Presentation is loading. Please wait.

Presentation is loading. Please wait.

2006 Annual Research Review & Executive Forum

Published byIda Darmali Modified over 6 years ago

Similar presentations

Presentation on theme: "2006 Annual Research Review & Executive Forum"— Presentation transcript:

1 2006 Annual Research Review & Executive Forum
Costing Secure System COSECMO Data Mining Danni Wu Edward Colbert {danwu, 2006 Annual Research Review & Executive Forum USC Center for Software Engineering © 2006 USC-CSE 18 September 2018 © 2006 USC-CSE

2 2006 Annual Research Review & Executive Forum
Costing Secure System Goal Of Presentation Review data mining of COCOMO & COCOMO II data sets Published Security Targets How affects COCOMO II for development of secure software systems (“COSECMO”) MetaH provides semantics & supporting tools UML provides graphic front-end © 2006 USC-CSE 18 September 2018 © 2006 USC-CSE

3 Outline Hidden Security Requirements in COCOMO data sets?
Security Assurance & Functional Requirements Relations © 2006 USC-CSE 18 September 2018

4 Mining COCOMO Data Sets
Questions: Do any of projects in COCOMO data set have security requirements? Nobody asked when collected Do we have any data that might support COSECMO Behavior analysis Calibration validation We have data Document size for COCOMO 81 projects Range of test data size (DATA) for COCOMO II © 2006 USC-CSE 18 September 2018

5 Security, Reliability, & Document Size in COCOMO 81
E – A /A Percentage estimation error of effort Doesn’t match expectation COCOMO will significantly under-estimate projects with RELY driver rating High or Very High 1 – Very Low, 2 – Low, 3 – Nominal, 4 – High, 5 – Very High * Based on COCOMO ‘81 data set (50 projects) © 2006 USC-CSE 18 September 2018

6 Security, Reliability, & Document Size in COCOMO 81 (cont.)
2006 Annual Research Review & Executive Forum Costing Secure System Security, Reliability, & Document Size in COCOMO 81 (cont.) PP/TKDSI: Pages of documentation per 1000 source instructions Documentation increases when RELY rating goes up Expected 3 project show “excessive” documentation compared to others with same RELY rating Variance increase with RELY rating Is discrepancy result of security or safety requirements? 1 – Very Low, 2 – Low, 3 – Nominal, 4 – High, 5 – Very High * Based on COCOMO ‘81 data set (50 projects) © 2006 USC-CSE 18 September 2018 © 2006 USC-CSE

7 Security, Reliability, & Document Size in COCOMO 81 (cont.)
COCOMO 81 under estimates effort of the 3 projects Is documentation size factor? Project RELY PP/KDSI E-A / A (%) 1 High 291 -14 2 194 -18 3 Very High 241 -33 © 2006 USC-CSE 18 September 2018

8 No DOCU Driver in COCOMO 81
Security, Reliability, & Document Size in COCOMO 81 (cont.) What about DOCU Driver in COCOMO 2000? No DOCU Driver in COCOMO 81 In COCOMO 2000, only asks if size “is/is not excessive for lifecycle need” High reliability, security, & safety assurance routinely needs more documentation So Extra documentation not excessive DOCU would be set to nominal © 2006 USC-CSE 18 September 2018

9 Security, Reliability, & Document Size in COCOMO 81 (cont
Security, Reliability, & Document Size in COCOMO 81 (cont.) RELY & DOCU in COCOMO 2000* No clear trend indicates that DOCU rating increases when RELY rating increases 1 – Very Low, 2 – Low, 3 – Nominal, 4 – High, 5 – Very High * Based on COCOMO 2000 data set (161 projects) © 2006 USC-CSE 18 September 2018

10 New security driver will have to address
Security, Reliability, & Document Size in COCOMO 81 (cont.) Observations Some high-reliability projects in COCOMO ’81 set are under estimated Possibly due to unaccounted effect of security or safety requirement Reliability requirements accounted for At least in theory DOCU driver doesn’t help Only looks at size “is/is not excessive for lifecycle need” New security driver will have to address © 2006 USC-CSE 18 September 2018

11 Security Target File Analysis
Goals Discover relationship between EAL & number of SFRs Size estimation by security objectives 256 files from NIST website Domains include Access control devices & systems Boundary protection devices & systems Database Management Systems Operating System © 2006 USC-CSE 18 September 2018

12 Are Security Assurance & Functional Requirements Really Independent?
Common Criteria v2 treats as independent Do more SFR’s always indicate higher EAL requirement? © 2006 USC-CSE 18 September 2018

13 Mapping EAL with SFRs Data from 256 ST files in NIST website
Range of SFR: [3, 107] Range of EAL: [1, 7] © 2006 USC-CSE 18 September 2018

14 Estimating Size by Security Objectives
Current COSECMO: SFR classes for size estimation Security objectives are more intuitive to developer in early phase of SW life-cycle © 2006 USC-CSE 18 September 2018

15 CC SFR Classes Correlations
Red => High correlation between two classes © 2006 USC-CSE 18 September 2018

16 SFR Classes Correlations (cont.)
FDP (Data Protection) & FCS (Cryptographic Support) Most relations cannot be discovered by this matrix 3 or more SFR classes may be needed to achieve 1 security objective © 2006 USC-CSE 18 September 2018

17 Mapping Security Objectives with SFRs
* (X) indicates the corresponding SFR class is optional for a particular security objective © 2006 USC-CSE 18 September 2018

18 How to Choose SFRs Step 1: Define project domain
Step 2: List main security objectives Step 3: Selecting SFR classes based on security objectives Step 4: Identify SFR’s that support selected SFR classes © 2006 USC-CSE 18 September 2018

