Advances in the Acquisition of Secure Systems Based on Open Architectures

Published in Journal of Cyber Security and Information Systems
Volume: 1 Number: 2 - Secure Systems and Software Productivity
Authors: Walt Scacchi and Thomas Alspaugh
Posted: 07/14/2017 | Leave a Comment

The role of software acquisition ecosystems in the development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components or by replacing them. But this may result in possible security requirements conflicts and organizational liability for failure to fulfill security obligations. We have developed an approach for understanding and modeling software security requirements as “security licenses”, as well as for analyzing conflicts among groups of such licenses in realistic system contexts and for guiding the acquisition, integration, or development of systems with open source components in such an environment. Consequently, this paper reports on our efforts to extend our existing approach to specifying and analyzing software intellectual property licenses to now address software security licenses that can be associated with secure OA systems.

* The rest of this article has not yet been converted to HTML. It will be added to this site shortly. Please be patient. *

Previous Article:

« Development and Transition of the SEI Software...

Next Article:

Software productivity progress during the first decade... »

Authors

Walt Scacchi

Walt Scacchi

Walt Scacchi is a senior research scientist and research faculty member at the Institute for Software Research, University of California, Irvine. He received a Ph.D. in Information and Computer Science from UC Irvine in 1981. From 1981-1998, he was on the faculty at the University of Southern California. In 1999, he joined the Institute for Software Research at UC Irvine. He has published more than 150 research papers, and has directed 45 externally funded research projects. In 2007, he served as General Chair of the 3rd. IFIP International Conference on Open Source Systems (OSS2007), Limerick, IE. In 2010, he chaired the Workshop on the Future of Research in Free and Open Source Software, Newport Beach, CA, for the Computing Community Consortium and the National Science Foundation. He also serves as Co-Chair of the Software Engineering in Practice (SEIP) Track at the 33rd International Conference on Software Engineering, 21-28 May 2011, Honolulu, HI.

Thomas Alspaugh

Thomas Alspaugh

Thomas Alspaugh is adjunct professor of Computer Science at Georgetown University, and visiting researcher at the Institute for Software Research at UC Irvine. His research interests are in software engineering and software requirements. Before completing his Ph.D., he worked as a software developer, team lead, and manager in industry, and as a computer scientist at the Naval Research Laboratory on the Software Cost Reduction project, also known as the A-7E project.

Leave a Comment Cancel

You must be logged in to post a comment.

CSIAC Report - Evolving Developments in Cyberlaw:
June 2019

CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives an updated snapshot of evolving developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides provide updates to an earlier report on cyberlaw from March of 2019.

View the Slides

CSIAC Journal - Launching Innovation Through Medical Modeling and Simulation Technologies

This edition of the CSIAC Journal highlights three very different views of complex situations where AI might, should, and does intersect with our ability to use AI effectively.

Read the Journal

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Report - JFAC/DAU/CSIAC Cyber Experiment (CYBEX)

This report details key concerns discussed during the JFAC/DAU/CSIAC Software Assurance (SwA) Cyber Experiment (CYBEX). In addition to evaluating newly developed SwA guides for program managers and developers, the exchange included addressing/bringing back foundational software/system engineering concepts to address root of fundamental SwA issues as well as adopting common language in the areas of functionality and risk in order to identify issues early.

Read the Report