E-Book, Englisch, 368 Seiten
Reihe: The MK/OMG Press
Mansourov / Campara System Assurance
1. Auflage 2010
ISBN: 978-0-12-381415-9
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Beyond Detecting Vulnerabilities
E-Book, Englisch, 368 Seiten
Reihe: The MK/OMG Press
ISBN: 978-0-12-381415-9
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
System Assurance teaches students how to use Object Management Group's (OMG) expertise and unique standards to obtain accurate knowledge about existing software and compose objective metrics for system assurance. OMG's Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and assurance patterns. Using these standards together, students will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect systems. This book includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture, and code analysis guided by the assurance argument. A case study illustrates the steps of the System Assurance Methodology using automated tools. This book is recommended for technologists from a broad range of software companies and related industries; security analysts, computer systems analysts, computer software engineers-systems software, computer software engineers- applications, computer and information systems managers, network systems and data communication analysts. - Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance. - Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument. - Case Study illustrating the steps of the System Assurance Methodology using automated tools.
Nikolai Mansourov is recognized worldwide for his work in the areas of automatic code generation and using formal specifications in both forward and reverse engineering. Prior to joining KDM Analytics, Dr. Mansourov was the Chief Scientist and Chief Architect at Klocwork Inc, where he significantly helped build the company's credibility. Dr. Mansourov also was a department head at the Institute for System Programming, Russian Academy of Sciences, where he was responsible for numerous groundbreaking research projects in advanced software development for industry leaders Nortel Networks and Telelogic. Dr. Mansourov has published over 50 research papers and is a frequent speaker as well as member of program committees at various international research forums. He is a founding member of the World-Wide Institute of Software Architects WWISA. His impact on the industry continues through his participation on several standards bodies, including the ITU-T and Object Management Group. Dr. Mansourov is one of the first OMG-certified UML Advanced Professionals and a member of the UML2 standardization team. Dr. Mansourov is the Editor of the OMG Knowledge Discovery Metamodel (KDM) specification and the Chair of the OMG Revision Task Force for KDM.
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;System AssuranceBeyond DetectingVulnerabilities;4
3;Copyright;5
4;Dedication;6
5;Contents;8
6;Foreword;14
7;Preface;16
8;Chapter 1: Why hackers know more about our systems;22
8.1;1.1. Operating In Cyberspace Involves Risks;22
8.2;1.2. Why Hackers Are Repeatedly Successful;24
8.3;1.3. What are the challenges in defending cybersystems?;25
8.4;1.4. Where Do We Go From Here?;34
8.5;1.5. Who Should Read This Book?;42
8.6;Bibliography;42
9;Chapter 2: Confidence as a product;44
9.1;2.1. Are You Confident That There Is No Black Cat In The Dark Room?;44
9.2;2.2. The Nature of Assurance;52
9.3;2.3. Overview of the assurance process;64
9.4;Bibliography;67
10;Chapter 3: How to build confidence;70
10.1;3.1. Assurance in the System Life Cycle;70
10.2;3.2. Activities of System Assurance Process;73
10.3;Bibliography;101
11;Chapter 4: Knowledge of system as an element of cybersecurity argument;102
11.1;4.1. What is System?;102
11.2;4.2. Boundaries of the System;103
11.3;4.3. Resolution of the system description;105
11.4;4.4. Conceptual Commitment for System Descriptions;106
11.5;4.5. System Architecture;108
11.6;4.6. Example of an Architecture Framework;111
11.7;4.7. Elements of a System;114
11.8;4.8. System Knowledge Involves Multiple Viewpoints;116
11.9;4.9. Concept of Operations (CONOP);119
11.10;4.10. Network Configuration;119
11.11;4.11. System Life Cycle and Assurance;121
11.12;Bibliography;130
12;Chapter 5: Knowledge of risk as an element of cybersecurity argument;132
12.1;5.1. Introduction;132
12.2;5.2. Basic Cybersecurity Elements;135
12.3;5.3. Common Vocabulary for threat identification;140
12.4;5.4. Systematic threat identification;160
12.5;5.5. Assurance Strategies;162
12.6;5.6. Assurance of the threat identification;166
12.7;Bibliography;167
13;Chapter 6: Knowledge of vulnerabilities as an element of cybersecurity argument;168
13.1;6.1. Vulnerability as a unit of Knowledge;168
13.2;6.2. Vulnerability databases;177
13.3;6.3. Vulnerability life cycle;184
13.4;6.4. NIST Security Content Automation Protocol (SCAP) Ecosystem;186
13.5;Bibliography;191
14;Chapter 7: Vulnerability patterns as a new assurance content;192
14.1;7.1. Beyond Current SCAP Ecosystem;192
14.2;7.2. Vendor-neutral vulnerability patterns;195
14.3;7.3. Software Fault Patterns;196
14.4;7.4. Example Software Fault Pattern;207
14.5;Bibliography;210
15;Chapter 8: OMG software assurance ecosystem;212
15.1;8.1. Introduction;212
15.2;8.2. OMG assurance ecosystem: toward collaborative cybersecurity;214
15.3;Bibliography;221
16;Chapter 9: Common fact model for assurance content;222
16.1;9.1. Assurance Content;222
16.2;9.2. The Objectives;224
16.3;9.3. Design Criteria for Information Exchange Protocols;225
16.4;9.4. Trade-offs;226
16.5;9.5. Information Exchange Protocols;227
16.6;9.6. The Nuts and Bolts of Fact Models;229
16.7;9.7. The Representation of Facts;241
16.8;9.8. The Common Schema;247
16.9;9.9. System Assurance Facts;248
16.10;Bibliography;252
17;Chapter 10: Linguistic models;254
17.1;10.1. Fact Models and Linguistic Models;254
17.2;10.2. Background;256
17.3;10.3. Overview of SBVR;257
17.4;10.4. How to Use SBVR;258
17.5;10.5. SBVR Vocabulary for Describing Elementary Meanings;262
17.6;10.6. SBVR Vocabulary for Describing Representations;266
17.7;10.7. SBVR Vocabulary for Describing Extensions;268
17.8;10.8. Reference schemes;268
17.9;10.9. SBVR Semantic Formulations;269
17.10;Bibliography;273
18;Chapter 11: Standard protocol for exchanging system facts;274
18.1;11.1. Background;274
18.2;11.2. Organization of the KDM Vocabulary;275
18.3;11.3. The Process of Discovering System Facts;278
18.4;11.4. Discovering the Baseline System Facts;281
18.5;11.5. Performing Architecture Analysis;313
18.6;Bibliography;321
19;Chapter 12: Case study;322
19.1;12.1. Introduction;322
19.2;12.2. Background;323
19.3;12.3. Concepts of Operations;323
19.4;12.4. Business Vocabulary and Security Policy for Clicks2Bricks in SBVR;329
19.5;12.5. Building the Integrated System Model;340
19.6;12.6. Mapping Cybersecurity Facts to System Facts;348
19.7;12.7. Assurance Case;351
19.8;Bibliography;357
20;Index;358
