FAA Information Technology- Information Systems Security R&D Workshop 2003 13 June 2015© 2002-3 USC-CSE Extending COCOMO II to Estimate the Cost of Developing.

Slides:



Advertisements
Similar presentations
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Advertisements

Software Quality Assurance Plan
Empirical Research at USC-CSE Barry Boehm, USC-CSE ISERN Presentation October 8, 2000
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Copyright 2000, Stephan Kelley1 Estimating User Interface Effort Using A Formal Method By Stephan Kelley 16 November 2000.
Using UML, Patterns, and Java Object-Oriented Software Engineering Royce’s Methodology Chapter 16, Royce’ Methodology.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Security Controls – What Works
Information Security Policies and Standards
March 2002 COSYSMO: COnstructive SYStems Engineering Cost MOdel Ricardo Valerdi USC Annual Research Review March 11, 2002.
02/12/00 E-Business Architecture
University of Southern California Center for Software Engineering CSE USC COSYSMO: Constructive Systems Engineering Cost Model Barry Boehm, USC CSE Annual.
11/08/06Copyright 2006, RCI1 CONIPMO Workshop Out-brief 21 st International Forum on COCOMO and Software Cost Modeling Donald J. Reifer Reifer Consultants,
University of Southern California Center for Systems and Software Engineering ©USC-CSSE1 Ray Madachy, Barry Boehm USC Center for Systems and Software Engineering.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
System-of-Systems Cost Modeling: COSOSIMO July 2005 Workshop Results Jo Ann Lane University of Southern California Center for Software Engineering.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
The Information Systems Audit Process
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE , Fall Security Strategies.
COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.
University of Southern California Center for Systems and Software Engineering © 2009, USC-CSSE 1 An Analysis of Changes in Productivity and COCOMO Cost.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Intranet, Extranet, Firewall. Intranet and Extranet.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
COCOMO-SCORM: Cost Estimation for SCORM Course Development
Test Organization and Management
Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.
Information Systems Security Computer System Life Cycle Security.
 Computer security policy ◦ Defines the goals and elements of an organization's computer systems  Definition can be ◦ Highly formal ◦ Informal  Security.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 6 of the Executive Guide manual Technology.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Testing Basics of Testing Presented by: Vijay.C.G – Glister Tech.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Student Curriculum Planning System MSE Project Presentation I Kevin Sung.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Note1 (Admi1) Overview of administering security.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Cmpe 589 Spring 2006 Lecture 2. Software Engineering Definition –A strategy for producing high quality software.
SFWR ENG 3KO4 Slide 1 Management of Software Engineering Chapter 8: Fundamentals of Software Engineering C. Ghezzi, M. Jazayeri, D. Mandrioli.
Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
University of Southern California Center for Systems and Software Engineering © 2010, USC-CSSE 1 Trends in Productivity and COCOMO Cost Drivers over the.
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
CPT 123 Internet Skills Class Notes Internet Security Session B.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
The NIST Special Publications for Security Management By: Waylon Coulter.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
1 Agile COCOMO II: A Tool for Software Cost Estimating by Analogy Cyrus Fakharzadeh Barry Boehm Gunjan Sharman SCEA 2002 Presentation University of Southern.
Project Cost Management
COCOMO III Workshop Summary
Tutorial: Software Cost Estimation Tools – COCOMO II and COCOTS
Constructive Cost Model
COCOMO II Security Extension Workshop Report
Costing Secure Systems Workshop Report
Software Systems Cost Estimation
Costing Secure Systems Workshop
Presentation transcript:

FAA Information Technology- Information Systems Security R&D Workshop June 2015© USC-CSE Extending COCOMO II to Estimate the Cost of Developing Secure Software Edward Colbert, Murali Gangadharan, Donald Reifer, & Barry Boehm {ecolbert, murali,

23 June 2015© USC-CSE Outline  Why Extend COCOMO II for Security?  The COCOMO II & Modeling Methodology  New Security Cost Driver & its Factors  COCOMO II Cost Driver Values  Analysis of Security Impact On Other Drivers  Next Steps & Summary

33 June 2015© USC-CSE Why Extend COCOMO II for Security  Military projects have considered security in developing software since the early 1980s  Until recently commercial projects often gave it little weight  Threat to business-critical systems & private information has grown –Security can no longer be ignored  Few cost models (including COCOMO II) include security factors –Based 1980s military perspective (Orange Book) –Developing secure systems has changed dramatically

43 June 2015© USC-CSE Adding Security to Cost Models  Several approaches for addressing security –Modernize existing models Primarily by updating definitions of cost drivers –Add new cost drivers to cost models –Develop separate security model

