Extensible Requirements Management Architecture
Abstract
The goal of this effort is to facilitate the appropriate control of security configuration parameters based on goals and available systems after a cyber attack. This report addresses a method to aid in the reconfiguration of systems after a cyber attack. Most current research on requirements focuses on how to satisfy requirements under some small set of circumstances- possibly an expected situation and/or a safe fallback position. When some systems and components have been disabled by enemy attacks, it may not be possible to meet some predetermined set of system security requirements. In this case, the cyber commander needs automated assistance in choosing an alternative that represents the best compromise between the 'required' and the achievable. To do this, we have to relate system between the 'required' and the achievable. To do this, we have to relate system requirements to configurable parameter settings and describe precisely how the satisfaction of low-level requirements affects the satisfaction of requirements at the system level. This will help present decision-makers with a picture of what configurations are possible and what trade-offs they involve. This work is a first step towards systematizing this process.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2001
- Accession Number
- ADA394992
Entities
People
- David M. Rosenthal