Assurance Ecosystem

14,000,000 Leading Edge Experts on the ideXlab platform

Scan Science and Technology

Contact Leading Edge Experts & Companies

Scan Science and Technology

Contact Leading Edge Experts & Companies

The Experts below are selected from a list of 1056 Experts worldwide ranked by ideXlab platform

Rashidawais - One of the best experts on this subject based on the ideXlab platform.

M Suchjose - One of the best experts on this subject based on the ideXlab platform.

Djenana Campara - One of the best experts on this subject based on the ideXlab platform.

  • Common fact model for Assurance content
    System Assurance, 2011
    Co-Authors: Nikolai Mansourov, Djenana Campara
    Abstract:

    Publisher Summary The Object Management Group (OMG) Software Assurance Ecosystem provides the infrastructure for collaborative cybersecurity in the form of standard protocols that define information exchange contracts between the participants of the Ecosystem. Exchange of Assurance content within the framework of collaborative cybersecurity requires uniform terminology. Ambiguous terminology is one of the barriers to collaboration in the area of cybersecurity. Cybersecurity is a young and rapidly evolving discipline. It is somewhat famous for its inconsistent terminology, which contributes to insufficient interoperability at the machine-readable level. An information exchange protocol implicitly defines a common vocabulary to which the proprietary vocabularies of the participants of the information exchange are mapped. Design of common vocabularies, like most design problems, often requires making trade-offs among the criteria. However, the criteria are not inherently at odds. For example, in the interest of clarity, definitions should restrict the possible interpretations of terms. Manually crafted XML schema may lead to ambiguities. Interchange formats based on manually crafted XML schemes usually violate the principle of the minimal conceptual commitment.

  • OMG software Assurance Ecosystem
    System Assurance, 2011
    Co-Authors: Nikolai Mansourov, Djenana Campara
    Abstract:

    Publisher Summary The Object Management Group (OMG) Assurance Ecosystem involves a rigorous approach to knowledge discovery and knowledge sharing where individual knowledge units are treated as facts. Generic units of knowledge can also be represented as facts and integrated with the concrete facts about the system of interest. This uniform environment industrializes the use of knowledge in system Assurance – allows description of the patterns of facts, sharing patterns as content and using automated tools to search for occurrences of patterns in the fact-based repository. The equipment used is a variation of an X-ray machine that can detect explosives by looking at the density of the items being examined. The screening machine employs Computed Axial Tomography (CAT) technology originally designed for and used in the medical field to generate images (CAT scans) of tissue density in a “slice” through the patient's body. Manual screening is limited to situations where the automated images are inconclusive. An Ecosystem is a community of participants who engage in exchanges of content using an explicit shared body of knowledge. The purpose of the Ecosystem is to facilitate the collection and accumulation of Assurance knowledge, and to ensure its efficient and affordable delivery to the defenders of cybersystems, as well as to other stakeholders.

  • Chapter 10 – Linguistic models
    System Assurance, 2011
    Co-Authors: Nikolai Mansourov, Djenana Campara
    Abstract:

    Publisher Summary Linguistic models focus at the definitions of new meanings to facilitate unconstrained communications where new meanings are defined on-the-fly. Fact models, on the other hand, facilitate constrained communications in which the vocabulary is preselected; the forms of expressing this meaning are preselected, and consequently the range of meanings is bounded. Fact models do not define new meanings on-the-fly. Instead, they simply express meanings from the preselected set defined by the vocabulary. Linguistic models are efficient in the first phase, but fact models are used for the second phase. Each fact model is tailored to a specific contract. Fact models separate concrete knowledge of the actual things and relationships between them, and the general knowledge of what kinds of things and kinds of relationships can be described. The OMG Assurance Ecosystem uses Semantics of Business Vocabularies and Business Rules (SBVR) to analyze and represent cyber-security knowledge as formal machine-readable content that can be directly used by Assurance tools but at the same time allow human readable statements in structured English as well as other controlled natural languages.

  • Chapter 12 – Case study
    System Assurance, 2011
    Co-Authors: Nikolai Mansourov, Djenana Campara
    Abstract:

    Publisher Summary This chapter uses a single case study to illustrate some of the activities of a system Assurance evaluation, highlighting the exchanges of content and managing pieces of cyber-security knowledge in an integrated system model throughout the entire system Assurance project. The system Concept of Operations (CONOP) documents are the key inputs to the project definition phase of the system Assurance project. The system of interest is called Clicks2Bricks. It is a fictitious system developed by a fictitious company called Cyber Bricks Corporation. Cyber Bricks is a privately owned company whose business is in the area of the innovative devices called cyber bricks. The Clicks2Bricks system allows users to read the online content, allows customers to search for available products and service offerings, allows suppliers to input information about their products and service offerings, and allows service providers to input information about their services. The Object Management Group (OMG) Assurance Ecosystem defines several standard protocols for exchanging knowledge for Assurance. The OMG vendor-neutral standards enable machine-readable content that can be unlocked from proprietary tools and can be developed and exchanged independently of its producers and consumers to allow evolution towards the industrialization of cyber-security and taking advantage of the economies of scale.

