The Impact of Certification Criteria on Integrated COTS-Based Systems

M. Kelkar, R. Perry, R. Gamble, A. Walvekar
{"title":"The Impact of Certification Criteria on Integrated COTS-Based Systems","authors":"M. Kelkar, R. Perry, R. Gamble, A. Walvekar","doi":"10.1109/ICCBSS.2007.42","DOIUrl":null,"url":null,"abstract":"While COTS products can be made secure and reliable within a individual domains, they may introduce security vulnerabilities when integrated with other components due to different security expectations. These problematic interactions within an integrated system can be hidden among the multiple, contributing policy types. Furthermore, security certification criteria governing the integrated system can introduce conflicts with local component policies. Security policies and certification criteria lack a common representation. Security policies use various formats and levels of granularity without comparable attributes. Certification criteria are often text-based checklists. We outline a policy configuration model to represent security policies in a format which can manifest conflicting properties across policy specifications. The model defines security policies according to fundamental attributes of property assertions, observable behaviors, mechanisms, constraints, communication and interaction expectations, dependencies on other policies, system configuration, and component state. We extend model expression concepts to incorporate requirements based on common certification criteria","PeriodicalId":326403,"journal":{"name":"2007 Sixth International IEEE Conference on Commercial-off-the-Shelf (COTS)-Based Software Systems (ICCBSS'07)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 Sixth International IEEE Conference on Commercial-off-the-Shelf (COTS)-Based Software Systems (ICCBSS'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCBSS.2007.42","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

Abstract

While COTS products can be made secure and reliable within a individual domains, they may introduce security vulnerabilities when integrated with other components due to different security expectations. These problematic interactions within an integrated system can be hidden among the multiple, contributing policy types. Furthermore, security certification criteria governing the integrated system can introduce conflicts with local component policies. Security policies and certification criteria lack a common representation. Security policies use various formats and levels of granularity without comparable attributes. Certification criteria are often text-based checklists. We outline a policy configuration model to represent security policies in a format which can manifest conflicting properties across policy specifications. The model defines security policies according to fundamental attributes of property assertions, observable behaviors, mechanisms, constraints, communication and interaction expectations, dependencies on other policies, system configuration, and component state. We extend model expression concepts to incorporate requirements based on common certification criteria
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
认证标准对综合cots系统的影响
虽然COTS产品可以在单个域中变得安全可靠,但是由于不同的安全期望,当与其他组件集成时,它们可能会引入安全漏洞。集成系统中的这些有问题的交互可以隐藏在多个有贡献的策略类型中。此外,管理集成系统的安全认证标准可能会引入与本地组件策略的冲突。安全策略和认证标准缺乏共同的表示。安全策略使用各种格式和粒度级别,没有可比较的属性。认证标准通常是基于文本的检查表。我们概述了一个策略配置模型,以一种可以在策略规范中显示冲突属性的格式来表示安全策略。该模型根据属性断言的基本属性、可观察的行为、机制、约束、通信和交互期望、对其他策略的依赖、系统配置和组件状态来定义安全策略。我们扩展了模型表达概念,以结合基于通用认证标准的需求
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Engineering Safety - and Security-Related Requirements for Software-Intensive Systems A Service-Oriented Approach for Specifying Component-Based Systems The Impact of Certification Criteria on Integrated COTS-Based Systems Data Model Transformation for Supporting Interoperability On the validation of API execution-sequence to assess the correctness of application upon COTS upgrades deployment
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1