The book is organized into four parts. The first part provides an introduction to cybersecurity knowledge; the need for information exchanges for systematic, repeatable, and affordable cyberdefense; and the motivation for the Object Management Group (OMG) Software Assurance Ecosystem. It discusses the nature of system assurance and its difference for vulnerability detection, and introduces the OMG standard on Software Assurance Cases. It describes an end-to-end methodology for system assurance in the context of the OMG Software Assurance Ecosystem that brings together risk analysis, architecture analysis, and code analysis in an integrated process that is guided and planned by the assurance argument. The second part describes various aspects of cybersecurity knowledge required for building cybersecurity arguments. This knowledge includes system knowledge, knowledge related to security threats and risks, and vulnerability knowledge. The third part provides an overview of the protocols of the OMG Software Assurance Ecosystem. It covers the Common Fact Model approach; linguistic models and the OMG Semantics of Business Vocabularies and Rules (SBVR) standard; and the OMG Knowledge Discovery Metamodel (KDM). The fourth part presents a case study to illustrate some of the activities of a system assurance evaluation.
- Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance.
- Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument.
- Case Study illustrating the steps of the System Assurance Methodology using automated tools.
Nikolai Mansourov is recognized worldwide for his work in the areas of automatic code generation and using formal specifications in both forward and reverse engineering. Prior to joining KDM Analytics, Dr. Mansourov was the Chief Scientist and Chief Architect at Klocwork Inc, where he significantly helped build the company's credibility. Dr. Mansourov also was a department head at the Institute for System Programming, Russian Academy of Sciences, where he was responsible for numerous groundbreaking research projects in advanced software development for industry leaders Nortel Networks and Telelogic. Dr. Mansourov has published over 50 research papers and is a frequent speaker as well as member of program committees at various international research forums. He is a founding member of the World-Wide Institute of Software Architects WWISA. His impact on the industry continues through his participation on several standards bodies, including the ITU-T and Object Management Group. Dr. Mansourov is one of the first OMG-certified UML Advanced Professionals and a member of the UML2 standardization team. Dr. Mansourov is the Editor of the OMG Knowledge Discovery Metamodel (KDM) specification and the Chair of the OMG Revision Task Force for KDM.
System Assurance teaches students how to use Object Management Group's (OMG) expertise and unique standards to obtain accurate knowledge about existing software and compose objective metrics for system assurance. OMG's Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and assurance patterns. Using these standards together, students will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect systems. This book includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture, and code analysis guided by the assurance argument. A case study illustrates the steps of the System Assurance Methodology using automated tools. This book is recommended for technologists from a broad range of software companies and related industries; security analysts, computer systems analysts, computer software engineers-systems software, computer software engineers- applications, computer and information systems managers, network systems and data communication analysts. Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance. Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument. Case Study illustrating the steps of the System Assurance Methodology using automated tools.
Front Cover 1
System AssuranceBeyond DetectingVulnerabilities 4
Copyright 5
Dedication 6
Contents 8
Foreword 14
Preface 16
Chapter 1: Why hackers know more about our systems 22
1.1. Operating In Cyberspace Involves Risks 22
1.2. Why Hackers Are Repeatedly Successful 24
1.3. What are the challenges in defending cybersystems? 25
1.4. Where Do We Go From Here? 34
1.5. Who Should Read This Book? 42
Bibliography 42
Chapter 2: Confidence as a product 44
2.1. Are You Confident That There Is No Black Cat In The Dark Room? 44
2.2. The Nature of Assurance 52
2.3. Overview of the assurance process 64
Bibliography 67
Chapter 3: How to build confidence 70
3.1. Assurance in the System Life Cycle 70
3.2. Activities of System Assurance Process 73
Bibliography 101
Chapter 4: Knowledge of system as an element of cybersecurity argument 102
4.1. What is System? 102
4.2. Boundaries of the System 103
4.3. Resolution of the system description 105
4.4. Conceptual Commitment for System Descriptions 106
4.5. System Architecture 108
4.6. Example of an Architecture Framework 111
4.7. Elements of a System 114
4.8. System Knowledge Involves Multiple Viewpoints 116
4.9. Concept of Operations (CONOP) 119
4.10. Network Configuration 119
4.11. System Life Cycle and Assurance 121
Bibliography 130
Chapter 5: Knowledge of risk as an element of cybersecurity argument 132
5.1. Introduction 132
5.2. Basic Cybersecurity Elements 135
5.3. Common Vocabulary for threat identification 140
5.4. Systematic threat identification 160
5.5. Assurance Strategies 162
5.6. Assurance of the threat identification 166
Bibliography 167
Chapter 6: Knowledge of vulnerabilities as an element of cybersecurity argument 168
6.1. Vulnerability as a unit of Knowledge 168
6.2. Vulnerability databases 177
6.3. Vulnerability life cycle 184
6.4. NIST Security Content Automation Protocol (SCAP) Ecosystem 186
Bibliography 191
Chapter 7: Vulnerability patterns as a new assurance content 192
7.1. Beyond Current SCAP Ecosystem 192
7.2. Vendor-neutral vulnerability patterns 195
7.3. Software Fault Patterns 196
7.4. Example Software Fault Pattern 207
Bibliography 210
Chapter 8: OMG software assurance ecosystem 212
8.1. Introduction 212
8.2. OMG assurance ecosystem: toward collaborative cybersecurity 214
Bibliography 221
Chapter 9: Common fact model for assurance content 222
9.1. Assurance Content 222
9.2. The Objectives 224
9.3. Design Criteria for Information Exchange Protocols 225
9.4. Trade-offs 226
9.5. Information Exchange Protocols 227
9.6. The Nuts and Bolts of Fact Models 229
9.7. The Representation of Facts 241
9.8. The Common Schema 247
9.9. System Assurance Facts 248
Bibliography 252
Chapter 10: Linguistic models 254
10.1. Fact Models and Linguistic Models 254
10.2. Background 256
10.3. Overview of SBVR 257
10.4. How to Use SBVR 258
10.5. SBVR Vocabulary for Describing Elementary Meanings 262
10.6. SBVR Vocabulary for Describing Representations 266
10.7. SBVR Vocabulary for Describing Extensions 268
10.8. Reference schemes 268
10.9. SBVR Semantic Formulations 269
Bibliography 273
Chapter 11: Standard protocol for exchanging system facts 274
11.1. Background 274
11.2. Organization of the KDM Vocabulary 275
11.3. The Process of Discovering System Facts 278
11.4. Discovering the Baseline System Facts 281
11.5. Performing Architecture Analysis 313
Bibliography 321
Chapter 12: Case study 322
12.1. Introduction 322
12.2. Background 323
12.3. Concepts of Operations 323
12.4. Business Vocabulary and Security Policy for Clicks2Bricks in SBVR 329
12.5. Building the Integrated System Model 340
12.6. Mapping Cybersecurity Facts to System Facts 348
12.7. Assurance Case 351
Bibliography 357
Index 358
| Erscheint lt. Verlag | 29.12.2010 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Mathematik / Informatik ► Informatik ► Datenbanken | |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| Informatik ► Office Programme ► Outlook | |
| Mathematik / Informatik ► Informatik ► Programmiersprachen / -werkzeuge | |
| Mathematik / Informatik ► Informatik ► Software Entwicklung | |
| Mathematik / Informatik ► Informatik ► Theorie / Studium | |
| ISBN-10 | 0-12-381415-4 / 0123814154 |
| ISBN-13 | 978-0-12-381415-9 / 9780123814159 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 14,6 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
EPUB (Adobe DRM)Größe: 5,3 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