19 Case Study: Firewall Domain: Boundary Protection Devices & Systems
Primary security objectives: Authentication Accountability Intrusion Detection & Response Selected SFR classes: Authentication – FDP, FIA, FMT, FPT, FTP Accountability – FAU, FDP, FMT, FPT, FTP Intrusion Detection & Response – FAU, FMT, FPT FAU FDP FIA FMT FPT FTP © 2006 USC-CSE 18 September 2018

20 Regression Analysis Result
Response = TOTALSFR Terms = (FAU FDP FIA FMT FPT FTP) Coefficient Estimates Label Estimate Std. Error t-value p-value Constant FAU FDP FIA FMT FPT FTP R Squared: Sigma hat: Number of cases: © 2006 USC-CSE 18 September 2018

21 Case Study: Database Domain: Database Primary security objectives:
Authentication Accountability Availability Integrity Recoverability Selected SFR classes: Authentication – FDP, FIA, FMT, FPT Accountability – FAU, FDP, FMT, FPT Availability – FMT, FPT, FRU Integrity – FDP, FMT, FPT Recoverability - FDP, FMT, FPT, FTA FAU FDP FIA FMT FTA FPT FRU © 2006 USC-CSE 18 September 2018

22 Observation from ST File Analysis
Total 11 ST files in the domain Seven SFR classes are used in Database domain FAU, FDP, FIA, FMT, FPT, FRU, FTA Availability: Achieved mainly by FRU class FRU_RSA.1 Resource Allocation © 2006 USC-CSE 18 September 2018

23 Conclusions Potential data points for COSECMO could exist in current COCOMO data set DOCU does not help in cost estimation for secure software Trend exists that EAL increases when SFR increases Prove mapping between SFR classes & security objectives By ST files analysis © 2006 USC-CSE 18 September 2018

24 Future Work Further analysis on other COCOMO drivers using COCOMO 2000 data set DOCU driver may not be the only one DATA? TOOL? Size estimation using security objectives Collect expert opinions Run Delphi Get size data from ST files’ vendors © 2006 USC-CSE 18 September 2018

25 Appendix: Common Criteria SFR classes
FAU – Security Audit FCO – Communication FCS – Cryptographic Support FDP – User Data Protection FIA – Identification and Authentication FMT – Security Management FPR – Privacy FPT – Protection of the TSF (Trusted Security Function) FRU – Resource Utilization FTA – TOE Access FTP – Trusted Path/Channels © 2006 USC-CSE 18 September 2018

Download ppt "2006 Annual Research Review & Executive Forum"

Similar presentations

Security Requirements

Security Requirements
University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.

University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Information Security of Embedded Systems 6.1.2010: Design of Secure Systems Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Design of Secure Systems Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
Copyright 2000, Stephan Kelley1 Estimating User Interface Effort Using A Formal Method By Stephan Kelley 16 November 2000.

Copyright 2000, Stephan Kelley1 Estimating User Interface Effort Using A Formal Method By Stephan Kelley 16 November 2000.
May 18, 2004CS 562 - WPI1 CS 562 Advanced SW Engineering Lecture #6 Tuesday, May 18, 2004.

May 18, 2004CS WPI1 CS 562 Advanced SW Engineering Lecture #6 Tuesday, May 18, 2004.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
11/08/06Copyright 2006, RCI1 CONIPMO Workshop Out-brief 21 st International Forum on COCOMO and Software Cost Modeling Donald J. Reifer Reifer Consultants,

11/08/06Copyright 2006, RCI1 CONIPMO Workshop Out-brief 21 st International Forum on COCOMO and Software Cost Modeling Donald J. Reifer Reifer Consultants,
University of Southern California Center for Software Engineering C S E USC Using COCOMO for Software Decisions - from COCOMO II Book, Section 2.6, 6.5.

University of Southern California Center for Software Engineering C S E USC Using COCOMO for Software Decisions - from COCOMO II Book, Section 2.6, 6.5.
1 CORADMO in 2001: A RAD Odyssey Cyrus Fakharzadeh 16th International Forum on COCOMO and Software Cost Modeling University of Southern.

1 CORADMO in 2001: A RAD Odyssey Cyrus Fakharzadeh 16th International Forum on COCOMO and Software Cost Modeling University of Southern.
Copyright 1999-2010 USC-CSSE 1 Quality Management – Lessons of COQUALMO (COnstructive QUALity MOdel) A Software Defect Density Prediction Model AWBrown.

Copyright USC-CSSE 1 Quality Management – Lessons of COQUALMO (COnstructive QUALity MOdel) A Software Defect Density Prediction Model AWBrown.
COCOMO II Database Brad Clark Center for Software Engineering Annual Research Review March 11, 2002.

COCOMO II Database Brad Clark Center for Software Engineering Annual Research Review March 11, 2002.
University of Southern California Center for Software Engineering CSE USC 9/14/05 1 COCOMO II: Airborne Radar System Example Ray Madachy

University of Southern California Center for Software Engineering CSE USC 9/14/05 1 COCOMO II: Airborne Radar System Example Ray Madachy
1 1 Slide © 2003 South-Western/Thomson Learning™ Slides Prepared by JOHN S. LOUCKS St. Edward’s University.

1 1 Slide © 2003 South-Western/Thomson Learning™ Slides Prepared by JOHN S. LOUCKS St. Edward’s University.
University of Southern California Center for Systems and Software Engineering © 2009, USC-CSSE 1 An Analysis of Changes in Productivity and COCOMO Cost.

University of Southern California Center for Systems and Software Engineering © 2009, USC-CSSE 1 An Analysis of Changes in Productivity and COCOMO Cost.

Similar presentations

Ads by Google