Annual SERC Research Review, October 5-6, 2011 1 By Jennifer Bayuk Annual SERC Research Review October 5-6, 2011 University of Maryland Marriott Inn and.

Slides:

Advertisements

Similar presentations

CASDA Project Management A presentation to the CASDA Preliminary Design Review IM&T / CASS Dan Miller | CASDA Project Manager 11 March 2014.

Advertisements

Summer Internship Program Outline

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

Note: Lists provided by the Conference Board of Canada

Course: e-Governance Project Lifecycle Day 1

Modeling the Process and Life Cycle CSCI 411 Advanced Database and Project Management Monday, February 2, 2015.

System Aware Cyber Security NDIA Barry Horowitz University of Virginia February, Sponsor: DoD, through the Stevens Institute”s SE Research Center.

Requirements Engineering n Elicit requirements from customer  Information and control needs, product function and behavior, overall product performance,

Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.

Systems Engineering in a System of Systems Context

SERC Security Systems Engineering Initiative Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Iterative development and The Unified process

Chapter 5: Project Scope Management

WRITING A RESEARCH PROPOSAL

Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.

What is Business Analysis Planning & Monitoring?

Meeting SB 290 District Evaluation Requirements

S/W Project Management

Unit 2: Engineering Design Process

Interstate New Teacher Assessment and Support Consortium (INTASC)

CLEANROOM SOFTWARE ENGINEERING.

Page 1 MODEL TEST in the small GENERALIZE PROGRAM PROCESS allocated maintenance changes management documents initial requirement project infrastructure.

Requirements Analysis

1 Chapter 2 The Process. 2 Process  What is it?  Who does it?  Why is it important?  What are the steps?  What is the work product?  How to ensure.

Software System Engineering: A tutorial

Business Analysis and Essential Competencies

Collaborative Work Package Criteria Suitable for accomplishing in a period of 90 days to 1 year. Work should fall within the expertise of one or more consortium.

ADD Perspectives on Accountability Where are We Now and What does the Future Hold? Jennifer G. Johnson, Ed.D.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

System-Aware Cyber Security Architecture Rick A. Jones October, 2011.

The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:

Government Procurement Simulation (GPSim) Overview.

National Science Foundation Directorate for Computer & Information Science & Engineering (CISE) Trustworthy Computing and Transition to Practice Secure.

© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.

IS Methodologies. Systems Development Life Cycle - SDLC Planning Planning define the system to be developed define the system to be developed Set the.

Eloise Forster, Ed.D. Foundation for Educational Administration (FEA)

1 Introduction to Software Engineering Lecture 1.

P1516.4: VV&A Overlay to the FEDEP 20 September 2007 Briefing for the VV&A Summit Simone Youngblood Simone Youngblood M&S CO VV&A Proponency Leader

Combining Theory and Systems Building Experiences and Challenges Sotirios Terzis University of Strathclyde.

Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks

Request for Proposal (RFP)

Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.

Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.

Project Scope Management 1. 2 Learning Objectives Understand the elements that make good project scope management important. Explain the scope planning.

TEACHER EVALUATION IMPLEMENTATION DAY: STUDENT GROWTH AND GOAL SETTING September 25, 2015 Shorewood High School 9/25/15 1.

TDRp Implementation Challenges David Vance, Executive Director Peggy Parskey, Assistant Director October 23, 2014.

Overview of RUP Lunch and Learn. Overview of RUP © 2008 Cardinal Solutions Group 2 Welcome  Introductions  What is your experience with RUP  What is.

Modelling the Process and Life Cycle. The Meaning of Process A process: a series of steps involving activities, constrains, and resources that produce.

ANALYSIS PHASE OF BUSINESS SYSTEM DEVELOPMENT METHODOLOGY.

Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 Click to edit Master title style What is Business Analysis Body of Knowledge?

SRR and PDR Charter & Review Team Linda Pacini (GSFC) Review Chair.

Project Management Strategies Hidden in the CMMI Rick Hefner, Northrop Grumman CMMI Technology Conference & User Group November.

Wisconsin Administrative Code PI 34 1 Wisconsin Department of Public Instruction - Elizabeth Burmaster, State Superintendent Support from a Professional.

DISTRIBUTION STATEMENT A -- Cleared for public release by OSR on 08 October SR case number #11-S-0041 applies. 13 th Annual NDIA SE Conf Oct 2010.

Prepared by Amira Selim 31 st October 2009 Revised by Dahlia Biazid Requirements Analysis.

FLORIDA EDUCATORS ACCOMPLISHED PRACTICES Newly revised.

