Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment

Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007

Volumn , Issue , 2007, Pages 231-240

  Gandhi, Robin A ^a   Lee, Seok Won ^a  

^a University of North Carolina at Charlotte   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SOFTWARE; CORRELATION METHODS; REQUIREMENTS ENGINEERING; RISK MANAGEMENT;

CASE STUDIES; CERTIFICATION PROCESSES; CERTIFICATION REQUIREMENTS; COMPLEX SOFTWARE SYSTEMS; DEPARTMENT OF DEFENSES; MULTI-DIMENSIONAL; OPERATIONAL SCENARIOS; SECURITY CERTIFICATIONS; SECURITY PROPERTIES; SECURITY RISK ASSESSMENTS; SOFTWARE SYSTEMS; TECHNICAL ENVIRONMENTS; UNITED STATES;

RISK ASSESSMENT;

EID: 47949111490     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/RE.2007.21     Document Type: Conference Paper

References (51)

1. th Int'l Enterprise Distributed Object Computing Conf., 2002, pp: 51-62.
2. Alexander, I. "Misuse Cases: Use Cases with Hostile Intent." IEEE Software, 20(1), Jan/Feb 2003, pp: 58-66.
3. Basili V.R., Rombach H.D., "The TAME project: Towards improvement-oriented software environments," IEEE Transactions on Software Engineering, 14(6), 1988, pp: 758-773.
4. Baskerville, R., "Information systems security design methods: implications for information systems development," ACM Computing Surveys, 25(4), 1993, pp: 375-414.
5. Borgida, A. "On the Relative Expressiveness of Description Logics and Predicate Logics," AI, 82(1-2), 1996, pp: 353-367.
6. th Int'l Conf. on RE 2006, pp: 49-58.
7. th Int'l Conf. Soft. Eng., 2002, pp: 232-240.
8. Common Criteria, v2.1. ISO/IEC 15408-1, 1999.
9. Davis T., "Federal Computer Security Report Card Grades of 2004," Press Release. Government Reform Committee, 2005.
10. DoD 8510.1-M: DITSCAP Application Manual. 2000.
11. DoD Instruction 5200.40: DITSCAP, 1997.
12. DoDI 8500.2. IA Implementation. Feb 2003.
13. Donzelli, P. Basili, V., "A practical framework for eliciting and modeling system dependability requirements," Journal of Systems and Software, 79(1), 2006, pp:107-119.
14. Duquenne, V. "Contextual implications between attributes and some representational properties for finite lattices" Beitrage zur Begrisanalyse, B.I. Wissenschaftsverlag, 1987, pp: 213-239
15. Easterbrook, S., "Domain modelling with hierarchies of alternative viewpoints", In Proc. Int'l Sym. on RE., 1993, pp: 65-72.
16. th annual Global Information Security Survey, Netherland, 2005.
17. Feather, M. S., Cornford, S.L., "Quantitative risk-based requirements reasoning," RE Journal, Vol. 8(4), 2003, pp: 248-265.
18. Ganter, B. Wille, R. Formal Concept Analysis. Springer, 1996.
19. Jackson, M., Software Requirements and Specifications: A Lexicon of Practice, Principles and Prejudices. Addison, 1995.
20. Jilani, L.L., et al., "Defining and applying measures of distance between specifications," IEEE TSE, 27(8), 2001, pp.673-703.
21. Johansson E, Johnson P. "Assessment of Enterprise Information Security - Estimating the Credibility of the Results," In Proc. Sym. on RE for Info. Security (SREIS 05) at RE 05, 2005.
22. nd Int'l Conf. on FCA, 2004, pp: 252-260.
23. Kotonya, G., Sommerville, I., "Requirements engineering with viewpoints," Software Engineering Journal, 11(1), 1996, pp: 5-18.
