Towards improving software security by using simulation to inform requirements and conceptual design

Nutaro, James J.; Allgood, Glenn O.; Kuruganti, Teja

doi:10.1177/1548512915591049

Title: Towards improving software security by using simulation to inform requirements and conceptual design

Abstract

We illustrate the use of modeling and simulation early in the system life-cycle to improve security and reduce costs. The models that we develop for this illustration are inspired by problems in reliability analysis and supervisory control, for which similar models are used to quantify failure probabilities and rates. In the context of security, we propose that models of this general type can be used to understand trades between risk and cost while writing system requirements and during conceptual design, and thereby significantly reduce the need for expensive security corrections after a system enters operation

Authors:

Nutaro, James J. ^[1]; Allgood, Glenn O. ^[1]; Kuruganti, Teja ^[1]

Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

Publication Date:: Wed Jun 17 00:00:00 EDT 2015

Research Org.:: Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1223064

Grant/Contract Number:: AC05-00OR22725

Resource Type:: Accepted Manuscript

Journal Name:: Journal of Defense Modeling and Simulation

Additional Journal Information:: Journal Volume: 12; Journal ID: ISSN 1548-5129

Publisher:: Society for Modeling and Simulation International

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Nutaro, James J., Allgood, Glenn O., and Kuruganti, Teja. Towards improving software security by using simulation to inform requirements and conceptual design.  United States: N. p., 2015. 
Web.  doi:10.1177/1548512915591049.

Copy to clipboard


                    Nutaro, James J., Allgood, Glenn O., & Kuruganti, Teja. Towards improving software security by using simulation to inform requirements and conceptual design.  United States.  https://doi.org/10.1177/1548512915591049

Copy to clipboard


                    Nutaro, James J., Allgood, Glenn O., and Kuruganti, Teja. Wed .  
"Towards improving software security by using simulation to inform requirements and conceptual design".  United States.  https://doi.org/10.1177/1548512915591049.  https://www.osti.gov/servlets/purl/1223064.

Copy to clipboard


                    
@article{osti_1223064,

  title        = {Towards improving software security by using simulation to inform requirements and conceptual design},

  author       = {Nutaro, James J. and Allgood, Glenn O. and Kuruganti, Teja},

  abstractNote = {We illustrate the use of modeling and simulation early in the system life-cycle to improve security and reduce costs. The models that we develop for this illustration are inspired by problems in reliability analysis and supervisory control, for which similar models are used to quantify failure probabilities and rates. In the context of security, we propose that models of this general type can be used to understand trades between risk and cost while writing system requirements and during conceptual design, and thereby significantly reduce the need for expensive security corrections after a system enters operation},

  doi          = {10.1177/1548512915591049},

  journal      = {Journal of Defense Modeling and Simulation},

  number       = ,

  volume       = 12,

  place        = {United States},

  year         = {Wed Jun 17 00:00:00 EDT 2015},

  month        = {Wed Jun 17 00:00:00 EDT 2015}

}

Copy to clipboard

Journal Article:

Free Publicly Available Full Text

Accepted Manuscript (DOE)

Publisher's Version of Record

https://doi.org/10.1177/1548512915591049

Other availability

Search WorldCat to find libraries that may hold this journal

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Secure it now or secure it later: the benefits of addressing cyber-security from the outset
conference, May 2013

Olama, Mohammed M.; Nutaro, James
SPIE Defense, Security, and Sensing, SPIE Proceedings
DOI: 10.1117/12.2015465

Resilience metrics for cyber systems
journal, November 2013

Linkov, Igor; Eisenberg, Daniel A.; Plourde, Kenton
Environment Systems and Decisions, Vol. 33, Issue 4
DOI: 10.1007/s10669-013-9485-y

Closed-form expressions for distribution of sum of exponential random variables
journal, January 1997

Amari, S. V.; Misra, R. B.
IEEE Transactions on Reliability, Vol. 46, Issue 4
DOI: 10.1109/24.693785

Handbook of human-reliability analysis with emphasis on nuclear power plant applications. Final report
report, August 1983

Swain, A. D.; Guttmann, H. E.
DOI: 10.2172/5752058

Cybersecurity Standards: Managing Risk and Creating Resilience
journal, September 2014

Collier, Zachary A.; DiMase, Daniel; Walters, Steve
Computer, Vol. 47, Issue 9, p. 70-76
DOI: 10.1109/MC.2013.448

Similar Records in DOE PAGES and OSTI.GOV collections:

Countering Cyber Sabotage: Introducing Consequence-Driven Cyber-Informed Engineering (CCE)