Design Evaluation Overview Introduction Model for Interface Design Evaluation Types of Evaluation –Conceptual Design –Usability –Learning Outcome.

Information Technology Project Management, Seventh Edition.

BANKING INFORMATION SYSTEMS

Identify the Risk of Not Doing BA

TechStambha PMP Certification Training

Cybersecurity EXERCISE (CE) ATD Scenario intro

Chapter 2 Modeling the Process and Life Cycle Shari L. Pfleeger Joanne M. Atlee 4th Edition.

The Design Process.

University of California—Irvine

Approved for Public Release: Cases , , ,

Systems Engineering for Mission-Driven Modeling

DOD’S PHASED SYSTEM DEVELOPMENT PROCESS

Presentation transcript:

Annual SERC Research Review, October 5-6, By Jennifer Bayuk Annual SERC Research Review October 5-6, 2011 University of Maryland Marriott Inn and Convention Center Hyattsville, MD SERC Security

Annual SERC Research Review, October 5-6, SERC Security Research Tasks RT8 – System Security Roadmap ―Our foundation RT28 – System Aware Security ―Currently active – PI is Barry Horowitz, UVA RT32 – System Security Metrics ―Proposed – PI is Jennifer Bayuk ―If accepted will require multiple security SME collaborators RT38 – Cyber Security Decision Support ―Proposed – PI is Barry Horowitz ―Builds on RT28

Annual SERC Research Review, October 5-6, The SERC system security roadmap was motivated by the fact that current defensive strategies add tremendously to cost and do not respond effectively to the growing sophistication of attacks, as well as the recognition that today’s systems engineers are inadequately prepared to address system security requirements. RT8 was a 8-month effort with representation from the majority of the SERC members, as well as a larger community of invited security subject matter experts. The final report emphasized that progress in system security research must follow a scientific process that includes clear problem statements, thorough problem background descriptions including a full literature review, clearly defined solution criteria, and proposed hypothesis formulated to shed light on a solution and how it may be proven or disproven. As security luminary and roadmap reviewer Peter G. Neumann said in his response to the final draft, the roadmap was “a very worthy step forward” in security research. RT 8: System Security Roadmap

Annual SERC Research Review, October 5-6, Successful security design patterns should yield metrics that relate increases in security to corresponding impacts on system performance. Such metrics provide much needed information required by the engineering trade-space. Building on RT8: Systems Security Engineering Roadmap, RT28 research in architecture frameworks will devise systems security engineering methods that integrate fault tolerant and automatic control system technologies with cyber security technologies, processes, and tools to develop System-Aware security services that will be transferable between systems with common functionality. Key Deliverables: Description of system-aware security as an architectural concept, to include a prototype of system-aware security services architecture to demonstrate integration of services to dynamically adapt performance based upon risk and system performance implications. Design patterns with embedded metrics regarding security/system performance tradeoffs. RT 28: System Aware Security

Annual SERC Research Review, October 5-6, The state of the art and current practice in security metrics use certification and testing strategies rather than correctness and effectiveness criteria. Security requirements can be verified using well known certification techniques in combination with continuous monitoring technologies, but can be validated only with respect to system mission and purpose. Building on RT8: Systems Security Engineering Roadmap, RT32 research in security metrics shall provide the theoretical foundation to support security requirement analysis and security models for use in both security requirements verification and validation. Key Deliverables: Security framework that combines both security and systems engineering techniques from other disciplines to combine measurable systems security attributes into a working definition of systems-level security that can be measured (to include output from RT28). Evaluation report via the framework for DoD-selected case studies. RT 32: System Security Metrics

Annual SERC Research Review, October 5-6, The uncertainties and judgment calls surrounding cyber security call for a process through which DOD operators and procurement officers could interact with system designers in exploring the tradeoff space as a precursor to selecting and evaluating final design candidates. Building on RT28: Cyber Security Decision Support, RT-38, will build upon the security scoring system developed in RT-28. RT-38 research will focus on the design of a collaboration environment that addresses the influences of uncertainties in expert judgment and decision-maker preferences and how they influence complex decision making. This work will have a foundation in the mathematics of multi-objective decision theory under uncertainty, and will be tailored to enable practical use. Key Deliverables: A prototype distributed software system for multi-agent decision support. Analysis and documentation of results for the use of the prototype in formative experiments, initial evaluations, and technology demonstrations. RT 38: Cyber Security Decision Support

Annual SERC Research Review, October 5-6, Remainder of Session Agenda Summary of RT28 – Rick Jones, UVA Roundtable discussion