• Journal of Internet Computing and Services
    ISSN 2287 - 1136(Online) / ISSN 1598 - 0170 (Print)
    http://jics.or.kr/

Study on security requirements for the web based operation system of a shipping company


Up Chung, Jongsub Moon, Journal of Internet Computing and Services, Vol. 23, No. 1, pp. 49-68, Feb. 2022
10.7472/jksii.2022.23.1.49, Full Text:
Keywords: Shipping company, Threat modeling, STRIDE, Security requirement

Abstract

The operation system of a shipping company is still maintaining the mainframe based terminal access environment or the client/server based environment. Nowadays shipping companies that try to migrate it into a web-based environment are increasing. However, in the transition, if the design is processed by the old configuration and knowledge without considering the characteristics of the web-based environment and shipping business, various security vulnerabilities will be revealed at the actual system operation stage, and system maintenance costs to fix them will increase significantly. Therefore, in the transition to a web-based environment, a security design must be carried out from the design stage to ensure system safety and to reduce security-related maintenance costs in the future. This paper examines the characteristics of various threat modeling techniques, selects suitable modeling technique for the operation system of a shipping company, applies data flow diagram and STRIDE threat modeling technique to shipping business, derives possible security threats from each component of the data flow diagram in the attacker's point of view, validates the derived threats by mapping them with attack library items, represents the attack tree having various attack scenarios that attackers can attempt to achieve their final goals, organizes into the checklist that has security check items, associated threats and security requirements, and finally presents 23 security requirements that can respond to threats. Unlike the existing general security requirements, the security requirements presented in this paper reflect the characteristics of shipping business because they are derived by analyzing the actual business of a shipping company and applying threat modeling technique. Therefore, I think that the presented security requirements will be of great help in the security design of shipping companies that are trying to proceed with the transition to a web-based environment in the future.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Up Chung and Jongsub Moon (2022). Study on security requirements for the web based operation system of a shipping company. Journal of Internet Computing and Services, 23(1), 49-68. DOI: 10.7472/jksii.2022.23.1.49.

[IEEE Style]
U. Chung and J. Moon, "Study on security requirements for the web based operation system of a shipping company," Journal of Internet Computing and Services, vol. 23, no. 1, pp. 49-68, 2022. DOI: 10.7472/jksii.2022.23.1.49.

[ACM Style]
Up Chung and Jongsub Moon. 2022. Study on security requirements for the web based operation system of a shipping company. Journal of Internet Computing and Services, 23, 1, (2022), 49-68. DOI: 10.7472/jksii.2022.23.1.49.