  • System Assurance: Beyond Detecting Vulnerabilities
    2010
    Co-Authors: Nikolai Mansourov, Djenana Campara
    Abstract:

    In this day of frequent acquisitions and perpetual application integrations, systems are often an amalgamation of multiple programming languages and runtime platforms using new and legacy content. Systems of such mixed origins are increasingly vulnerable to defects and subversion. System Assurance: Beyond Detecting Vulnerabilities addresses these critical issues. As a practical resource for security analysts and engineers tasked with system Assurance, the book teaches you how to use the Object Management Group?s (OMG) expertise and unique standards to obtain accurate knowledge about your existing software and compose objective metrics for system Assurance. OMG?s Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about your existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and Assurance patterns. Using these standards together, you will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect your system. Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance. Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the Assurance argument. Case Study illustrating the steps of the System Assurance Methodology using automated tools. Table of Contents Contents 1. Why Hackers know more about our systems 1.1 Operating in cyberspace involves risks 1.2 Why Hackers are repeatadly successful 1.2.1 What are the challenges in defending cybersystems? 1.2.1.1 Difficulties in understanding and assessing risks 1.2.1.2 Understanding Development Trends 1.2.1.3 Comprehending Systems? Complexity 1.2.1.4 Understanding Assessment Practices and their Limitations 1.2.1.5 Vulnerability Scanning Technologies and their Issues 1.3 Where do We Go from Here 1.3.1 Systematic and repeatable defense at affordable cost 1.3.2 The OMG Software Assurance Ecosystem 1.3.3 Linguistic Modeling to manage the common vocabulary 1.4 Who should read this book 2 Chapter: Confidence as a Product 2.1 Are you confident that there is no black cat in the dark room? 2.2 The Nature of Assurance 2.2.1 Engineering, Risk and Assurance 2.2.2 Assurance Case (AC) 2.2.2.1 Contents of an Assurance Case 2.2.2.2 Structure of the Assurance Argument 2.3 Overview of the Assurance Process 2.3.1 Producing Confidence 2.3.1.1 Economics of Confidence 3 Chapter: How to Build Confidence 3.1 Assurance in the System Lifecycle 3.2 Activities of System Assurance Process 3.2.1 Project Definition 3.2.2 Project Preparation 3.2.3 Assurance argument development 3.2.4 Architecture Security Analysis 3.2.4.1 Discover System Facts 3.2.4.2 Threat identification 3.2.4.3 Safeguard Identification 3.2.4.4 Vulnerability detection 3.2.4.5 Security Posture Analysis 3.2.5 Evidence analysis 3.2.6 Assurance Case Delivery 4 Chapter: Knowledge of System as of Element in Cybersecurity argument 4.1 What is system 4.2 Boundaries of the system 4.3 Resolution of the system description 4.4 Conceptual commitment for system descriptions 4.5 System architecture 4.6 Example of an architecture framework 4.7 Elements of System 4.8 System Knowledge Involves Multiple Viewpoints 4.9 Concept of operations (CONOP) 4.10 Network Configuration 4.11 System life cycle and Assurance 4.11.1 System life cycle stages 4.11.2 Enabling Systems 4.11.3 Supply Chain 4.11.4 System life cycle processes 4.11.5 The implications to the common vocabulary and the integrated system model 5 Chapter: Knowledge of Risk as an Element of Cybersecurity argument 5.1 Introduction 5.2 Basic cybersecurity elements 5.3 Common vocabulary for risk analysis 5.3.1 Defining diScernable vocabulary for Assets 5.3.2 Threats and hazards 5.3.3 Defining dicernable vocabulary for Injury and Impact 5.3.4 Defining dicernable vocabulary for threats 5.3.5 Threat scenarios and attacks 5.3.6 Defining dicernable vocabulary for vulnerabilities 5.3.7 Defining dicernable vocabulary for safeguards 5.3.8 Risk 5.4 Systematic Threat Identification 5.5 Assurance Strategies 5.5.1 Injury Argument 5.5.2 Entry point argument 5.5.3 Threat argument 5.5.4 Vulnerability argument 5.5.5 Security requirement argument 5.5.6 Assurance of the threat identification 6 Chapter: Knowledge of Vulnerabilities as an Element of Cybersecurity Argument 6.1 Vulnerability as