Towards improving software security by using simulation to inform requirements and conceptual design

Nutaro, James J.; Allgood, Glenn O.; Kuruganti, Teja

doi:10.1177/1548512915591049

Title: Towards improving software security by using simulation to inform requirements and conceptual design

Journal Article · Wed Jun 17 00:00:00 EDT 2015 · Journal of Defense Modeling and Simulation

DOI:https://doi.org/10.1177/1548512915591049· OSTI ID:1223064

Nutaro, James J. ^[1]; Allgood, Glenn O. ^[1]; Kuruganti, Teja ^[1]

Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

We illustrate the use of modeling and simulation early in the system life-cycle to improve security and reduce costs. The models that we develop for this illustration are inspired by problems in reliability analysis and supervisory control, for which similar models are used to quantify failure probabilities and rates. In the context of security, we propose that models of this general type can be used to understand trades between risk and cost while writing system requirements and during conceptual design, and thereby significantly reduce the need for expensive security corrections after a system enters operation

View Accepted Manuscript (DOE)

Cite

Export

Save

Research Organization:: Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)

Sponsoring Organization:: USDOE

Grant/Contract Number:: AC05-00OR22725

OSTI ID:: 1223064

Journal Information:: Journal of Defense Modeling and Simulation, Vol. 12; ISSN 1548-5129

Publisher:: Society for Modeling and Simulation InternationalCopyright Statement

Country of Publication:: United States

Language:: English

References (4)

Secure it now or secure it later: the benefits of addressing cyber-security from the outset Olama, Mohammed M.; Nutaro, James SPIE Defense, Security, and Sensing, SPIE Proceedings https://doi.org/10.1117/12.2015465	conference	May 2013
Resilience metrics for cyber systems Linkov, Igor; Eisenberg, Daniel A.; Plourde, Kenton Environment Systems and Decisions, Vol. 33, Issue 4 https://doi.org/10.1007/s10669-013-9485-y	journal	November 2013
Closed-form expressions for distribution of sum of exponential random variables Amari, S. V.; Misra, R. B. IEEE Transactions on Reliability, Vol. 46, Issue 4 https://doi.org/10.1109/24.693785	journal	January 1997
Cybersecurity Standards: Managing Risk and Creating Resilience Collier, Zachary A.; DiMase, Daniel; Walters, Steve Computer, Vol. 47, Issue 9, p. 70-76 https://doi.org/10.1109/MC.2013.448	journal	September 2014

Similar Records

Countering Cyber Sabotage: Introducing Consequence-Driven Cyber-Informed Engineering (CCE)

Book · Wed Sep 01 00:00:00 EDT 2021 · OSTI ID:1223064

Bochman, Andrew A; Freeman, Sarah G

Blackcomb: Hardware-Software Co-design for Non-Volatile Memory in Exascale Systems

Technical Report · Wed Nov 26 00:00:00 EST 2014 · OSTI ID:1223064

Schreiber, Robert

Final Technical Report on Quantifying Dependability Attributes of Software Based Safety Critical Instrumentation and Control Systems in Nuclear Power Plants

Technical Report · Fri Mar 25 00:00:00 EDT 2016 · OSTI ID:1223064

Smidts, Carol; Huang, Funqun; Li, Boyuan; +1 more

Related Subjects

97 MATHEMATICS AND COMPUTING

Title: Towards improving software security by using simulation to inform requirements and conceptual design

Citation Formats

References (4)

Similar Records

Related Subjects