The Genesis of Cyberscience and its Mathematical Models (CYBERSCIENCE)
Abstract
The Cyberscience project has developed a framework for an integrated approach to secure systems development called security co-design. Acknowledging the need to integrate security into the development process from the beginning, but recognizing that security and functionality are different in character, security co-design separates development into security and functional tracks that strongly influence each other. The security co-design methodology aims to account for all critical aspects of development, including requirements capture, implementation, and the construction of an information assurance case (IAC). By analogy to safety cases, an IAC seeks to establish that the security requirements of the system are met, and to identify specific points of failure to be addressed if certain requirements are not met. The development of a methodology and tool support for the construction of IACs has been the primary focus of the Cyberscience project. This report documents the security co-design methodology, the principles and goals of IAC development, an exploration of tool support for IAC construction, and an examination of possible alternative approaches.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 01, 2005
- Accession Number
- ADA431570
Entities
People
- Steven Dawson
Organizations
- SRI International