Presentation is loading. Please wait.

Presentation is loading. Please wait.

COCOMO II Security Extension Workshop Report

Published byNancy Sharp Modified over 5 years ago

Similar presentations

Presentation on theme: "COCOMO II Security Extension Workshop Report"— Presentation transcript:

1 COCOMO II Security Extension Workshop Report
Report on 7th Workshop on Costing Secure Systems, USC CSE Annual Research Review 11/7/2018 COCOMO II Security Extension Workshop Report Edward Colbert Danni Wu {ecolbert, 20th Annual COCOMO II & Software Costing Forum 2005 USC Center for Software Engineering © USC-CSE 7 November 2018 © USC-CSE

2 Outline Workshop Agenda Feedback From Attendees Future Work
Report on 7th Workshop on Costing Secure Systems, USC CSE Annual Research Review 11/7/2018 Outline Workshop Agenda Feedback From Attendees Future Work MetaH provides semantics & supporting tools UML provides graphic front-end © USC-CSE 7 November 2018 © USC-CSE

3 Workshop Agenda 8:30am – 12:00am 1:00pm – 5:00pm Reviewed prototypes
COSECMO prototype System development cost prototype 1:00pm – 5:00pm General discussions Model calibration Needed improvements to incorporate next version of Common Criteria SECU driver’s effect on effort © USC-CSE 7 November 2018

4 Outline Workshop Agenda Feedback From Attendees Future Work
Report on 7th Workshop on Costing Secure Systems, USC CSE Annual Research Review 11/7/2018 Outline Workshop Agenda Feedback From Attendees Future Work MetaH provides semantics & supporting tools UML provides graphic front-end © USC-CSE 7 November 2018 © USC-CSE

5 Feedback on COSECMO Prototype
Size should be based on higher-level Security Functional Requirements (SFR) Current: Size estimated by choosing SFR’s & their levels E.g., (FAU, low) Suggestions: Estimate size by choosing levels of developers’ concern about different security areas E.g., (Audit, low) Benefits: Not strict to Common Criteria terms, better understandable © USC-CSE 7 November 2018

6 Feedback on COSECMO Prototype (Cont.)
User customization Current: Size for SFR is hard-coded E.g., 0.5K for (FAU, low) Suggestions: Let user customize suggested size One default value is provided Users can revise it based on their own experiences Benefits: Local calibration & greater flexibility © USC-CSE 7 November 2018

7 Feedback on COSECMO Prototype (Cont.)
Show default set of COCOMO cost driver ratings Current: User manually choose levels for each COCOMO cost driver Prototype warns if user selected other driver value that aren’t consistent with COSECMO recommendations for selected SECU driver rating Suggestions: Shown default ratings after user choosing SECU driver rating Benefits: Easier to use © USC-CSE 7 November 2018

8 Feedback on SECU Driver Effect
Change SECU driver effect on effort Current: SECU is multiplier Linear effect on size Suggestion: SECU should be scale factor Benefit: effort vs. size of trusted software plot matches security expert’s expectations EAL 5 EAL 7 50KSLOC a 10a 50KSLOC 100KSLOC EAL 6 b >>2b © USC-CSE 7 November 2018

9 Feedback on COSECMO Model Calibration
Getting project data points from secure systems will be difficult Instead of security assurance requirements, consider general assurance requirements Safely critical assurance Map Evaluation Assurance Levels (EAL) & Safety Integrity Levels (SIL) to COCOMO driver levels Reliability assurance e.g. weapon accuracy Use safety project data & any security data to calibrate model © USC-CSE 7 November 2018

10 Outline Workshop Agenda Feedback From Attendees Future Work
Report on 7th Workshop on Costing Secure Systems, USC CSE Annual Research Review 11/7/2018 Outline Workshop Agenda Feedback From Attendees Future Work MetaH provides semantics & supporting tools UML provides graphic front-end © USC-CSE 7 November 2018 © USC-CSE

11 Future Work Get more feedback from security & safety communities
Report on 7th Workshop on Costing Secure Systems, USC CSE Annual Research Review Dan Wu: Updating COSECMO prototype Expand COSECMO model to a more general model 11/7/2018 Future Work Get more feedback from security & safety communities Extend security assurance to general assurance Refine costing prototypes Refine models Refine Delphi Collect & analyze data Write Papers & Ph.D. Thesis (theses?) © USC-CSE 7 November 2018 © USC-CSE

Download ppt "COCOMO II Security Extension Workshop Report"

Similar presentations

Software Engineering CSE470: Process 15 Software Engineering Phases Definition: What? Development: How? Maintenance: Managing change Umbrella Activities:

Software Engineering CSE470: Process 15 Software Engineering Phases Definition: What? Development: How? Maintenance: Managing change Umbrella Activities:
On Representing Uncertainty In Some COCOMO Model Family Parameters October 27, 2004 John Gaffney 301-240-7038 Fellow, Software & Systems.

