Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment

Robin A. Gandhi; Seok Won Lee

doi:10.1109/RE.2007.21

Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment

Robin A. Gandhi, Seok Won Lee

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

13 Scopus citations

Abstract

In this paper we outline our approach to discover and understand multi-dimensional correlations among regulatory security certification requirements in the context of a complex software system. A thorough understanding of these correlations is necessary to assure that diverse constraints imposed by numerous certification requirements are adequate for collectively contributing to emergent security properties in a highly interconnected socio-technical environment. We elaborate on methodological support to discover an exhaustive set of applicable certification requirements in a given operational scenario of the target software system. We then describe techniques to systematically understand the multi-dimensional correlations among these requirements with application to security risk assessment. The case study of applying our approach to a regulatory certification process of The United States Department of Defense (DoD) is presented.

Original language	English (US)
Title of host publication	Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007
Pages	231-240
Number of pages	10
DOIs	https://doi.org/10.1109/RE.2007.21
State	Published - 2007
Externally published	Yes
Event	15th IEEE International Requirements Engineering Conference, RE 2007 - New Delhi, India Duration: Oct 15 2007 → Oct 19 2007

Publication series

Name	Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007

Conference

Conference	15th IEEE International Requirements Engineering Conference, RE 2007
Country/Territory	India
City	New Delhi
Period	10/15/07 → 10/19/07

ASJC Scopus subject areas

Software
Control and Systems Engineering

Access to Document

10.1109/RE.2007.21

Cite this

Gandhi, R. A., & Lee, S. W. (2007). Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment. In Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007 (pp. 231-240). Article 4384186 (Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007). https://doi.org/10.1109/RE.2007.21

Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment. / Gandhi, Robin A.; Lee, Seok Won.
Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007. 2007. p. 231-240 4384186 (Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Gandhi, RA & Lee, SW 2007, Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment. in Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007., 4384186, Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007, pp. 231-240, 15th IEEE International Requirements Engineering Conference, RE 2007, New Delhi, India, 10/15/07. https://doi.org/10.1109/RE.2007.21

Gandhi RA, Lee SW. Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment. In Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007. 2007. p. 231-240. 4384186. (Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007). doi: 10.1109/RE.2007.21

@inproceedings{88e22dcb9f9f4adb8a756c16d91ed560,

title = "Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment",

abstract = "In this paper we outline our approach to discover and understand multi-dimensional correlations among regulatory security certification requirements in the context of a complex software system. A thorough understanding of these correlations is necessary to assure that diverse constraints imposed by numerous certification requirements are adequate for collectively contributing to emergent security properties in a highly interconnected socio-technical environment. We elaborate on methodological support to discover an exhaustive set of applicable certification requirements in a given operational scenario of the target software system. We then describe techniques to systematically understand the multi-dimensional correlations among these requirements with application to security risk assessment. The case study of applying our approach to a regulatory certification process of The United States Department of Defense (DoD) is presented.",

author = "Gandhi, {Robin A.} and Lee, {Seok Won}",

year = "2007",

doi = "10.1109/RE.2007.21",

language = "English (US)",

isbn = "0769529356",

series = "Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007",

pages = "231--240",

booktitle = "Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007",

note = "15th IEEE International Requirements Engineering Conference, RE 2007 ; Conference date: 15-10-2007 Through 19-10-2007",

}

TY - GEN

T1 - Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment

AU - Gandhi, Robin A.

AU - Lee, Seok Won

PY - 2007

Y1 - 2007

N2 - In this paper we outline our approach to discover and understand multi-dimensional correlations among regulatory security certification requirements in the context of a complex software system. A thorough understanding of these correlations is necessary to assure that diverse constraints imposed by numerous certification requirements are adequate for collectively contributing to emergent security properties in a highly interconnected socio-technical environment. We elaborate on methodological support to discover an exhaustive set of applicable certification requirements in a given operational scenario of the target software system. We then describe techniques to systematically understand the multi-dimensional correlations among these requirements with application to security risk assessment. The case study of applying our approach to a regulatory certification process of The United States Department of Defense (DoD) is presented.

AB - In this paper we outline our approach to discover and understand multi-dimensional correlations among regulatory security certification requirements in the context of a complex software system. A thorough understanding of these correlations is necessary to assure that diverse constraints imposed by numerous certification requirements are adequate for collectively contributing to emergent security properties in a highly interconnected socio-technical environment. We elaborate on methodological support to discover an exhaustive set of applicable certification requirements in a given operational scenario of the target software system. We then describe techniques to systematically understand the multi-dimensional correlations among these requirements with application to security risk assessment. The case study of applying our approach to a regulatory certification process of The United States Department of Defense (DoD) is presented.

UR - http://www.scopus.com/inward/record.url?scp=47949111490&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=47949111490&partnerID=8YFLogxK

U2 - 10.1109/RE.2007.21

DO - 10.1109/RE.2007.21

M3 - Conference contribution

AN - SCOPUS:47949111490

SN - 0769529356

SN - 9780769529356

T3 - Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007

SP - 231

EP - 240

BT - Proceedings - 15th IEEE International Requirements Engineering Conference, RE 2007

T2 - 15th IEEE International Requirements Engineering Conference, RE 2007

Y2 - 15 October 2007 through 19 October 2007

ER -

Discovering and understanding multi-dimensional correlations among certification requirements with application to risk assessment

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this