Addressing Challenges in the Acquisition of Secure Software Systems With Open Architectures
MetadataShow full item record
We seek to articulate and address a number of emerging challenges in continuously assuring the security of open architecture (OA) software systems throughout the system acquisition life-cycle. It is now clear that future system must resist coordinated international attacks on vulnerable software-intensive systems that are of high value, and control complex systems. But current approaches to system security are most often piecemeal with little or no support for guiding what system security requirements must address across different system-processing elements and data levels, and how those can be manifest during the design, building, and deployment of OA software systems. We present a framework that organizes OA system security elements and mechanisms in forms that can be aligned with different stages of acquisition spanning system design, building, and run-time deployment, as well as system evolution. We provide a case study to show our scheme and how it can be applied to common enterprise systems.
Proceedings Paper (for Acquisition Research Program)
NPS Report NumberNPS-AM-12-C9P06R02-054
Showing items related by title, author, creator and subject.
Naegle, Brad (Monterey, California. Naval Postgraduate School, 2006); NPS-AM-06-070The following article is taken as an excerpt from the proceedings of the annual Acquisition Research Program. This annual event showcases the research projects funded through the Acquisition Research Program at the Graduate ...
Uzunoglu, Ertugrul (Monterey, California. Naval Postgraduate School, 1998-09-01);The Defense Acquisition System acquires weapon systems and other items used by armed forces to meet threats to national security in a rapidly changing internal and external environment. Over the last decade, many improvements ...
Morgan, Mark R. (Monterey California. Naval Postgraduate School, 2013-09);There are significant gaps in the United States Navy Submarine Forces ability to integrate and manage Information Assurance requirements (IA), Information Technology (IT) manpower, End-to-End security, IT equipment, IT ...