Title :
Towards a Requirements-Driven Workbench for Supporting Software Certification and Accreditation
Author :
Lee, Seok-Won ; Gandhi, Robin A. ; Wagle, Siddharth
Author_Institution :
Univ. of North Carolina, Charlotte
Abstract :
Security certification activities for software systems rely heavily on requirements mandated by regulatory documents and their compliance evidences to support accreditation decisions. Therefore, the design of a workbench to support these activities should be grounded in a thorough understanding of the characteristics of certification requirements and their relationships with certification activities. To this end, we utilize our findings from the case study of a certification process of The United States Department of Defense (DoD) to identify the design objectives of a requirements-driven workbench for supporting certification analysts. The primary contributions of this paper are: identifying key areas of automation and tool support for requirements-driven certification activities; an ontology-driven dynamic and flexible workbench architecture to address process variability; and a prototype implementation.
Keywords :
formal verification; ontologies (artificial intelligence); security of data; ontology-driven dynamic workbench; requirements-driven certification activities; security certification activities; software accreditation; software certification; Accreditation; Automation; Certification; Collaborative software; Ground support; Information security; Information systems; Software engineering; Software systems; US Department of Defense;
Conference_Titel :
Software Engineering for Secure Systems, 2007. SESS '07: ICSE Workshops 2007. Third International Workshop on
Conference_Location :
Minneapolis, MN
Print_ISBN :
0-7695-2952-6
DOI :
10.1109/SESS.2007.11
