COCOMO II Security Extension Workshop Report

Slides:



Advertisements
Similar presentations
Software Engineering CSE470: Process 15 Software Engineering Phases Definition: What? Development: How? Maintenance: Managing change Umbrella Activities:
Advertisements

On Representing Uncertainty In Some COCOMO Model Family Parameters October 27, 2004 John Gaffney Fellow, Software & Systems.
Sequence Diagram Generation & Validation MSE First Presentation Samer Saleh Advisor: Bill Hankley.
Copyright 2000, Stephan Kelley1 Estimating User Interface Effort Using A Formal Method By Stephan Kelley 16 November 2000.
May 18, 2004CS WPI1 CS 562 Advanced SW Engineering Lecture #6 Tuesday, May 18, 2004.
University of Southern California Center for Systems and Software Engineering ©USC-CSSE1 Ray Madachy, Ricardo Valerdi USC Center for Systems and Software.
FAA Information Technology- Information Systems Security R&D Workshop June 2015© USC-CSE Extending COCOMO II to Estimate the Cost of Developing.
Working Group Meeting (Outbrief) Ricardo Valerdi, Indrajeet Dixit, Garry Roedler Tuesday.
These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.
University of Southern California Center for Software Engineering CSE USC COSYSMO: Constructive Systems Engineering Cost Model Barry Boehm, USC CSE Annual.
COSYSMO: Constructive Systems Engineering Cost Model Ricardo Valerdi USC CSE Workshop October 25, 2001.
University of Southern California Center for Software Engineering C S E USC Using COCOMO for Software Decisions - from COCOMO II Book, Section 2.6, 6.5.
1 COSYSMO 3.0: Future Research Directions Jared Fortune University of Southern California 2009 COCOMO Forum Massachusetts Institute of Technology.
University of Southern California Center for Software Engineering CSE USC ©USC-CSE 10/23/01 1 COSYSMO Portion The COCOMO II Suite of Software Cost Estimation.
Welcome and Overview: Annual Research Review 2006 Barry Boehm, USC-CSE March 15, 2006.
10/25/2005USC-CSE1 Ye Yang, Barry Boehm USC-CSE COCOTS Risk Analyzer COCOMO II Forum, Oct. 25 th, 2005 Betsy Clark Software Metrics, Inc.
©2011 Rolls-Royce plc The information in this document is the property of Rolls-Royce plc and may not be copied or communicated to a third party, or used.
Welcome and Overview: COCOMO / SCM #20 Forum and Workshops Barry Boehm, USC-CSE October 25, 2005.
Constructive COTS Model (COCOTS) Status Chris Abts USC Center for Software Engineering Annual Research Review Annual Research Review.
1 CORADMO in 2001: A RAD Odyssey Cyrus Fakharzadeh 16th International Forum on COCOMO and Software Cost Modeling University of Southern.
University of Southern California Center for Software Engineering CSE USC USC-CSE Annual Research Review COQUALMO Update John D. Powell March 11, 2002.
Copyright USC-CSSE 1 Quality Management – Lessons of COQUALMO (COnstructive QUALity MOdel) A Software Defect Density Prediction Model AWBrown.
System-of-Systems Cost Modeling: COSOSIMO July 2005 Workshop Results Jo Ann Lane University of Southern California Center for Software Engineering.
Expert COSYSMO Update Raymond Madachy USC-CSSE Annual Research Review March 17, 2009.
COCOMO II Database Brad Clark Center for Software Engineering Annual Research Review March 11, 2002.
University of Southern California Center for Software Engineering CSE USC 9/14/05 1 COCOMO II: Airborne Radar System Example Ray Madachy
UNCLASSIFIED Schopenhauer's Proof For Software: Pessimistic Bias In the NOSTROMO Tool (U) Dan Strickland Dynetics Program Software Support
University of Southern California Center for Systems and Software Engineering ©USC-CSSE1 Ray Madachy USC Center for Systems and Software Engineering
