scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

A model of certifier and accreditor risk calculation for multi-level systems

Joe Loughry1
01 Nov 2013-pp 224-229
TL;DR: An abstract model of how security accreditors agree upon the true level of residual risk in multi-level cross domain system installations was developed and is powerful enough to handle collateral, SCI, and international cross domain systems with any number of endpoints.
Abstract: From direct observation of the certification (post-software-development) and accreditation (pre-installation) testing of cross domain systems used for the interconnection of classified security domains in U.S. and U.K. defence and intelligence community systems, certain characteristic behavioural patterns have been noted. The savvy developer can use these to exert a measure of control over the duration and cost of certification testing and to predict the likely direction and magnitude of the residual risk calculation performed by security accreditors in multi-lateral, multi-level, collateral, and compartmented site accreditations. DCID 6/3, Common Criteria, DIACAP, and ICD 503 testing efforts across the evolution of a long-lived cross domain software development programme were examined using grounded theory methodology. Whilst discovered through investigation of classified cross domain system testing inefficiencies, it is believed that the principles are applicable more widely to privacy-sensitive areas such as electronic health care, financial, and law enforcement record keeping systems. The first thing found was a syndrome of pathological regressive interactions amongst software developers, managers, independent verification and validation contractors, penetration testers, and certification authorities that resulted in schedule slippage during the certification testing phase and, in the accreditation phase, ineffective duplication of testing with no corresponding improvement in residual risk. To understand why these problems occurred, an abstract model of how security accreditors agree upon the true level of residual risk in multi-level cross domain system installations was developed. The model is powerful enough to handle collateral, SCI, and international cross domain systems with any number of endpoints. It works by establishing the visibility of threats, vulnerabilities, and mitigations from each data owner's perspective according to the associated accreditor's clearance over the space of all possible multilevel configurations, then identifying the smallest set of covert-channel-like information flows necessary to reach a concord about residual risk without violating the global security policy. Conventional wisdom holds that security rules should be strictly enforced, but it is shown that under present regulations, some desirable information flows are inhibited and other undesirable information flows are forced. Paradoxically, it is sometimes the case that relaxing the rules actually improves security.
Citations
More filters
Proceedings ArticleDOI
06 Mar 2014
TL;DR: A framework for testing security vulnerabilities based on publicly known security vulnerabilities database, which runs the test cases based on VulnerabilityTracker web service as part of the build process and executes security test suites for every build.
Abstract: Software security is no longer just a problem for software designers, developers and testers. Almost all the white-collar crimes are based on computer security. Many research papers are published on static code analysis, dynamic code analysis and software development design time security issues. This paper proposes a framework for testing security vulnerabilities based on publicly known security vulnerabilities database. After vulnerabilities are found in application, the security tester uses Penetration testing tools to test the security flow. The Vulnerability Orchestration framework gets the vulnerability priority from the VulnerabilityTracker webservice. The Webservice collects the vulnerability attacks from the security Vulnerabilities database and update test case priority signature in the web service. The framework runs the test cases based on VulnerabilityTracker web service as part of the build process and execute security test suites for every build. The security tester adds the new test cases whenever they find a new vulnerability.

1 citations

References
More filters
Book
12 Oct 2017
TL;DR: The Discovery of Grounded Theory as mentioned in this paper is a book about the discovery of grounded theories from data, both substantive and formal, which is a major task confronting sociologists and is understandable to both experts and laymen.
Abstract: Most writing on sociological method has been concerned with how accurate facts can be obtained and how theory can thereby be more rigorously tested. In The Discovery of Grounded Theory, Barney Glaser and Anselm Strauss address the equally Important enterprise of how the discovery of theory from data--systematically obtained and analyzed in social research--can be furthered. The discovery of theory from data--grounded theory--is a major task confronting sociology, for such a theory fits empirical situations, and is understandable to sociologists and laymen alike. Most important, it provides relevant predictions, explanations, interpretations, and applications. In Part I of the book, "Generation Theory by Comparative Analysis," the authors present a strategy whereby sociologists can facilitate the discovery of grounded theory, both substantive and formal. This strategy involves the systematic choice and study of several comparison groups. In Part II, The Flexible Use of Data," the generation of theory from qualitative, especially documentary, and quantitative data Is considered. In Part III, "Implications of Grounded Theory," Glaser and Strauss examine the credibility of grounded theory. The Discovery of Grounded Theory is directed toward improving social scientists' capacity for generating theory that will be relevant to their research. While aimed primarily at sociologists, it will be useful to anyone Interested In studying social phenomena--political, educational, economic, industrial-- especially If their studies are based on qualitative data.

