New security paradigms workshop white paper
An historical look at software systems reveals a progression of thinking about protection and risk management. In this paper, three generations are defined. For each, we examine the prevalent views of risk, risk assessment, and risk mitigation. We also examine prevalent strategies for assurance. Many gaps exist in current knowledge of how to manage and assess risks in software systems. This paper presents a new perspective which enables comprehensive risk-based design and evaluation of systems, spanning a range of surety concerns (including correctness and safety, in addition to traditional security concerns), and addressing multiple system aspects. We believe this to be a new and unique multidisciplinary approach which transcends both traditional security approaches and traditional risk analysis methods. It facilitates a risk analysis completely tailored to the system at hand, instantiating its threats, its barriers, and its needs for risk reduction.
- Research Organization:
- Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
- Sponsoring Organization:
- USDOE, Washington, DC (United States)
- DOE Contract Number:
- AC04-94AL85000
- OSTI ID:
- 62613
- Report Number(s):
- SAND-95-0725C; CONF-950885-1; ON: DE95010454
- Resource Relation:
- Conference: 4. workshop on new security paradigms, La Jolla, CA (United States), 22-25 Aug 1995; Other Information: PBD: [1995]
- Country of Publication:
- United States
- Language:
- English
Similar Records
The software engineering journey: From a naieve past into a responsible future
Analytical Approaches to Address Homeland Security Issues