Book Bochman, Andrew A ; Freeman, Sarah G

Preface The situation we find ourselves in today in the realm of cybersecurity is not much different than the one the software world was in in 1994, except that without a significant shift in strategy, the consequences for citizens and civilizations are likely to be much more dire. Prior to the release of the first edition of The Capability Maturity Model: Guidelines for Improving the Software Process by Carnegie Mellon’s Software Engineering Institute (SEI) just as the personal computer era was getting underway circa 1994, the world of software development was, to be generous, a complete goat rope . Scopingmore »« less
https://doi.org/10.4324/9780367491161

Full Text Available
Blackcomb: Hardware-Software Co-design for Non-Volatile Memory in Exascale Systems

Technical Report Schreiber, Robert

Summary of technical results of Blackcomb Memory Devices We explored various different memory technologies (STTRAM, PCRAM, FeRAM, and ReRAM). The progress can be classified into three categories, below. Modeling and Tool Releases Various modeling tools have been developed over the last decade to help in the design of SRAM or DRAM-based memory hierarchies. To explore new design opportunities that NVM technologies can bring to the designers, we have developed similar high-level models for NVM, including PCRAMsim [Dong 2009], NVSim [Dong 2012], and NVMain [Poremba 2012]. NVSim is a circuit-level model for NVM performance, energy, and area estimation, which supports variousmore »« less
Final Technical Report on Quantifying Dependability Attributes of Software Based Safety Critical Instrumentation and Control Systems in Nuclear Power Plants

Technical Report Smidts, Carol ; Huang, Funqun ; Li, Boyuan ; ...

With the current transition from analog to digital instrumentation and control systems in nuclear power plants, the number and variety of software-based systems have significantly increased. The sophisticated nature and increasing complexity of software raises trust in these systems as a significant challenge. The trust placed in a software system is typically termed software dependability. Software dependability analysis faces uncommon challenges since software systems’ characteristics differ from those of hardware systems. The lack of systematic science-based methods for quantifying the dependability attributes in software-based instrumentation as well as control systems in safety critical applications has proved itself to be amore »« less
https://doi.org/10.2172/1243366

Full Text Available
Detailed Modeling, Design, and Evaluation of a Scalable Multi-level Checkpointing System

Technical Report Moody, A T ; Bronevetsky, G ; Mohror, K M ; ...

High-performance computing (HPC) systems are growing more powerful by utilizing more hardware components. As the system mean-time-before-failure correspondingly drops, applications must checkpoint more frequently to make progress. However, as the system memory sizes grow faster than the bandwidth to the parallel file system, the cost of checkpointing begins to dominate application run times. A potential solution to this problem is to use multi-level checkpointing, which employs multiple types of checkpoints with different costs and different levels of resiliency in a single run. The goal is to design light-weight checkpoints to handle the most common failure modes and rely on moremore »« less
https://doi.org/10.2172/984082

Full Text Available
Suspect/Counterfeit Items Information Guide for Subcontractors/Suppliers

Technical Report Tessmar, Nancy D. ; Salazar, Michael J.

Counterfeiting of industrial and commercial grade items is an international problem that places worker safety, program objectives, expensive equipment, and security at risk. In order to prevent the introduction of Suspect/Counterfeit Items (S/CI), this information sheet is being made available as a guide to assist in the implementation of S/CI awareness and controls, in conjunction with subcontractor's/supplier's quality assurance programs. When it comes to counterfeit goods, including industrial materials, items, and equipment, no market is immune. Some manufactures have been known to misrepresent their products and intentionally use inferior materials and processes to manufacture substandard items, whose properties can significantlymore »« less
https://doi.org/10.2172/1048378

Full Text Available

Similar Records

Title: Towards improving software security by using simulation to inform requirements and conceptual design

Abstract

Citation Formats

Secure it now or secure it later: the benefits of addressing cyber-security from the outset conference, May 2013

Resilience metrics for cyber systems journal, November 2013

Closed-form expressions for distribution of sum of exponential random variables journal, January 1997

Handbook of human-reliability analysis with emphasis on nuclear power plant applications. Final report report, August 1983

Cybersecurity Standards: Managing Risk and Creating Resilience journal, September 2014

Secure it now or secure it later: the benefits of addressing cyber-security from the outset
conference, May 2013

Resilience metrics for cyber systems
journal, November 2013

Closed-form expressions for distribution of sum of exponential random variables
journal, January 1997

Handbook of human-reliability analysis with emphasis on nuclear power plant applications. Final report
report, August 1983

Cybersecurity Standards: Managing Risk and Creating Resilience
journal, September 2014