53,267 citations


"A model of certifier and accreditor..." refers methods in this paper

  • ...For this reason, a grounded theory approach was used instead [6]....

    [...]

01 Nov 1973
TL;DR: The first results of an investigation into solutions to problems of security in computer systems are reported, establishing the basis for rigorous investigation by providing a general descriptive model of a computer system.
Abstract: : Set theory, Mathematical models, Computer information security, Computer privacy, Computer security, Systems theoryThe paper reports the first results of an investigation into solutions to problems of security in computer systems; it establishes the basis for rigorous investigation by providing a general descriptive model of a computer system. Borrowing basic concepts and constructs from general systems theory, the authors formed a basic result concerning security in computer systems, using precise notions of 'security' and 'compromise'. The authors also demonstrate how a change in requirements can be reflected in the resulting mathematical model. A lengthy introductory section is included in order to bridge the gap between general systems theory and practical problem solving.

1,052 citations


"A model of certifier and accreditor..." refers methods in this paper

  • ...Under this assumption, which follows the Bell and LaPadula model strictly, an accreditor with a TOP SECRET clearance will never represent the interests of a data owner with information of a lower classification than TOP SECRET [7]....

    [...]

  • ...That is, an accreditor who represents the interests of a data owner of SECRET information has a SECRET clearance and no higher....

    [...]

  • ...This is the the Bell–LaPadula model [7]....

    [...]

  • ...Similarly, an accreditor who represents the interests of a data owner with TOP SECRET information must have a TOP SECRET clearance....

    [...]

  • ...It does, however, slightly degrade the quality of security protections because not all accreditations require TOP SECRET clearance and some accreditors have a higher security clearance than necessary....

    [...]

Book
01 Jan 2004
TL;DR: The author recreates famous Venn diagrams from history, including Winston Churchill's of 1948 depicting the mutual interests of the British Empire, a united Europe, and the English-speaking world, with the United Kingdom located at the intersection.
Abstract: Used today in spheres of life as diverse as business strategy, creative writing, medicine, computer science, and theoretical physics, Venn diagrams possess fascinating properties The basic Venn diagram is both elegantly simple-three overlapping circles that intersect to create eight distinct areas-and conceptually innovative Devised by English logician John Venn (1834-1923) to visually represent complex logical propositions and algebraic statements, the diagrams drew the excited interest of both scholars and the general public In Cogwheels of the Mind, statistician and geneticist A W F Edwards provides an accessible and engaging history of the Venn diagram, its reception and evolution, and its presence in such objects and images as Christian iconography, tennis balls, and flags which provide a rich source of Venn diagrams for Edwards, including those of Switzerland, Poland, and Japan (all one-set Venn diagrams), Greenland (a two-set Venn diagram), and Maryland (a three-set device) Edwards begins with a sketch of Venn's life, his discovery of the three-circle design while developing a series of lectures on symbolic logic at Cambridge University, and the publication of his find in an 1880 paper, and, more influentially, his 1881 book, Symbolic Logic Edwards discusses the rival diagrammatic scheme invented by Charles Dodgson, better known as Lewis Carroll, who also developed a board game based on his design The author also recreates famous Venn diagrams from history, including Winston Churchill's of 1948 depicting the mutual interests of the British Empire, a united Europe, and the English-speaking world, with the United Kingdom located at the intersection Edwards goes on to show how different shapes can be linked together to form artistically beautiful and mathematically important, multi-set Venn diagrams, including the author's own influential Adelaide variation And he delineates the possibilities for expanding the analytic power of these diagrams far beyond those first appreciated by Venn Edwards even tells readers how to draw complex Venn diagrams on a spherical surface to create "Vennis balls" For anyone interested in mathematics or its history, Cogwheels of the Mind is invaluable and compelling reading

79 citations


"A model of certifier and accreditor..." refers methods in this paper

  • ...the necessity of using Edwards’ spherical Venn diagrams, the number of accreditors is less than three [8]....

