Modeling human-in-the-loop security analysis and decision-making process

Loading...
Thumbnail Image
Authors
Schumann, Michael A.
Drusinsky, Doron
Michael, James B.
Wijesekera, Duminda
Subjects
Formal methods
Information assurance
Process modeling
Software engineering
Statechart assertions
Verification and validation
Advisors
Date of Issue
2014-02
Date
Publisher
IEEE
Language
Abstract
This paper presents a novel application of computer-assisted formal methods for systematically specifying, documenting, statically and dynamically checking, and maintaining human-centered workflow processes. This approach provides for end-to-end verification and validation of process workflows, which is needed for process workflows that are intended for use in developing and maintaining high-integrity systems. We demonstrate the technical feasibility of our approach by applying it on the development of the US government’s process workflow for implementing, certifying, and accrediting cross-domain computer security solutions. Our approach involves identifying human-in-the-loop decision points in the process activities and then modeling these via statechart assertions. We developed techniques to specify and enforce workflow hierarchies, which was a challenge due to the existence of concurrent activities within complex workflow processes. Some of the key advantages of our approach are: it results in development of a model that is executable, supporting both upfront and runtime checking of process-workflow requirements; aids comprehension and communication among stakeholders and process engineers; and provides for incorporating accountability and risk management into the engineering of process workflows.
Type
Article
Description
The article of record as published may be found at http://dx.doi.org/10.1109/TSE/2014.2302433
Series/Report No
Department
Electrical and Computer Engineering
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
13 p.
Citation
M.A. Schumann, D. Drusinsky, J.B. Michael, D. Wijesekera, "Modeling human-in-the-loop security analysis and decision-making processes," IEEE Transactions on Software Engineering, v.40, no.2, (February 2014), pp. 154-166.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections