NDLI: Reducing software assurance risks for security-critical and safety-critical systems

Content Provider	IEEE Xplore Digital Library
Author	Axelrod, C.W.
Copyright Year	2014
Description	Author affiliation: C. Warren Axelrod, LLC, Great Neck, NY, USA (Axelrod, C.W.)
Abstract	According to the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)), the US Department of Defense (DoD) recognizes that there is a “persistent lack of a consistent approach ... for the certification of software assurance tools, testing and methodologies” [1]. As a result, the ASD(R&E) is seeking “to address vulnerabilities and weaknesses to cyber threats of the software that operates ... routine applications and critical kinetic systems ...” The mitigation of these risks has been recognized as a significant issue to be addressed in both the public and private sectors. In this paper we examine deficiencies in various software-assurance approaches and suggest ways in which they can be improved. We take a broad look at current approaches, identify their inherent weaknesses and propose approaches that serve to reduce risks. Some technical, economic and governance issues are: (1) Development of software-assurance technical standards (2) Management of software-assurance standards (3) Evaluation of tools, techniques, and metrics (4) Determination of update frequency for tools, techniques (5) Focus on most pressing threats to software systems (6) Suggestions as to risk-reducing research areas (7) Establishment of models of the economics of software-assurance solutions, and testing and certifying software We show that, in order to improve current software assurance policy and practices, particularly with respect to security, there has to be a major overhaul in how software is developed, especially with respect to the requirements and testing phases of the SDLC (Software Development Lifecycle). We also suggest that the current preventative approaches are inadequate and that greater reliance should be placed upon avoidance and deterrence. We also recommend that those developing and operating security-critical and safety-critical systems exchange best-ofbreed software assurance methods to prevent the vulnerability of components leading to compromise of entire systems of systems. The recent catastrophic loss of a Malaysia Airlines airplane is then presented as an example of possible compromises of physical and logical security of on-board communications and management and control systems.
Sponsorship	IEEE Long Island Sect.
Starting Page	1
Ending Page	6
File Size	202580
Page Count	6
File Format	PDF
ISBN	9781479938506
DOI	10.1109/LISAT.2014.6845212
Language	English
Publisher	Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher Date	2014-05-02
Publisher Place	USA
Access Restriction	Subscribed
Rights Holder	Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subject Keyword	Security Testing Standards Measurement Software systems Organizations governance risk software assurance security-critical systems safety-critical systems cyber-physical systems vulnerabilities weaknesses cyber threats technical standards
Content Type	Text
Resource Type	Article

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in

Analysis of security threats and vulnerability for cyber-physical systems

Managing the risks of cyber-physical systems

Goal-based assessment for the cybersecurity of critical infrastructure

Quantifying the impact of unavailability in cyber-physical environments

Cyber security quantification model

A Security Threats Measurement Model for Reducing Cloud Computing Security Risk

Information security risk assessment in SCM

Supply chain risk management - Understanding vulnerabilities in code you buy, build, or integrate

System and network trustworthiness in perspective

Reducing software assurance risks for security-critical and safety-critical systems

Similar Documents

Analysis of security threats and vulnerability for cyber-physical systems

Managing the risks of cyber-physical systems

Goal-based assessment for the cybersecurity of critical infrastructure

Quantifying the impact of unavailability in cyber-physical environments

Cyber security quantification model

A Security Threats Measurement Model for Reducing Cloud Computing Security Risk

Information security risk assessment in SCM

Supply chain risk management - Understanding vulnerabilities in code you buy, build, or integrate

System and network trustworthiness in perspective

Reducing software assurance risks for security-critical and safety-critical systems