Analysis of Threat-Factors for Biometric-Information Processing Systems According to Goal-Oriented Threat- Modeling
As there is an increasing reliance on information systems in most organizations, there is also an increased risk of security accidents of information systems. Therefore, in order to verify the potential security risks and their results, it is necessary to have a security threat assessment process called threat modeling. However, research in security threat modeling has yet to mature as there is paucity of established techniques and tools to aid the threat modeling and formal analysis process. This study provides a method to design and analyze threats that occur in the bio-information processing system using the visual Goal-oriented threat modeling. In addition, it determines each threat based on the Goal-Threat model and defends itself through measuring repetitive assessment, vulnerability the degree of risk. Then, by designing each organization to perform security checks on its own, it supports to make it possible to easily find vulnerabilities in terms of administration and presents a recommendation to be performed in order to ensure stability.
KeywordsThreat modeling Biometric information processing system Security threat
This work was supported by the Security Engineering Research Center, granted by the Korea Ministry of Knowledge Economy.
- 1.Arun AR, Nandakumar K, Anil KJ (2006) Handbook of multibiometrics. Springer, New YorkGoogle Scholar
- 3.Shin YN, Kim YJ, Chun MG (2011) Operational management for biometrics hardware security module and PKI. J Korean Inst Inf Technol 9(5):207–216Google Scholar
- 4.Swiderski F, Snyder W (2004) Threat modeling. MicrosoftPress, RedmondGoogle Scholar
- 5.Park KY, Yoo SG, Kim J (2011) Security requirements prioritization based on threat modeling and valuation graph. Commun Comput Inf Sci 206:142–152Google Scholar
- 6.Baek SJ, Han JS, Song YJ (2012) Security threat modeling and requirement analysis method based on goal-scenario, IT convergence and security. In: Proceedings of the international conference on IT convergence and security 2011/2012, pp 419–424Google Scholar
- 7.ISO/IEC JTC1 SC27 N8802 (2010) Biometric information protection. Final Committee Draft, 2010Google Scholar