With the development of the fourth industrial technology, such as the Internet of Things (IoT) and cloud computing, developed countries including the U.S. are investigating the efficiency of national defense, the public sector and national innovation, and constructing the infrastructure for cloud computing environments through related policies. The Republic of Korea is enacting the related legislation and considering the fourth industrial technology in various fields. Particularly, it is considering the adaptation of the cloud to the command and control system in the national defense sector; hence, related research and pilot projects are being conducted. However, if the existing information system is converted to a cloud computing system by introducing IoT devices, existing security requirements cannot solve problems related to the security vulnerabilities of cloud computing. Therefore, to build a cloud-based secure command and control system, it is necessary to derive additional cloud computing-related security requirements that are lacking in the existing security requirements, and to build a secure national defense command and control system architecture based upon it. In this paper, we derive security requirements for a cloud-based command control system, propose a security architecture designed based thereupon, and implement a security architecture with an open-stack-based cloud platform, “OpenStack”.
Security Architecture for Cloud-Based Command and Control System in IoT Environment