    [...]

Journal ArticleDOI
TL;DR: The reaction to the office environment was highly favorable, and the programmers' comments indicated that the space standards, as tested in the mock-ups, satisfied their operational criteria.
Abstract: The reaction to the office environment was highly favorable. The increased work surface, the work surface arrangement, and flexibility in arranging the office components appeared to be key elements. The programmers' comments indicated that the space standards, as tested in the mock-ups, satisfied their operational criteria.

42 citations


"A model of certifier and accreditor..." refers methods in this paper

  • ...Controlled experiments are often unfeasible in software engineering due to the high cost of projects [4], [5]....

    [...]

Book
14 Jan 2011
TL;DR: The Survey: Impact of Subversive Stakeholders On Software Projects finds that hackers are more likely to be anti-social than the general population, and that cyber-espionage is a more serious threat than other forms of cyber-crime.
Abstract: FOREWORD ( Linda Rising). INTRODUCTION. I.1 What's the Dark Side? I.1.1 Why the Dark Side? I.1.2 Who Cares About the Dark Side? I.1.3 How Dark is the Dark Side? I.1.4 What Else is on the Dark Side? I.1.5 Ethics and the Dark Side. I.1.6 Personal Anecdotes About the Dark Side. Reference. PART 1: DARK SIDE ISSUES. CHAPTER 1 SUBVERSION. 1.1 Introductory Case Studies and Anecdotes. 1.1.1 A Faculty Feedback System. 1.1.2 An Unusual Cooperative Effort. 1.1.3 Lack of Cooperation due to Self Interest. 1.1.4 An Evil Teammate. 1.1.5 Thwarting the Evil Union. 1.2 The Survey: Impact of Subversive Stakeholders On Software Projects. 1.2.1 Introduction. 1.2.2 The Survey. 1.2.3 The Survey Findings. 1.2.4 Conclusions. 1.2.5 Impact on Practice. 1.2.6 Impact on Research. 1.2.7 Limitations. 1.2.8 Challenges. 1.2.9 Acknowledgments. 1.3 Selected Responses. 1.3.1 Sample Answers to the Question: "What Were the Motivations and Goals of the Subversive Stakeholders?" 1.3.2 Sample Answers to the Question "How Were the Subversive Attacks Discovered?" 1.3.3 Sample Answers to the Question "How Can Projects be Defended Against Subversive Stakeholders?" 1.4 A Follow-Up to the Survey: Some Hypotheses and Related Survey Findings. References. CHAPTER 2 LYING. 2.1 Introductory Case Studies and Anecdotes. 2.2 Incidents of Lying: The Survey. 2.2.1 The Survey Results. 2.2.2 General Scope. 2.2.3 An Overview of the Problem. 2.2.4 Clarifi cation of Terms. 2.2.5 Discussion. 2.2.6 Conclusions. 2.2.7 Limitations. 2.3 Qualitative Survey Responses on Lying. 2.4 What Can Be Done About Lying? 2.5 The Questionnaire Used in the Survey. References. CHAPTER 3 HACKING. 3.1 Case Studies of Attacks and Biographies of Hackers. 3.2 Cyber Terrorism and Government-Sponsored Hacking. 3.3 The Hacker Subculture. 3.3.1 Why They Are Called "Hackers". 3.3.2 Motivation of Hackers. 3.3.3 Hacker Slang. 3.3.4 Hacker Ethics. 3.3.5 Public Opinion about Hackers. 3.4 How a Hacker Is Identified. 