University of Southern California Center for Software Engineering CSE USC 110/26/2004©USC-CSE Welcome and Overview: COCOMO / SCM #19 Forum and Workshops.
This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.
Dillon: CSE470: SE, Process1 Software Engineering Phases l Definition: What? l Development: How? l Maintenance: Managing change l Umbrella Activities:
ESA/ESTEC, TEC-QQS August 8, 2005 SAS_05_ESA SW PA R&D_Winzer,Prades Slide 1 Software Product Assurance (PA) R&D Road mapping Activities ESA/ESTEC TEC-QQS.
© USC-CSE 2001 Oct Constructive Quality Model – Orthogonal Defect Classification (COQUALMO-ODC) Model Keun Lee (
University of Southern California Center for Software Engineering C S E USC Using COCOMO for Software Decisions - from COCOMO II Book, Section 2.6 Barry.
University of Southern California Center for Software Engineering C S E USC Using COCOMO for Software Decisions - from COCOMO II Book, Section 2.6 Barry.
Project Estimation Model By Deepika Chaudhary. Factors for estimation Initial estimates may have to be made on the basis of a high level user requirements.
Gan Wang 22 October th International Forum on COCOMO® and Systems/Software Cost Modeling in conjunction with the Practical Software and Systems.
Overview of COCOMO Reporter:Hui Zhang
University of Southern California Center for Systems and Software Engineering © 2010, USC-CSSE 1 Trends in Productivity and COCOMO Cost Drivers over the.
9-2 Session 9 CPS Edits and Verification Selection: Improving the Accuracy of Applicant Information.
University of Southern California Center for Systems and Software Engineering 1 © USC-CSSE Integrating Case-Based, Analogy-Based, and Parameter-Based Estimation.
University of Southern California Center for Systems and Software Engineering Reducing Estimation Uncertainty with Continuous Assessment Framework Pongtip.
University of Southern California Center for Systems and Software Engineering Core Capability Drive-Through Preparation Pongtip Aroonvatanaporn CSCI 577b.
1 Using COCOMO for Software Decisions - from COCOMO II Book, Section 2.6, 6.5 LiGuo Huang Computer Science and Engineering Southern Methodist University.
COCOMO Software Cost Estimating Model Lab 4 Demonstrator : Bandar Al Khalil.
Bogor-Java Environment for Eclipse
Lecture 3 Prescriptive Process Models
COCOMO III Workshop Summary
2006 Annual Research Review & Executive Forum
Andy Nolan1, Silvia Abrahão2 Paul Clements3,
Costing Secure Systems Workshop Report
Software Systems Cost Estimation
COCOMO Model Basic.
Thursday’s Lecture Chemistry Building Musspratt Lecture Theatre,
Using COCOMO for Software Decisions - from COCOMO II Book, Section 2
Using COCOMO for Software Decisions - from COCOMO II Book, Section 2
COSYSMO: Constructive Systems Engineering Cost Model
Measurement and Estimating Models
More on Estimation In general, effort estimation is based on several parameters and the model ( E= a + b*S**c ): Personnel Environment Quality Size or.
BELL WORK! Have your composition notebook open to yesterday’s notes. Review them! Glue in the handout labeled “Bell Work” (on the front lab table).
Costing Secure Systems Workshop
COCOMO 2 COCOMO 81 was developed with the assumption that a waterfall process would be used and that all software would be developed from scratch. Since.
Core Capability Drive-Through Workshop
Delivering great hardware solutions for Windows
System Reengineering Restructuring or rewriting part or all of a system without changing its functionality Applicable when some (but not all) subsystems.
BAuD II WP3 Workshop/Demo
Center for Software and Systems Engineering,
Using COCOMO for Software Decisions - from COCOMO II Book, Section 2.6
Using COCOMO for Software Decisions - from COCOMO II Book, Section 2
Presentation transcript:

