|
Abstract:
The Cyberscience project has developed a framework for an integrated approach to secure systems development called security co-design. Acknowledging the need to integrate security into the development process from the beginning, but recognizing that security and functionality are different in character, security co-design separates development into security and functional tracks that strongly influence each other. The security co-design methodology aims to account for all critical aspects of development, including requirements capture, implementation, and the construction of an information assurance case (IAC). By analogy to safety cases, an IAC seeks to establish that the security requirements of the system are met, and to identify specific points of failure to be addressed if certain requirements are not met. The development of a methodology and tool support for the construction of IACs has been the primary focus of the Cyberscience project. This report documents the security co-design methodology, the principles and goals of IAC development, an exploration of tool support for IAC construction, and an examination of possible alternative approaches.
| Limitations: |
 APPROVED FOR PUBLIC RELEASE |
| Description: |
Final technical rept. Mar 2000-Feb 2004 |
| Pages: |
82 |
| Report Date: |
FEB 2005 |
| Contract Number: |
F30602-00-C-0087, DARPA ORDER- |
| Report Number: |
A075134 |
|
|
|
|
|
Keywords relating to this report:
Email This Abstract