3.5 Time Line of a Typical Malware Attack. 3.6 Hacker Economy: How Does a Hacker Make Money? 3.7 Social Engineering. 3.7.1 Social Engineering Examples and Case Studies. 3.7.2 Tactics of Social Engineering. 3.8 A Lingering Question. 3.9 Late-Breaking News. CHAPTER 4 THEFT OF INFORMATION. 4.1 Introduction. 4.2 Case Studies. 4.2.1 Data Theft. 4.2.2 Source Code Theft. 4.3 How Do the Victims Find Out That Their Secrets Are Stolen? 4.4 Intellectual Property Protection. 4.4.1 Trade Secret Protection. 4.4.2 Copyright Protection. 4.4.3 Patent Protection. 4.4.4 Steganography. 4.5 Open Versus Closed Source. CHAPTER 5 ESPIONAGE. 5.1 Introduction. 5.2 What Is Espionage? 5.3 Case Studies. 5.3.1 Sweden Versus Russia. 5.3.2 Shekhar Verma. 5.3.3 Lineage III. 5.3.4 GM versus VW: Jose Ignacio Lopez. 5.3.5 British Midland Tools. 5.3.6 Solid Oak Software. 5.3.7 Proctor & Gamble versus Unilever. 5.3.8 News Corp Versus Vivendi. 5.3.9 Spying: Was A TI Chip Really Stolen by a French Spy? 5.3.10 Confi cker. 5.4 Cyber Warfare. Reference. CHAPTER 6 DISGRUNTLED EMPLOYEES AND SABOTAGE. 6.1 Introduction and Background. 6.2 Disgruntled Employee Data Issues. 6.2.1 Data Tampering. 6.2.2 Data Destruction. 6.2.3 Data Made Public. 6.2.4 Theft Via Data. 6.3 Disgruntled Employee Software Issues. 6.3.1 Software Destruction. 6.4 Disgruntled Employee System Issues. 6.5 What to Do About Disgruntled Employee Acts. 6.6 Sabotage. References. CHAPTER 7 WHISTLE-BLOWING. 7.1 A Hypothetical Scenario. 7.2 Whistle-Blowing and Software Engineering. 7.3 More Case Studies and Anecdotes. 7.3.1 Jeffrey Wigand and Brown and Williamson Tobacco. 7.3.2 A Longitudinal Study of Whistle-Blowing. 7.3.3 An Even More Pessimistic View. 7.3.4 Academic Whistle-Blowing. 7.3.5 The Sum Total of Whistle-Blowing. References. APPENDIX TO CHAPTER 7 PRACTICAL IMPLICATIONS OF THE RESEARCH INTO WHISTLE-BLOWING. References. PART 2: VIEWPOINTS ON DARK SIDE ISSUES. Introduction. CHAPTER 8 OPINIONS, PREDICTIONS, AND BELIEFS. 8.1 Automated Crime (Donn B. Parker). Information Sources. 8.2 Let's Play Make Believe (Karl E. Wiegers). Reference. 8.3 Dark, Light, or Just Another Shade of Grey? (Les Hatton). 8.4 Rational Software Developers as Pathological Code Hackers (Norman Fenton). CHAPTER 9 PERSONAL ANECDOTES. 9.1 An Offi cer and a Gentleman Confronts the Dark Side (Grady Booch). 9.2 Less Carrot and More Stick (June Verner). References. 9.3 "Them and Us": Dispatches from the Virtual Software Team Trenches (Valentine Casey). 9.4 What is it to Lie on a Software Project? (Robert N. Britcher). 9.5 "Merciless Control Instrument" and the Mysterious Missing Fax (A. H. (anonymous)). 9.6 Forest of Arden (David Alan Grier). 9.7 Hard-Headed Hardware Hit Man (Will Tracz). 9.8 A Lighthearted Anecdote (Eugene Farmer). CONCLUSIONS. INDEX.

20 citations


"A model of certifier and accreditor..." refers methods in this paper

  • ...Controlled experiments are often unfeasible in software engineering due to the high cost of projects [4], [5]....

    [...]