Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ¼ÒÇÁÆ®¿þ¾î ¹× µ¥ÀÌÅÍ °øÇÐ
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
ÀÚµ¿Â÷ °³¹ß ÇÁ·Î¼¼½º¿¡¼ÀÇ º¸¾È ³»ÀçÈ ¹æ¹ý·Ð |
| ¿µ¹®Á¦¸ñ(English Title) |
A Methodology for Integrating Security into the Automotive Development Process |
| ÀúÀÚ(Author) |
Á¤½Â¿¬
°¼ö¿µ
±è½ÂÁÖ
Seungyeon Jeong
Sooyoung Kang
Seungjoo Kim
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 09 NO. 12 PP. 0387 ~ 0402 (2020. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
±âÁ¸ÀÇ ÀÚµ¿Â÷ °³¹ßÀº ÁÖ·Î Á¤È®¼º(Correctness) ¹× ¾ÈÀü¼º(Safety) È®º¸¿¡ ÃÊÁ¡À» ¸ÂÃß¾î ¿ÔÀ¸¸ç, ÀÌ¿¡ ¹ÝÇØ º¸¾È¼º(Security)Àº ºñ±³Àû ¼ÒȦÇÏ°Ô ´Ù·ç¾îÁ® ¿Ô´Ù. ÇÏÁö¸¸ ÃÖ±Ù ÀÚµ¿Â÷ÀÇ ÀÎÅÍ³Ý ¿¬°á¼ºÀÌ ³ô¾ÆÁü¿¡ µû¶ó ÀÚµ¿Â÷ ÇØÅ· »ç·Ê°¡ Áõ°¡Çϸé¼, À¯¿£À¯·´°æÁ¦À§¿øȸ(United Nations Economic Commission for Europe, UNECE)¿Í °°Àº ±¹Á¦±â°üÀº ÀÚµ¿Â÷ °³¹ß¿¡ ´ëÇÑ º¸¾È¼ºÀ» È®º¸Çϱâ À§ÇØ »çÀ̹öº¸¾È ±ÔÁ¦¸¦ ÁغñÇÏ°í ÀÖ´Ù. ´Ù¸¥ IT Á¦Ç°°ú ¸¶Âù°¡Áö·Î ÀÚµ¿Â÷ »çÀ̹öº¸¾È ±ÔÁ¦¿¡¼ ¶ÇÇÑ °³¹ß ÃʱâºÎÅÍ º¸¾È¼ºÀ» °í·ÁÇÏ´Â ¡°º¸¾È ³»ÀçÈ(Security by Design)¡±ÀÇ °³³äÀ» °Á¶ÇÑ´Ù. ƯÈ÷ ÀÚµ¿Â÷ °³¹ßÀº »ý¸íÁֱⰡ ±æ°í °ø±Þ¸ÁÀÌ º¹ÀâÇϱ⠶§¹®¿¡ °³¹ß ÀÌÈÄ¿¡ ¾ÆÅ°ÅØó¸¦ º¯°æÇÏ´Â °ÍÀÌ ¸Å¿ì ¾î·Á¿ì¹Ç·Î, ÀÚµ¿Â÷ °³¹ß¿¡ ÀÖ¾î º¸¾È ³»ÀçÈ´Â ±âÁ¸ IT Á¦Ç°¿¡ ºñÇØ ÈξÀ ´õ Áß¿ä½ÃµÈ´Ù. ±×·¯³ª ¹®Á¦´Â ¾ÆÁ÷ ÀÚµ¿Â÷ °³¹ß °úÁ¤¿¡ º¸¾ÈÀ» ³»ÀçÈÇÏ´Â ±¸Ã¼ÀûÀÎ ¹æ¹ý·ÐÀÌ Á¦½ÃµÇÁö ¸øÇÏ°í ÀÖ´Ù´Â °ÍÀÌ´Ù. ÀÌ¿¡ º» ³í¹®¿¡¼´Â ÀÚµ¿Â÷ º¸¾È ³»Àçȸ¦ À§ÇÑ ±¸Ã¼ÀûÀÎ ¹æ¹ý·ÐÀ» Á¦¾ÈÇÑ´Ù. º» ³í¹®¿¡¼ Á¦¾ÈµÈ ¹æ¹ý·ÐÀ» ÅëÇØ ÀÚµ¿Â÷ Á¦Á¶»ç´Â ÀÚµ¿Â÷ °³¹ß °úÁ¤¿¡ ÀÖ¾î ±â´É ¾ÈÀü¼º°ú º¸¾È¼ºÀÇ Ãø¸éÀ» µ¿½Ã¿¡ °í·ÁÇÒ ¼ö ÀÖÀ¸¸ç, ´Ù°¡¿À´Â UNECE ÀÚµ¿Â÷ »çÀ̹öº¸¾È ±ÔÁ¦¿¡ ´ëÇÑ ÀÎÁõ¿¡µµ ´ëÀÀÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Conventional automotive development has mainly focused on ensuring correctness and safety and security has been relatively neglected. However, as the number of automotive hacking cases has increased due to the increased Internet connectivity of automobiles, international organizations such as the United Nations Economic Commission for Europe(UNECE) are preparing cybersecurity regulations to ensure security for automotive development. As with other IT products, automotive cybersecurity regulation also emphasize the concept of "Security by Design", which considers security from the beginning of development. In particular, since automotive development has a long lifecycle and complex supply chain, it is very difficult to change the architecture after development, and thus Security by Design is much more important than existing IT products. The problem, however, is that no specific methodology for Security by Design has been proposed on automotive development process. This paper, therefore, proposes a specific methodology for Security by Design on Automotive development. Through this methodology, automotive manufacturers can simultaneously consider aspects of functional safety, and security in automotive development process, and will also be able to respond to the upcoming certification of UNECE automotive cybersecurity regulations.
|
| Å°¿öµå(Keyword) |
ÀÚµ¿Â÷ °³¹ß
Áõ°Å ±â¹Ý Ç¥ÁØ
Secure SDLC
UNECE »çÀ̹öº¸¾È ±ÔÁ¦
Automotive Development
Evidence-based Standards
Secure SDLC
UNECE Cybersecurity Regulation
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
