Security Certification Modeling
Final rept. 1 Jun 2005-30 Nov 2008
TULSA UNIV OK
Pagination or Media Count:
This research focused on security certification policy modeling for a System of Systems SoS. Three main results were obtained. The first major result was a semi-formal UML Component Protection Profile CPPto describe a software components broad security expectations and interactions within the SoS. The CPP allows direct comparison of components that interact to determine if they interfere with local security requirements. Examples illustrate basic instantiations of multiple component security profiles along with the local violations that result from their conflicting or competing interactions within a SoS. The second result was an extension to a formal specification language to accommodate SoS global architecture and security certification criteria expressed as progress properties. Audit criteria from the NIST SP800-53 exemplify both local and global constraints and their compliance throughout the SoS. The third major result is a formal analysis of role-based access control policies using an extension of the Colored Petri Net. Overall, this fundamental effort indicated that more unification of security constructs is needed across the local, global, and internal activities of a SoS and its components to determine full system compliance with security certification criteria.
- Computer Systems Management and Standards