By Topic

Keynote: Security Engineering: Developments and Directions

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Thuraisingham, Bhavani ; Dept. of Comput. Sci., Univ. of Texas at Dallas, Dallas, TX, USA

Security Engineering is a critical component of systems engineering. When complex and large systems are put together, one needs to ensure that the systems are secure. Security engineering methodologies include gathering the security requirements, specifying the security policies, designing the security model, identifying the security critical components of the system design, security verification and validation and security testing. Before installation, one needs to develop a concept of operation (CONOPS) as well as carry out certification and accreditation. Much of the previous work in security engineering has focused on end to end security. That is, the organization needs to ensure that the applications, database systems, operating systems and networks have to be secure. In addition, one needs to ensure security when the subsystems are composed to form a larger system. More recently with open systems and the Web, secure system development is taking a whole new direction. The Office of the Deputy Assistant Secretary of Defense in the United States (Information and Identity Assurance) has stated that "the Department of Defense's (DoD) policy, planning, and war fighting capabilities are heavily dependent on the information technology foundation provided by the Global Information Grid (GIG). However, the GIG was built for business efficiency instead of mission assurance against sophisticated adversaries who have demonstrated intent and proven their ability to use cyberspace as a tool for espionage and criminal theft of data. GIG mission assurance works to ensure the DoD is able to accomplish its critical missions when networks, services, or information are unavailable, degraded, or distrusted." To meet the needs of mission assurance challenges, President's (George W. Bush) cyber plan (CNCI) has listed the area of developing multipronged approaches to supply chain risk management as one of the priorities. CNCI states that the reality of global supply chains presents - significant challenges in thwarting counterfeit, or maliciously designed hardware and software products. To overcome such challenges and support successful mission assurance we need to design flexible and secure systems whose components may be untrusted or faulty. We need to achieve the secure operation of mission critical systems constructed from untrusted, semitrusted and fully trusted components for successful mission assurance. This keynote address will discuss the developments in security engineering from requirements, to policy to model to design to verification to testing as well as developing CONOPS and conducting certification and accreditation. System evaluation, usability and metrics related issues will also be discussed. Finally we will discuss the changes that have to be made to security engineering to support the next generation of secure systems for mission critical applications.

Published in:

Secure Software Integration and Reliability Improvement, 2009. SSIRI 2009. Third IEEE International Conference on

Date of Conference:

8-10 July 2009