An Empirical Study of Quality and Cost Based Security Engineering

  • Seok Yun Lee
  • Tai-Myung Chung
  • Myeonggil Choi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3903)


For reliability and confidentiality of information security systems, the security engineering methodologies are accepted in many organizations. A security institution in Korea faced the effectiveness of security engineering. To solve the problems of security engineering, the institution creates a security methodology called ISEM, and a tool called SENT. This paper presents ISEM methodology considering both product assurance and production processes take advantages in terms of quality and cost. ISEM methodology can make up for the current security engineering methodology. For support ISEM methodology, SENT tool, which is operated in Internet, support the production processes and the product assurances which ISEM demands automatically.


Target System Inference Engine Granularity Level Security Mechanism Risk Process 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Software Engineering Institute, Carnegie Mellon Univ.: SSE-CMM Appraisal Method, V.2.0 (1999)Google Scholar
  2. 2.
    Department of Defense: Trusted Computer System Evaluation Criteria, DoD 5200.28- STD (1985)Google Scholar
  3. 3.
    European Commission: Information Technology Security Evaluation Criteria (ITSEC) (1992)Google Scholar
  4. 4.
    Eloff, M., Solms, S.H.: Information Security Management, Hierarchical Framework for Various Approaches. Computers & Security 19, 243–256 (2000)CrossRefGoogle Scholar
  5. 5.
    Hefner, R., Monroe, W.: System Security Engineering Capability Maturity Model. In: Conference on Software Process Improvement (1997)Google Scholar
  6. 6.
    ISO/IEC: Common Criteria for Information Technology Security Evaluation Part 3: Security Assurance Requirements Version 2.1 (1999)Google Scholar
  7. 7.
    ISO/IEC: Common Methodology for Information Technology Security Evaluation Part 2: Evaluation Methodology Version 1.0 (1999)Google Scholar
  8. 8.
    Piazzal, C., Pivato, E., Rossi, S.: CoPS-Checker of Persistent Security. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 144–152. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Pijl, G., Swinkels, G., Verijdt, J.: ISO 9000 versus CMM: Standardization and Certification of IS Development. Information & Management 32, 267–274 (1997)CrossRefGoogle Scholar
  10. 10.
    Qadeer, S., Rehof, J.: Context-Bounded Model Checking of Concurrent Software. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 93–107. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Wood, C., Snow, K.: ISO 9000 and information Security. Computer & Security 14(4), 287–288 (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Seok Yun Lee
    • 1
  • Tai-Myung Chung
    • 1
  • Myeonggil Choi
    • 2
  1. 1.School of Information and Communication EngineeringNatural Science Campus Sungkyunkwan UniversitySuwon-si, Geonggi-doKorea
  2. 2.Department of Systems Management EngineeringINJE UniversityGimhae, GyeongnamKorea

Personalised recommendations