53 June 2015© USC-CSE Adding Security to Cost Models  USC has taken intermediate approach –Add factor that addresses security from 3 viewpoints Development Operational Physical (Development Constraints) –Include factors as appropriate to all COCOMO II family cost models –Address both commercial & military projects regardless of Size Domain Level of maturity

63 June 2015© USC-CSE Outline  Why Extend COCOMO for Security?  The COCOMO II & Modeling Methodology  New Security Cost Driver & its Factors  COCOMO II Cost Driver Values  Analysis of Security Impact On Other Drivers  Next Steps & Summary

73 June 2015© USC-CSE Project scale factors: maturity, risk, flexibility, teamwork & precedentedness Software product, process, project & personnel cost drivers COCOMO II Refresher COCOMO II Model Software size estimate Software organization’s project data Effort & duration estimates Cost, schedule distribution by phase, activity, increment COCOMO II recalibrated to organization’s data Effort in Person Month SF: Scale Factors (5) EM: Effort Multipliers(17)

83 June 2015© USC-CSE COCOMO II Family of Cost Models COCOMO II Calibration Models Risk & Tradeoff Models Allocation Models Sizing Models Reuse Models COCOTS COQUALMO CORADMO COSYSMO OTHERS

93 June 2015© USC-CSE COCOMO II Modeling Methodology Analyze Existing Literature Perform Behavioral Analysis Determine Form of model &Identify relative significance of parameters Perform expert Judgment, Delphi Assessment Gather Project Data Determine Bayesian A Posteriori update Gather more data; Refine model

103 June 2015© USC-CSE Outline  Why Extend COCOMO for Security?  The COCOMO II & Modeling Methodology  New Security Cost Driver & its Factors  COCOMO II Cost Driver Values  Analysis of Security Impact On Other Drivers  Next Steps & Summary

113 June 2015© USC-CSE COCOMO II Security Driver (SECU)  Viewpoints –Design & Development for Security –Operational Security –Physical Security (Development Constraints)  Driver Ratings –Low –Nominal –High –Very High –Extremely High

123 June 2015© USC-CSE Security Factors  Design & Development for Security –Effect of design methodologies & processes for development & validation when security is factor  Operational Security –Effect of security policies, processes, tools & facilities that: Permit identification of security events Define subsequent actions to identify key elements Report pertinent information to appropriate individual, group, or process  Development Constraints –Constraints placed on development when protecting software facilities: From outside perimeter to inside office space Includes all of information system resources

133 June 2015© USC-CSE Design & Development for Security Rating : Low & Nominal  Low –No security requirements –No protection other than provided by execution environment  Nominal Requirements  Informal security requirements formulated for system Design  Analysis of security functions using –Informal functional & interface specification –Descriptive high-level design –Informal demonstration of corresponding pairs Testing  Developer tests implementation of requirements –Black box testing Life-cycle controls  Simple Configuration Management with version numbers

143 June 2015© USC-CSE Design & Development for Security Rating : High  Nominal + Requirements  Fully defined external interfaces  Informal security policy modeling Design  High-level design enforces security  Informal low-level design description Testing  Independent testing of all functional requirements  Inspection of COTS/OSS source code if available  Developer vulnerability analysis Life-cycle controls  Detailed delivery & installation procedures –with well-defined security defaults  Developer-defined life-cycle model –with well-defined development tools

153 June 2015© USC-CSE Design & Development for Security Rating: Very High  High+ Requirements  Semi-formal functional specifications  Semi-formal security policy modeling Design  Semi-formal high-level design  Semi-formal Correspondence demonstration  Modular implementation  Dynamic analysis for COTS/OSS Testing  Evidence of coverage for all developer test results  Testing of high-level design  Independent vulnerability analysis  Independent validation of analysis Life-cycle controls  Partial automation of CM –with authorization control, problem tracking, & detection of modification  Measurable life-cycle model –with compliance to implementation standards

163 June 2015© USC-CSE Design & Development for Security Rating: Extremely High  Very High + Requirements  Formal functional specification  Formal security policy modeling Design  Formal high level explanation  Formal Correspondence Demonstration  Structured implementation with minimization of complexity  Secure container for COTS & OSS Testing  Analysis of coverage of tests  Analysis & testing for insecure states  Ordered functional testing with tests of low-level design  Covert channel analysis Life-cycle controls  Compete automation of CM –with coverage for developer tools  Measurable life-cycle model –with supporting empirical data