24. Lee, S.W., Gandhi, R.A. et al, "Security Requirements Driven Risk Assessment for Critical Infrastructure Information Systems", In Proc. Sym. on RE for Info. Security (SREIS 05) at RE 05, 2005.
25. th IEEE Int. RE Conf. (RE 07), Posters, Demos and Exhibits Session, October 15-19, Delhi, India, 2007.
26. th Asia-Pacific Soft. Engg. Conf. (APSEC 05), IEEE CS Press, 2005, pp: 481-490.
27. Lee, S.W., Gandhi, R.A., "Requirements as Enablers for Software Assurance," CrossTalk: The Journal of Defense Software Engineering, December Issue, 19(12), 2006, pp: 20-24.
28. Lee, S.W., Gandhi, R.A., Ahn, G.J., "Certification Process Artifacts Defined as Measurable Units for Software Assurance" Soft. Process: Improvement and Practice, Vol. 12(2), 2007, pp. 165-189.
29. Lee, S.W., Muthurajan, D., Gandhi, R.A., et al., "Building decision support problem domain ontology from natural language requirements for software assurance," Int'l Journal on Software Engg. and Knowledge Engg., 16(6), Dec. 2006, pp: 851-884.
30. Lee, S.W., Rine, D.C. "Missing Requirements and Relationship Discovery through Proxy Viewpoints Model," Studia Informatica Universalis: Int'l Journal on Informatics, 3(3), 2004 pp. 315-342.
31. th Int'l Conf. on Requirements Engg, 2004, pp: 354-355.
32. th Int'l Conf. on Requirements Engg, 2003, pp: 151-161.
33. th Comp. Security App. Conf., IEEE CS, 2001, pp: 366-374
34. Mead, N. R., Hough, E., Stehney, T., "Security Quality Requirements Engineering (SQUARE) Methodology," Technical Report (CMU/SEI-2005-TR-009), SEI, CMU, Pittsburgh, PA 2005
35. Moffett, J.D., Haley, C.B., Nuseibeh, B.A, "Core Security Requirements Artefacts," TR 2004/23, Open University, June 2004.
36. OCTAVE™ Criteria v2.0, CMU/SEI-2001-TR-016, 2001.
37. Prieto-Diaz, R., "The Common Criteria Evaluation Process," CISC-TR-2002-003, James Madison Univ., 2002.
38. Prud'hommeaux, E., Seaborne, A., "SPARQL Query Language for RDF," W3C Working Draft, 2006.
39. th Int'l Conf. on RE, 1998, pp. 82-89.
40. Schneier, Bruce. "Attack Trees." Dr. Dobb's Journal of Software Tools, 24(12), December 1999, pp: 21-29.
41. Sindre, G., Opdahl, A., "Eliciting Security Requirements by Misuse Cases," In Proc. of TOOLS Pacific, 2000, pp: 120-130.
42. Swanson M, Bartol N, et al., "Security Metrics Guide for Information Technology Systems," NIST SP #800-55, 2003.
43. th Int'l Conf. on Soft. Engg., St. Louis, 2005.
44. US GAO Report, "Agencies Need to Implement Consistent Processes in Authorizing Systems for Operation," 04-376, 2004.
45. US GAO Report, "Department of Homeland Security Needs to Fully Implement its Security Program," 05-700, 2005.
46. van Lamsweerde, A., "Elaborating Security Requirements by Construction of Intentional Anti-Models," In Proc. 26th Int'l Conf. on Software Engg., 2004, pp: 148-157.
47. Verdon, D., McGraw, G., "Risk Analysis in Software Design." IEEE Security & Privacy Magazine, 2(4), 2004, pp: 79-84
48. Voas, J., "Certifying software for high-assurance environments," IEEE Software, 16(4), Jul/Aug 1999, pp: 48-54.
49. th Int'l RE Conf., 2006, pp: 6-15.
50. Wille, R., "Conceptual Graphs and Formal Concept Analysis," Int'l Conf. on Conceptual Structures, 1997, pp: 290-303.
51. Yudistira, A., Giorgini, P., Mylopoulos, J., "Risk Modelling and Reasoning in Goal Models," DIT-06-008, Univ. of Trento, 2006.