Continuous Mission-Oriented Assessment (CMA) of Assurance
RAYTHEON BBN TECHNOLOGIES CAMBRIDGE MA
Pagination or Media Count:
This paper reports on ongoing work on a novel mission-oriented information assurance IA assessment approach that contrasts runtime measurements and observations against user-specified requirements. We present the initial results of our ongoing work to develop a continuous assessment framework focused on the assurance of mission operations. In this context, a mission refers to a specific set of tasks being executed by an information system to support a group of users cooperating to achieve a common objective, and IA refers to the users level of confidence that the system can be entrusted with their respective tasks. The high level goal of this research is to demonstrate meaningful and continuous mission-oriented assessment CMA of assurance. More specifically, CMA aims to validate the following claim information systems can be instrumented with suitably placed probes and aggregating mechanisms such that the aggregating mechanisms are able to continuously indicate whether the system is operating at a required level of assurance based on measurements and observations reported by the probes. An additional goal is to support IA assessment-driven adaptive behavior and interoperation with existing QoS mechanisms enabling QoS-IA tradeoffs e.g., sacrificing encryption for faster response. The CMA approach is a significant departure from the current thinking of security evaluation. Initial contributions of this early stage research include the following a taxonomy and organization of factors that contribute to mission-oriented assessment of IA, a methodology to perform the assessment, and a proof-of-concept prototype demonstrating mission-oriented continuous assessment and QoS and IA tradeoffs.
- Computer Systems
- Computer Systems Management and Standards