173 June 2015© USC-CSE Operational Security Rating: Low & Nominal  Low –No organization-wide security policies –Ad-hoc security practices –Optional firewall & virus protection  Nominal Administrative controls  Basic Security policies –inc. Password & Virus Protection policy Network access & system use policy  Guidelines for administrators & users  Guidelines for regular backups of critical data Technical Controls  Reasonable practices for –Checksum Verification –Firewalls –Operating system logging  Simple password-based authentication schemes

183 June 2015© USC-CSE Operational Security Rating: High  Nominal + Administrative Controls  Security policies include –User administration policies –Access administration policies  Documentation & logging of all security incidents  Discretionary Access Control Policies for all resources  Security Screening of all staff on project –Initial background screening Technical Controls  Media access controls –Marking, logging & Integrity verification  Strong communication security implemented with reasonable practices for –Virtual Public Networks –Wireless Access –Active systems & network monitoring  Multi-factor authentication using passwords & smart-tokens

193 June 2015© USC-CSE Operational Security Rating: Very High  High + Administrative Controls  Security policies include – Incident response policy – Data classification policy  Incident response teams formed to handle security breaches  Mandatory Access Control Policies to all resources  Project staffing process considers –Separation of duties –Access with least privilege Technical Controls  Defense-in-Depth strategy to protect system with reasonable practices for –Layered system monitoring with Intrusion Detection Systems –Write protected audit trails  Digital certificates & signatures used for –Authentication –Message integrity –Non-repudiation

203 June 2015© USC-CSE Operational Security Rating : Extremely High  Very High + Administrative Controls  Comprehensive Security policies including – Business continuity plans – Disaster recovery plans  Strong role-based access control for all resources Technical Controls  Defense-in-depth strategy for protection is implemented with reasonable practices for –Protection against insider & outsider attacks –Honeypots for proactive defense  Independent vulnerability analysis & penetration tests  All communications are encrypted  Multi-factor authentication with biometrics

213 June 2015© USC-CSE Development Constraints Rating Description  Nominal –None  High –All source materials are locked up when not in active use  Very High –High + Audited security markings in code  Extremely High –Very High+ Multi-compartment developer communication constraints

223 June 2015© USC-CSE Outline  Why Extend COCOMO for Security?  The COCOMO II Modeling & Methodology  New Security Cost Driver & its Factors  COCOMO II Cost Driver Values  Analysis of Security Impact On Other Drivers  Next Steps & Summary

233 June 2015© USC-CSE Draft Security Effort Distribution With large Standard Deviation

243 June 2015© USC-CSE Outline  Why Extend COCOMO for Security?  The COCOMO II & Modeling Methodology  New Security Cost Driver & its Factors  COCOMO II Cost Driver Values  Analysis of Security Impact On Other Drivers  Next Steps & Summary

253 June 2015© USC-CSE Existing COCOMO Drivers Affected By Security  Proposed security cost driver (SECU) constrain existing COCOMO II cost drivers  Security functions add to project’s size  Increases project risk RELYRequired software reliability CPLXProduct complexity DOCUDocumentation match to life-cycle needs SITEMulti-site development TOOLUse of software tools

263 June 2015© USC-CSE Security Effect on Risk  Projects risk is increased when –Security driver rating is >= high & –Rating of following drivers are <= low or nominal ACAP : Analyst Capability PCAP : Programmer Capability APEX : Application Experience PLEX : Platform Experience LTEX : Language Experience

273 June 2015© USC-CSE Outline  Why Extend COCOMO for Security?  The COCOMO II & Modeling Methodology  New Security Cost Driver & its Factors  COCOMO II Cost Driver Values  Analysis of Security Impact On Other Drivers  Next Steps & Summary

283 June 2015© USC-CSE Next Steps  Reach consensus on cost drivers –FAA Workshop with AS400 on security, July 03 –Delphi run & calibration of factors in works  Initiate efforts to statistically validate accuracy of model –Survey available 160+ COCOMO project data –Perform initial calibration  Create enhanced COCOMO data collection forms –Gather security related efforts  Compare actual project data to expert opinions –Calibrate the model by weighting Actual data Expert opinions using Bayesian statistical techniques

293 June 2015© USC-CSE Summary  Proposed extensions to COCOMO for development of Secure Systems –Based on Common Criteria & DITSCAP –1 Driver: SECU –3 Factors: Development for Security Operational Security Physical Security (Development Constraints) –Affects on other COCOMO II Drivers RELY, CPLX, DOCU, SITE, TOOL –Affects on Size –Affects on project risk  Hopefully stimulated your interest & motivated you to participate by sharing project data

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.