| ÇѱÛÁ¦¸ñ(Korean Title) |
ÀÎÅÍ³Ý ¹ðÅ· ½Ã½ºÅÛ °ü·Ã Ç¥ÁØ ºÐ¼® ¹× º¸È£ÇÁ·ÎÆÄÀÏ °³¹ß¿¡ °üÇÑ ¿¬±¸ |
| ¿µ¹®Á¦¸ñ(English Title) |
A Study of Protection Profile and Analysis of Related Standard for Internet Banking Systems |
| ÀúÀÚ(Author) |
Á¶Çý¼÷
±è½ÂÁÖ
¿øµ¿È£
Haesuk Jo
Seungjoo Kim
Dongho Won
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 17-C NO. 03 PP. 0223 ~ 0232 (2010. 06) |
Çѱ۳»¿ë
(Korean Abstract) |
ÀÎÅͳÝÀÇ ¹ß´Þ·Î ±âÁ¸ÀÇ ¸¹Àº ¿ÀÇÁ¶óÀÎ ¼ºñ½º°¡ ¿Â¶óÀÎ ¼ºñ½º·Î È®ÀåµÇ¸é¼ ±ÝÀ¶ °Å·¡ ¼ºñ½º ¿ª½Ã Æí¸®¼ºÀ» ÀÌÀ¯·Î ÀÎÅÍ³Ý ¹ðÅ· ½Ã½ºÅÛÀ» ÅëÇØ ¼ºñ½º°¡ Á¦°øµÇ°í ÀÖ´Ù. ÇÏÁö¸¸ ÀÎÅÍ³Ý ¹ðÅ· ½Ã½ºÅÛ °³¹ß °úÁ¤¿¡¼ º¸¾È¼º¿¡ ´ëÇÑ °í·Á°¡ ºÎÁ·ÇÏ¿© ¿©·¯ º¸¾È ¹®Á¦Á¡À» °®°í ÀÖ°í ½ÇÁ¦·Î ÀÎÅÍ³Ý ¹ðÅ· ½Ã½ºÅÛ¿¡ º¸¾È »ç°ÇµéÀÌ ºó¹øÇÏ°Ô ÀϾ°í ÀÖ´Â ½ÇÁ¤ÀÌ´Ù. ÀÌ·± ¹®Á¦Á¡À» ÇØ°áÇϱâ À§ÇÏ¿© ±ÝÀ¶±â°üÀº ISO 20022, ISO/IEC 27001, ISO/IEC 9789, ISO/IEC 9796 µîÀÇ ±¹¿Ü Ç¥ÁØ°ú À¥ ȯ°æ ±¸Ãà ¹× ¿î¿µÀ» À§ÇÑ º¸¾È°ü¸® Áöħ, ÀüÀÚ»ó°Å·¡ Ç¥ÁØÈ ·Îµå¸Ê µî ±¹³» Ç¥ÁØÀ» Àû¿ëÇÏ°í ÀÖÁö¸¸ ÀÎÅÍ³Ý ¹ðÅ· ½Ã½ºÅÛ¿¡ °üÇÑ º¸¾È¿ä±¸»çÇ× µîÀÌ Á¦´ë·Î °í·ÁµÇÁö ¾Ê¾Æ ¿©ÀüÈ÷ Ãë¾à¼ºÀÌ ¹ß»ýÇÏ°í ÀÖ´Ù. º» ³í¹®¿¡¼´Â ±âÁ¸ Ç¥Áص鿡 ´ëÇؼ ¼³¸íÇÏ°í ÀÎÅÍ³Ý ¹ðÅ· ½Ã½ºÅÛ¿¡ ´ÜÀÏ Ç¥ÁØ Àû¿ë½Ã º¸¾ÈÀ» º¸ÁõÇÏÁö ¸øÇÏ´Â ÀÌÀ¯¿¡ ´ëÇؼ »ìÆ캻´Ù. ¶ÇÇÑ ÀÎÅÍ³Ý ¹ðÅ· ½Ã½ºÅÛÀÇ Ãë¾à¼ºÀ» ¼³¸íÇÏ°í º¸¾È±â´ÉÀ» ºÐ¼®ÇØ ±× Ư¡¿¡ ¸Â´Â º¸¾È±â´É ¿ä±¸»çÇ×À» µµÃâÇÏ°í À̸¦ ÅëÇØ °øÅëÆò°¡±âÁØ V3.1À» Âü°í·Î ÇÏ¿© ÀÎÅÍ³Ý ¹ðÅ· ½Ã½ºÅÛÀÇ º¸¾ÈÀ» °ÈÇϱâ À§ÇØ Æ¯ÈµÈ º¸È£ÇÁ·ÎÆÄÀÏÀ» Á¦¾ÈÇÑ´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
Due to the advance of Internet, offline services are expanded into online services and a financial transaction company provides online services using internet baning systems. However, security problems of the internet banking systems are caused by a lack of security for developing the internet banking systems. Although the financial transaction company has applied existing internal and external standards, ISO 20022, ISO/IEC 27001, ISO/IEC 9789, ISO/IEC 9796, Common Criteria, etc., there are still vulnerabilities. Because the standards lack in a consideration of security requirements of the internet banking system. This paper is intended to explain existing standards and discusses a reason that the standards have not full assurance of security when the internet baning system is applied by single standard. Moreover we make an analysis of a security functions for the internet baning systems and then selects the security requirements. In this paper, we suggest a new protection profile of the internet baning systems using Common Criteria V.3.1 from the analysis mentioned above. |
| Å°¿öµå(Keyword) |
ÀÎÅÍ³Ý ¹ðÅ· ½Ã½ºÅÛ
º¸È£ÇÁ·ÎÆÄÀÏ
°øÅëÆò°¡±âÁØ
Internet Banking System
Protection Profile
Common Criteria
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
