Security Certification Modeling

Abstract

This research focused on security certification policy modeling for a System of Systems (SoS). Three main results were obtained. The first major result was a semi-formal UML Component Protection Profile (CPP)to describe a software component's broad security expectations and interactions within the SoS. The CPP allows direct comparison of components that interact to determine if they interfere with local security requirements. Examples illustrate basic instantiations of multiple component security profiles along with the local violations that result from their conflicting or competing interactions within a SoS. The second result was an extension to a formal specification language to accommodate SoS global architecture and security certification criteria expressed as progress properties. Audit criteria from the NIST SP800-53 exemplify both local and global constraints and their compliance throughout the SoS. The third major result is a formal analysis of role-based access control policies using an extension of the Colored Petri Net. Overall, this fundamental effort indicated that more unification of security constructs is needed across the local, global, and internal activities of a SoS and its components to determine full system compliance with security certification criteria.

Document Details

Document Type

Technical Report

Publication Date

Feb 26, 2009

Accession Number

ADA528578

Entities

Tags