Towards a requirements-driven workbench for supporting software certification and accreditation

Proceedings - ICSE 2007 Workshops: Third International Workshop on Software Engineering for Secure Systems, SESS'07

Volumn , Issue , 2007, Pages 8-14

  Lee, Seok Won ^a   Gandhi, Robin A ^a   Wagle, Siddharth ^a  

^a University of North Carolina at Charlotte   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCREDITATION; ONTOLOGY; SECURITY OF DATA;

PROTOTYPE IMPLEMENTATION; SOFTWARE CERTIFICATION; SOFTWARE SYSTEMS;

SOFTWARE ENGINEERING;

EID: 38549174781     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SESS.2007.11     Document Type: Conference Paper

References (32)

1. Alberts, C. and Dorofee, A. "OCTAVE™ Criteria, Version 2.0", CMU/SEI-2001-TR-016 December 2001.
2. th Nat. Conf. on Artificial intelligence, AAAI, USA, pp: 600-607, 1998.
3. Common Criteria, Introduction and general model. Ver. 2.1. ISO/IEC 15408-1, 1999
4. Davis T., "Federal Computer Security Report Card Grades of 2004," Press Release. Government Reform Committee, 2005
5. DoD 8510.1-M, "DITSCAP Application Manual," 2000.
6. DoD Instruction 5200.40: DITSCAP, 1997.
7. th Annual Global Information Security Survey, Netherlands, 2005.
8. nd Int'l Workshop on Service-Oriented Computing: Consequences for Engineering Requirements (SOCCER'06), at the 14th Int'l Requirements Engg. Conf. (RE'06), MN, USA, 2006.
9. Gandhi, R.A. and Lee, S.W., "Understanding Risks in an Organizational Infrastructure during Software Certification Activities," TR: SIS-NISE-07-01, UNC Charlotte, NC, 2007
10. Ganter, B.,Wille, R. Formal Concept Analysis. Springer, 1996.
11. GAO, Information Security: Weaknesses Persist at Federal Agencies Despite Progress Made in Implementing Related Statutory Requirements, GAO-05-552, Washington, D.C., July 15, 2005.
12. I-Assure, LLC., autoRTM, 2005 〈http://www.i-assure.com〉
13. nd Int'l Workshop on Software Engineering For Secure Systems (SESS 06), ACM Press, New York, NY, 2006 pp. 43-50.
14. th IEEE Int'l Requirements Engg. Conf. Paris, France, IEEE Press, 2005
15. Lee, S.W. and Yavagal, D., "GenOM User's Guide," TR: SIS-NISE-04-01, UNC Charlotte.
16. Lee, S.W., Gandhi, R.A. and Ahn, G., "Security Requirements Driven Risk Assessment for Critical Infrastructure Information Systems", In Proc. Symposium on Requirements Engg. for Information Security (SREIS'05), at 13th IEEE Int'l Requirements Engg. Conf. (RE '05), Paris, France, IEEE Press, 2005
17. th Asia-Pacific Soft. Engg. Conf. (APSEC05), IEEE CS Press, 2005, pp: 481-490.
18. Lee, S.W. and Gandhi, R.A., "Requirements as Enablers for Software Assurance," CrossTalk: The Journal of Defense Software Engg., Dec. Issue, Vol. 19 (12), 2006, pp: 20-24
19. th IEEE Int'l Conf. on Software Engg. (ICSE'05), St. Louis, MO, USA, 2005, pp. 43-49
20. Lee, S.W., Gandhi, R.A., Ahn, G.J., "Certification Process Artifacts Defined as Measurable Units for Software Assurance," International Journal on Software Process: Improvement and Practice (April, 2007), Online-Early View is published & available on Dec 2006 through Wiley InterScience: DOI:10.1002/spip.313
21. Lee, S.W., Muthurajan, D., Gandhi, R.A., et al., "Building decision support problem domain ontology from natural language requirements for software assurance," International Journal on Software Engineering and Knowledge Engineering, Vol. 16, No.6, pp. 1-34, December, World Scientific, 2006.
22. McGuinness, D., van Harmelen, F. (eds), "OWL Web Ontology Language Overview", W3C Recommendation, 2004
23. Moffett, J. D., Haley, C. B., Nuseibeh, B.A, "Core Security Requirements Artefacts," Technical Report 2004/23, Milton Keynes, UK: Department of Computing, The Open University, June 2004
24. Office of Management and Budget (OMB), "FY 2005 Report to Congress on Implementation of The Federal Information Security Management Act of 2002," March 1, 2006
25. SecureInfo, Compliance Authority (built on RMS technology), 2005, 〈http://www.secureinfo.com〉
26. Swartout, W., Tate, A., "Ontologies," IEEE Intelligent Systems, 14(1), 1999, pp: 18-19
27. The United States General Accounting Office, "Agencies Need to Implement Consistent Processes in Authorizing Systems for Operation," Report to Congressional Requestors, GAO-04-376
28. The United States General Accounting Office, "Department of Homeland Security Needs to Fully Implement its Security Program," Report to Congressional Requestors, GAO-05-700
29. Thomas, J. J. and Cook, K.A. (eds), Illuminating the Path: The Research and Development Agenda for Visual Analytics, IEEE Computer Society, 2005
30. Turner, G., Holley, et al., "Net-Centric Assured Information Sharing - Moving Security to the Edge through dynamic C&A," IANewsletter, Vol.8(3), Winter 2005/2006
31. van Lamsweerde, A., "Goal-Oriented Requirements Engineering: A Roundtrip from Research to Practice," In Proc. 12th IEEE Int'l Requirements Engg Conference, Kyoto, 2004, pp. 4-8.
32. Xacta Corporation, Xacta IA Manager, 2004 〈http://www.xacta. com〉