Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment

Robin A. Gandhi, Seok Won Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Scopus citations

Abstract

In this paper we outline our approach to discover and understand multi-dimensional correlations among regulatory security certification requirements in the context of a complex software system. A thorough understanding of these correlations is necessary to assure that diverse constraints imposed by numerous certification requirements are adequate for collectively contributing to emergent security properties in a highly interconnected socio-technical environment. We elaborate on methodological support to discover an exhaustive set of applicable certification requirements in a given operational scenario of the target software system. We then describe techniques to systematically understand the multi-dimensional correlations among these requirements with application to security risk assessment. The case study of applying our approach to a regulatory certification process of The United States Department of Defense (DoD) is presented.

Original languageEnglish (US)
Title of host publicationProceedings - 15th IEEE International Requirements Engineering Conference, RE 2007
Pages231-240
Number of pages10
DOIs
StatePublished - 2007
Externally publishedYes
Event15th IEEE International Requirements Engineering Conference, RE 2007 - New Delhi, India
Duration: Oct 15 2007Oct 19 2007

Publication series

NameProceedings - 15th IEEE International Requirements Engineering Conference, RE 2007

Conference

Conference15th IEEE International Requirements Engineering Conference, RE 2007
Country/TerritoryIndia
CityNew Delhi
Period10/15/0710/19/07

ASJC Scopus subject areas

  • Software
  • Control and Systems Engineering

Fingerprint

Dive into the research topics of 'Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment'. Together they form a unique fingerprint.

Cite this