On Representing Uncertainty In Some COCOMO Model Family Parameters October 27, 2004 John Gaffney Fellow, Software & Systems.
Sequence Diagram Generation & Validation MSE First Presentation Samer Saleh Advisor: Bill Hankley.

Sequence Diagram Generation & Validation MSE First Presentation Samer Saleh Advisor: Bill Hankley.
Copyright 2000, Stephan Kelley1 Estimating User Interface Effort Using A Formal Method By Stephan Kelley 16 November 2000.

Copyright 2000, Stephan Kelley1 Estimating User Interface Effort Using A Formal Method By Stephan Kelley 16 November 2000.
May 18, 2004CS 562 - WPI1 CS 562 Advanced SW Engineering Lecture #6 Tuesday, May 18, 2004.

May 18, 2004CS WPI1 CS 562 Advanced SW Engineering Lecture #6 Tuesday, May 18, 2004.
University of Southern California Center for Systems and Software Engineering ©USC-CSSE1 Ray Madachy, Ricardo Valerdi USC Center for Systems and Software.

University of Southern California Center for Systems and Software Engineering ©USC-CSSE1 Ray Madachy, Ricardo Valerdi USC Center for Systems and Software.
FAA Information Technology- Information Systems Security R&D Workshop 2003 13 June 2015© 2002-3 USC-CSE Extending COCOMO II to Estimate the Cost of Developing.

FAA Information Technology- Information Systems Security R&D Workshop June 2015© USC-CSE Extending COCOMO II to Estimate the Cost of Developing.
Working Group Meeting (Outbrief) Ricardo Valerdi, Indrajeet Dixit, Garry Roedler Tuesday.

Working Group Meeting (Outbrief) Ricardo Valerdi, Indrajeet Dixit, Garry Roedler Tuesday.
These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.

These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.
University of Southern California Center for Software Engineering CSE USC COSYSMO: Constructive Systems Engineering Cost Model Barry Boehm, USC CSE Annual.

University of Southern California Center for Software Engineering CSE USC COSYSMO: Constructive Systems Engineering Cost Model Barry Boehm, USC CSE Annual.
COSYSMO: Constructive Systems Engineering Cost Model Ricardo Valerdi USC CSE Workshop October 25, 2001.

COSYSMO: Constructive Systems Engineering Cost Model Ricardo Valerdi USC CSE Workshop October 25, 2001.
University of Southern California Center for Software Engineering C S E USC Using COCOMO for Software Decisions - from COCOMO II Book, Section 2.6, 6.5.

University of Southern California Center for Software Engineering C S E USC Using COCOMO for Software Decisions - from COCOMO II Book, Section 2.6, 6.5.
1 COSYSMO 3.0: Future Research Directions Jared Fortune University of Southern California 2009 COCOMO Forum Massachusetts Institute of Technology.

1 COSYSMO 3.0: Future Research Directions Jared Fortune University of Southern California 2009 COCOMO Forum Massachusetts Institute of Technology.
University of Southern California Center for Software Engineering CSE USC ©USC-CSE 10/23/01 1 COSYSMO Portion The COCOMO II Suite of Software Cost Estimation.

University of Southern California Center for Software Engineering CSE USC ©USC-CSE 10/23/01 1 COSYSMO Portion The COCOMO II Suite of Software Cost Estimation.
Welcome and Overview: Annual Research Review 2006 Barry Boehm, USC-CSE March 15, 2006.

Welcome and Overview: Annual Research Review 2006 Barry Boehm, USC-CSE March 15, 2006.
10/25/2005USC-CSE1 Ye Yang, Barry Boehm USC-CSE COCOTS Risk Analyzer COCOMO II Forum, Oct. 25 th, 2005 Betsy Clark Software Metrics, Inc.

10/25/2005USC-CSE1 Ye Yang, Barry Boehm USC-CSE COCOTS Risk Analyzer COCOMO II Forum, Oct. 25 th, 2005 Betsy Clark Software Metrics, Inc.
©2011 Rolls-Royce plc The information in this document is the property of Rolls-Royce plc and may not be copied or communicated to a third party, or used.

©2011 Rolls-Royce plc The information in this document is the property of Rolls-Royce plc and may not be copied or communicated to a third party, or used.
Welcome and Overview: COCOMO / SCM #20 Forum and Workshops Barry Boehm, USC-CSE October 25, 2005.

Welcome and Overview: COCOMO / SCM #20 Forum and Workshops Barry Boehm, USC-CSE October 25, 2005.
Constructive COTS Model (COCOTS) Status Chris Abts USC Center for Software Engineering Annual Research Review Annual Research Review.

Constructive COTS Model (COCOTS) Status Chris Abts USC Center for Software Engineering Annual Research Review Annual Research Review.
1 CORADMO in 2001: A RAD Odyssey Cyrus Fakharzadeh 16th International Forum on COCOMO and Software Cost Modeling University of Southern.

1 CORADMO in 2001: A RAD Odyssey Cyrus Fakharzadeh 16th International Forum on COCOMO and Software Cost Modeling University of Southern.

Similar presentations

Ads by Google