part of system knowledege 6.1.1 What is Vulnerability 6.1.2 Vulnerability as Unit of Knowledge: The History of Vulnerability 6.1.3 Vulnerabilities and the Phases of the System Life Cycle 6.1.4 Enumeration of Vulnerabilities as a Knowledge Product 6.1.5 Vulnerability Databases 6.1.5.1 US-CERT 6.1.5.2 Open Source Vulnerability Database (OSVDB) 6.1.6 Vulnerability Life Cycle 6.2 NIST Security Content Automation Protocol (SCAP) Ecosystem 6.2.1 Overview of SCAP Ecosystem 6.2.2 Information Exchanges under SCAP 7 Chapter: Vulnerability Patterns as a New Assurance Content 7.1 Beyond Current SCAP Ecosystem 7.2 Vulnerability Patterns 7.3 Software Fault Patterns 7.3.1 Safeguard category of clusters and corresponding Software fault Patterns (SFPs) 7.3.1.1 Authentication 7.3.1.2 Access Control 7.3.1.3 Privilege 7.3.2 Direct Impact category of clusters and corresponding Software fault Patterns (SFPs) 7.3.2.1 Information Leak 7.3.2.2 Memory Management 7.3.2.3 Memory Access 7.3.2.4 Path Resolution 7.3.2.5 Tainted Input 8 Chapter: OMG Software Assurance Ecosystem 8.1 Introduction 8.2 OMG Assurance Ecosystem: towards collaborative cybersecurity 9 Chapter: Common Fact Model for Assurance Content 9.1 Assurance Content 9.2 The Objectives 9.3 Design criteria for information exchange protocols 9.4 Tradeoffs 9.5 Information Exchange Protocols 9.6 The Nuts and Bolts of Fact Models 9.6.1 Objects 9.6.2 Noun Concepts 9.6.3 Facts about existence of objects 9.6.4 Individual concepts 9.6.5 Relations between concepts 9.6.6 Verb concepts 9.6.7 Characteristics 9.6.8 Situational concepts 9.6.9 Viewpoints and views 9.6.10 Information exchanges and Assurance 9.6.11 Fact-oriented Integration 9.6.12 Automatic derivation of facts 9.7 The representation of facts 9.7.1 Representing facts in XML 9.7.2 Representing facts and schemes in Prolog 9.8 The common schema 9.9 System Assurance facts  10 Chapter: Linguistic Models 10.1 Fact Models and Linguistic Models 10.2 Background 10.3 Overview of SBVR 10.4 How to use SBVR 10.4.1 Simple vocabulary 10.4.2 Vocabulary Entries 10.4.3 Statements 10.4.4 Statements as formal definitions of new concepts 10.4.4.1 Definition of a Noun Concept 10.4.4.2 Definition of a Verb Concept 10.4.4.3 The General Concept caption 10.5 SBVR Vocabulary for describing Elementary Meanings 10.6 SBVR Vocabulary for describing Representations 10.7 SBVR Vocabulary for describing Extensions 10.8 Reference schemes 10.9 SBVR Semantic Formulations 10.9.1 Defining new terms and facts types using SBVR 11 Chapter: Standard Protocol for Exchanging System Facts 11.1 Background 11.2 Organization of the KDM vocabulary 11.2.1 Infrastructure Layer 11.2.2 Program Elements Layer 11.2.3 Resource Layer 11.2.4 Abstractions Layer 11.3 The process of discovering system facts 11.4 Discovering the baseline system facts 11.4.1 Inventory views 11.4.1.1 Inventory Viewpoint vocabulary in SBVR 11.4.2 Build Views 11.4.3 Data views 11.4.4 UI views 11.4.5 Code views 11.4.5.1 Code views: Elements of Structure 11.4.5.2 Code views: Elements of Behavior 11.4.5.3 Micro KDM 11.4.6 Platform views 11.4.7 Event views 11.5 Performing architecture analysis 11.5.1 Structure Views 11.5.2 Conceptual Views 11.5.2.1 Linguistic Viewpoint 11.5.2.2 Behavior Viewpoint 12 Chapter: Case Study 12.1 Introduction 12.2 Background 12.3 Concepts of operations 12.3.1 Executive summary 12.3.2 Purpose 12.3.3 Locations 12.3.4 Operational Authority 12.3.5 System Architecture 12.3.5.1 Clicks2Bricks Web server 12.3.5.2 Database server 12.3.5.3 SMTP server 12.3.6 System Assumptions 12.3.7 External dependencies 12.3.8 Implementation Assumptions 12.3.9 Interfaces with Other Systems 12.3.10 Security assumptions 12.3.11 External Security Notes 12.3.12 Internal Security notes 12.4 Business vocabulary and security policy for Clicks2Bricks in SBVR 12.5 Building the integrated system model 12.5.1 Building the baseline system model 12.5.2 Enhancing the baseline model with the system architecture facts 12.6 Mapping cybersecurity facts to system facts 12.7 Assurance case

Gouglidisantonios - One of the best experts on this subject based on the ideXlab platform.

Knowleswilliam - One of the best experts on this subject based on the ideXlab platform.

Assurance Ecosystem - 15 days free trial to Access Experts & Abstracts