security and usability during the RE process. Also, while practical RE studies have often been considered difficult to handle, the proposed approach can show the applicability of RE research.
Protocol Analysis and Evaluation of the Transport Layer to Improve Security in a Public Cloud Environment
Jin Sook Bong, Sang Jin Park, Yongtae Shin
http://doi.org/10.5626/JOK.2018.45.1.76
Governments and public agencies try to use the cloud to carry out their work and provide public services. However, a public cloud is vulnerable to security side because it has a structure to support services using public networks (i.e, the internet). Thus, this paper finds the general security vulnerabilities of a network and compares and analyzes the characteristics of transport protocols (UDP, TCP, SCTP, and MPTCP) on the basis of their security vulnerabilities. This paper uses a reliability and security factor for the comparative analysis, evaluates the security exposure, and chooses a suitable protocol considering the security of the transport protocols in the cloud circumstance.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr