Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

D.P. Gilliam1, J.D. Powell1
1Jet Propulsion Laboratory, California Institute of Technology, USA

Tóm tắt

The network security assessment instrument is a comprehensive set of tools that can be used individually or collectively to ensure the security of network aware software applications and systems. Using the various tools collectively provide a distinct advantage for assuring the security of software and systems. Each tool's resulting output provides feedback into the other tools. Thus, more comprehensive assessment results are attained through the leverage each tool provides to the other when they are employed in concert. Previous portions of this work were presented at the IEEE Wet Ice 2000 and 2001 Workshops and are printed in those proceedings. This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles. This portion, the flexible modeling framework (FMF), focuses on modeling requirements and early lifecycle designs to discover vulnerabilities that result from interaction between system components that are either under development in a new system or proposed as additions to an existing system. There are early indications that this new approach, the flexible modeling framework (FMF), has promise in the areas of network security as well as other critical areas such as system safety. Information about the overall research effort regarding network security is available at http://security.jpl.nasa.gov/rssr.

Từ khóa

#Instruments #Software systems #Software tools #Information security #Application software #Output feedback #Ice #Conferences #Software maintenance #Safety

Tài liệu tham khảo

dodson, 1996, Specification and Classification of Generic Security Flaws for the Tester's Assistant Library bishop, 1999, Vulnerabilities Analysis, Proceedings of the Recent Advances in Intrusion Detection 10.1109/SEW.2001.992653 10.1109/ENABL.2001.953404 holzmann, 1990, Design and Validation of Computer Protocols wen, 1998, Model checking Security Protocols: A Case Study Using SPIN, Technical Report I 10.1145/263244.263267 callahan, 1998, Generating Test Oracles via Model Checking, Technical Report # NASA-IVV-98–015 gilliam, 2000, Reducing Software Security Risk Through an Integrated Approach, Proc IEEE Int Workshops Enabling Technol Infrastruct Collab Enterp, 141