Modeling human-in-the-loop security analysis and decision-making process
Schumann, Michael A.
Michael, James B.
MetadataShow full item record
This paper presents a novel application of computer-assisted formal methods for systematically specifying, documenting, statically and dynamically checking, and maintaining human-centered workflow processes. This approach provides for end-to-end verification and validation of process workflows, which is needed for process workflows that are intended for use in developing and maintaining high-integrity systems. We demonstrate the technical feasibility of our approach by applying it on the development of the US government’s process workflow for implementing, certifying, and accrediting cross-domain computer security solutions. Our approach involves identifying human-in-the-loop decision points in the process activities and then modeling these via statechart assertions. We developed techniques to specify and enforce workflow hierarchies, which was a challenge due to the existence of concurrent activities within complex workflow processes. Some of the key advantages of our approach are: it results in development of a model that is executable, supporting both upfront and runtime checking of process-workflow requirements; aids comprehension and communication among stakeholders and process engineers; and provides for incorporating accountability and risk management into the engineering of process workflows.
The article of record as published may be found at http://dx.doi.org/10.1109/TSE/2014.2302433
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Nassif, Tobias A. (Monterey, California. Naval Postgraduate School, 1995-03);The need to improve work processes and the ability to respond quickly and accurately to the customer's needs are important considerations for organizations today. Port Hueneme Division-Naval Surface Warfare Center (PHD-NSWC) ...
The application of reengineering to the acquisition planning process for a major weapon system: a case for information technology St. Mortiz, Mark E (Monterey, California. Naval Postgraduate School, 1997-06);Effective and timely acquisition planning is vital to the successful procurement of a major weapon system. However, the underlying process may not be well understood or defined, is labor intensive and heavily bureaucratic. ...
Runde, Sharon M. (Monterey, California: Naval Postgraduate School, 2014-09);This project examines the current business processes for micro-purchases within the government and analyzes the current processes with a potential to be system by utilizing business process re-engineering (BPR). The ...