COCOMO II Security Extension Workshop Report Report on 7th Workshop on Costing Secure Systems, USC CSE Annual Research Review 11/7/2018 COCOMO II Security Extension Workshop Report Edward Colbert Danni Wu {ecolbert, danwu}@cse.usc.edu 20th Annual COCOMO II & Software Costing Forum 2005 USC Center for Software Engineering © 2002-5 USC-CSE 7 November 2018 © 2002-5 USC-CSE

Outline Workshop Agenda Feedback From Attendees Future Work Report on 7th Workshop on Costing Secure Systems, USC CSE Annual Research Review 11/7/2018 Outline Workshop Agenda Feedback From Attendees Future Work MetaH provides semantics & supporting tools UML provides graphic front-end © 2002-5 USC-CSE 7 November 2018 © 2002-5 USC-CSE

Workshop Agenda 8:30am – 12:00am 1:00pm – 5:00pm Reviewed prototypes COSECMO prototype System development cost prototype 1:00pm – 5:00pm General discussions Model calibration Needed improvements to incorporate next version of Common Criteria SECU driver’s effect on effort © 2002-5 USC-CSE 7 November 2018

Outline Workshop Agenda Feedback From Attendees Future Work Report on 7th Workshop on Costing Secure Systems, USC CSE Annual Research Review 11/7/2018 Outline Workshop Agenda Feedback From Attendees Future Work MetaH provides semantics & supporting tools UML provides graphic front-end © 2002-5 USC-CSE 7 November 2018 © 2002-5 USC-CSE

Feedback on COSECMO Prototype Size should be based on higher-level Security Functional Requirements (SFR) Current: Size estimated by choosing SFR’s & their levels E.g., (FAU, low) Suggestions: Estimate size by choosing levels of developers’ concern about different security areas E.g., (Audit, low) Benefits: Not strict to Common Criteria terms, better understandable © 2002-5 USC-CSE 7 November 2018

Feedback on COSECMO Prototype (Cont.) User customization Current: Size for SFR is hard-coded E.g., 0.5K for (FAU, low) Suggestions: Let user customize suggested size One default value is provided Users can revise it based on their own experiences Benefits: Local calibration & greater flexibility © 2002-5 USC-CSE 7 November 2018

Feedback on COSECMO Prototype (Cont.) Show default set of COCOMO cost driver ratings Current: User manually choose levels for each COCOMO cost driver Prototype warns if user selected other driver value that aren’t consistent with COSECMO recommendations for selected SECU driver rating Suggestions: Shown default ratings after user choosing SECU driver rating Benefits: Easier to use © 2002-5 USC-CSE 7 November 2018

Feedback on SECU Driver Effect Change SECU driver effect on effort Current: SECU is multiplier Linear effect on size Suggestion: SECU should be scale factor Benefit: effort vs. size of trusted software plot matches security expert’s expectations EAL 5 EAL 7 50KSLOC a 10a 50KSLOC 100KSLOC EAL 6 b >>2b © 2002-5 USC-CSE 7 November 2018

Feedback on COSECMO Model Calibration Getting project data points from secure systems will be difficult Instead of security assurance requirements, consider general assurance requirements Safely critical assurance Map Evaluation Assurance Levels (EAL) & Safety Integrity Levels (SIL) to COCOMO driver levels Reliability assurance e.g. weapon accuracy Use safety project data & any security data to calibrate model © 2002-5 USC-CSE 7 November 2018

Outline Workshop Agenda Feedback From Attendees Future Work Report on 7th Workshop on Costing Secure Systems, USC CSE Annual Research Review 11/7/2018 Outline Workshop Agenda Feedback From Attendees Future Work MetaH provides semantics & supporting tools UML provides graphic front-end © 2002-5 USC-CSE 7 November 2018 © 2002-5 USC-CSE

Future Work Get more feedback from security & safety communities Report on 7th Workshop on Costing Secure Systems, USC CSE Annual Research Review Dan Wu: Updating COSECMO prototype Expand COSECMO model to a more general model 11/7/2018 Future Work Get more feedback from security & safety communities Extend security assurance to general assurance Refine costing prototypes Refine models Refine Delphi Collect & analyze data Write Papers & Ph.D. Thesis (theses?) © 2002-5 USC-CSE 7 November 2018 © 2002-5 USC-CSE

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.