Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 18: Introduction to Assurance Dr. Wayne Summers Department of Computer Science Columbus State University

Published byStephen Gilbert Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 18: Introduction to Assurance Dr. Wayne Summers Department of Computer Science Columbus State University"— Presentation transcript:

1

2 Chapter 18: Introduction to Assurance Dr. Wayne Summers Department of Computer Science Columbus State University Summers_wayne@colstate.edu http://csc.colstate.edu/summers

3 2 Assurance and Trust  An entity is trustworthy if there is sufficient credible evidence leading one to believe that the system will meet a set of given requirements. Trust is a measure of trustworthiness, relying on the evidence provided.  Security assurance, is confidence that an entity meets its security requirements, based on specific evidence provided by the application of assurance techniques.  Information assurance – ability to access information and preserve the quality and security of that information.  Trusted system – system that has been shown to meet well-defined requirements under an evaluation by a credible body of experts who are certified to assign trust ratings

4 3 Assurance, policy, and mechanisms Policy ^ | Assurance | v Mechanisms  Statement of requirements that explicitly defines the security expectations of the mechanism(s)  Provides justification that the mechanism meets policy through assurance evidence and approvals based on evidence  Executable entities that are designed and implemented to meet the requirements of the policy

5 4 Need for Assurance  Problem sources –Requirements definitions, omissions, and mistakes –System design flaws –Hardware implementation flaws –Software implementation errors, program bugs, compiler bugs –System use and operation errors, inadvertent mistakes –Willful system misuse –Hardware, communication, equipment malfunction –Environmental problems, natural causes, acts of God –Evolution, maintenance, faulty upgrades, decommissions

6 5 Assurance and Trust  Requirement – statement of goals that must be satisfied  Policy assurance – evidence establishing that the set of security requirements in the policy is complete, consistent, and technically sound.  Design assurance – evidence establishing that a design is sufficient to meet the requirements of the security policy  Implementation assurance - evidence establishing that a implementation is sufficient to meet the requirements of the security policy  Operational/administrative assurance - evidence establishing that the systems sustains the security policy requirements during installation, configuration, and day- to-day operation

7 6 Building Secure and Trusted Systems  Life Cycle –Conception (proof of concept) –Manufacture –Deployment –Fielded Product Life  Waterfall Life Cycle Model –Requirements Definition and Analysis –System & Software Design –Implementation and Unit Testing –Integration and Systems Testing –Operation and Maintenance

8 7 Other Models of Software Development  Exploratory Programming  Prototyping  Formal Transformation  Systems Assembly from Reusable Components  Extreme Programming

Download ppt "Chapter 18: Introduction to Assurance Dr. Wayne Summers Department of Computer Science Columbus State University"

Similar presentations

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #17-1 Chapter 17: Introduction to Assurance Overview Why assurance? Trust and.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #17-1 Chapter 17: Introduction to Assurance Overview Why assurance? Trust and.
1 Chapter 4 - Part 1 Software Processes. 2 Software Processes is: Coherent (logically connected) sets of activities for specifying, designing, implementing,

1 Chapter 4 - Part 1 Software Processes. 2 Software Processes is: Coherent (logically connected) sets of activities for specifying, designing, implementing,
5/1/2015 1:53 AM Lecture 11: Assurance & Evaluation James Hook CS 591: Introduction to Computer Security.

5/1/2015 1:53 AM Lecture 11: Assurance & Evaluation James Hook CS 591: Introduction to Computer Security.
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz

Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
Difference between 480-81 project and other assignments  real customer  before programming: negotiations with client to clarify requirements  often.

Difference between project and other assignments  real customer  before programming: negotiations with client to clarify requirements  often.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.

Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 What is software? Software errors, faults and failures Classification.

OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 What is software? Software errors, faults and failures Classification.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.
6/17/2015 5:35 PM Lecture 11: Assurance James Hook CS 591: Introduction to Computer Security.

6/17/2015 5:35 PM Lecture 11: Assurance James Hook CS 591: Introduction to Computer Security.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
May 25, 2004ECS 235Slide #1 Amplifying Allows temporary increase of privileges Needed for modular programming –Module pushes, pops data onto stack module.

May 25, 2004ECS 235Slide #1 Amplifying Allows temporary increase of privileges Needed for modular programming –Module pushes, pops data onto stack module.
1 Software Testing and Quality Assurance Lecture 1 Software Verification & Validation.

1 Software Testing and Quality Assurance Lecture 1 Software Verification & Validation.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Introduction to Systems Analysis and Design

Introduction to Systems Analysis and Design
Planning and Tracking Software Quality Yordan Dimitrov Telerik Corporation www.telerik.com.

Planning and Tracking Software Quality Yordan Dimitrov Telerik Corporation
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Similar presentations

Ads by Google