We Need Assurance

View Related Documents

Book Chapter
Model-Based Quality Assurance of Automotive Software
Jan Jürjens, Daniel Reiß and David Trachtenherz
Lecture Notes in Computer Science, 2008, Volume 5301, Model Driven Engineering Languages and Systems, Pages 858-873
- Download PDF (308.7 KB)
Book Chapter
Open Access
Engineering Secure Future Internet Services
Wouter Joosen, Javier Lopez, Fabio Martinelli and Fabio Massacci
Lecture Notes in Computer Science, 2011, Volume 6656, The Future Internet, Pages 177-191
- Download PDF (240.1 KB)
Book Chapter
The Assurance Paradigm
Organisational Semiotics Applied to Governance Issues
Hart Will and Darren Whobrey
2005, Virtual, Distributed and Flexible Organisations, I, Pages 129-152
- Download PDF (218.1 KB)
Book Chapter
What is Information Assurance?
Computer Communications and Networks, 2006, Information Assurance, Section 1, Pages 3-15
- Download PDF (116.3 KB)
Book Chapter
Applying Security Engineering to Build Security Countermeasures: An Introduction
Tai-hoonn Kim and Ho-yeol Kwon
Lecture Notes in Computer Science, 2006, Volume 3732, Applied Parallel Computing. State of the Art in Scientific Computing, Pages 957-963
- Download PDF (268.2 KB)
Book Chapter
Design Procedure of IT Systems Security Countermeasures
Tai-hoon Kim and Seung-youn Lee
Lecture Notes in Computer Science, 2005, Volume 3481, Computational Science and Its Applications – ICCSA 2005, Pages 71-141
- Download PDF (226.5 KB)
Book Chapter
Intelligent Method for Building Security Countermeasures
Tai-hoon Kim and Sun-myoung Hwang
Lecture Notes in Computer Science, 2006, Volume 4252, Knowledge-Based Intelligent Information and Engineering Systems, Pages 745-750
- Download PDF (133.5 KB)
Book Chapter
Electronic Distribution of Airplane Software and the Impact of Information Security on Airplane Safety
Richard Robinson, Mingyan Li, Scott Lintelman, Krishna Sampigethaya and Radha Poovendran, et al.
Lecture Notes in Computer Science, 2007, Volume 4680, Computer Safety, Reliability, and Security, Pages 28-39
- Download PDF (355.6 KB)
Journal Article
Foreword
Vlasti Broucek and Paul Turner
Journal in Computer Virology, 2007, Volume 3, Number 2, Pages 63-64
- Download PDF (81.1 KB)
- View HTML
Book Chapter
A Fully Compliant Research Implementation of the P3P Standard for Privacy Protection: Experiences and Recommendations
Giles Hogben, Tom Jackson and Marc Wilikens
Lecture Notes in Computer Science, 2002, Volume 2502, Computer Security — ESORICS 2002, Pages 104-125
- Download PDF (274.4 KB)

Abstract

Today’s commercial cryptographic products have sufficient functionality, plenty of performance, but not enough assurance. Further, in the near term future, I see little chance of improvement in assurance, hence little improvement in true security offered by industry. The malicious environment in which security systems must function absolutely requires the use of strong assurance techniques. Most attacks today result from failures of assurance, not function.

Am I depressed? Yes, I am. The scene I see is products and services sufficiently robust to counter many (but not all) of the “hacker” attacks we hear so much about today, but not adequate against the more serious but real attacks mounted by economic adversaries and nation states. We will be in a truly dangerous stance: we will think we are secure (and act accordingly) when in fact we are not secure.

Assurance techniques (barely) adequate for a benign environment simply will not hold up in a malicious environment.

Despite the real need for additional research in assurance technology, we fail to fully use that which we already have in hand! We need to better use those assurance techniques we have, and continue research and development efforts to improve them and find others.

Recall that assurance are confidence-building activities demonstrating that system functions meet a desired set of properties and only those properties, that the functions are implemented correctly, and that the assurances hold up through manufacturing, delivery, and life-cycle of the system.

Assurance is provided through structured design processes, documentation, and testing,with greater assurance coming through more extensive processes, documentation, and testing. All this leads to increased cost and delayed time-to-market - a severe one-two punch in today’s marketplace.

I will briefly discuss assurance features appropriate in each of the following five areas: operating systems, software modules, hardware features, third party testing, and legal constraints.

Each of us should leave today with a stronger commitment to quality research in assurance techniques with strong emphasis on transferring the technology to industry.It is not adequate to have the technique; it must be used. We have our work cut out for us; let’s go do it.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

We Need Assurance

View Related Documents

Abstract

Fulltext Preview