Show simple item record

dc.contributor.authorSchumann, Michael A.
dc.contributor.authorDrusinsky, Doron
dc.contributor.authorMichael, James B.
dc.contributor.authorWijesekera, Duminda
dc.date.accessioned2017-12-21T22:03:12Z
dc.date.available2017-12-21T22:03:12Z
dc.date.issued2014-02
dc.identifier.citationM.A. Schumann, D. Drusinsky, J.B. Michael, D. Wijesekera, "Modeling human-in-the-loop security analysis and decision-making processes," IEEE Transactions on Software Engineering, v.40, no.2, (February 2014), pp. 154-166.en_US
dc.identifier.urihttp://hdl.handle.net/10945/56499
dc.descriptionThe article of record as published may be found at http://dx.doi.org/10.1109/TSE/2014.2302433en_US
dc.description.abstractThis paper presents a novel application of computer-assisted formal methods for systematically specifying, documenting, statically and dynamically checking, and maintaining human-centered workflow processes. This approach provides for end-to-end verification and validation of process workflows, which is needed for process workflows that are intended for use in developing and maintaining high-integrity systems. We demonstrate the technical feasibility of our approach by applying it on the development of the US government’s process workflow for implementing, certifying, and accrediting cross-domain computer security solutions. Our approach involves identifying human-in-the-loop decision points in the process activities and then modeling these via statechart assertions. We developed techniques to specify and enforce workflow hierarchies, which was a challenge due to the existence of concurrent activities within complex workflow processes. Some of the key advantages of our approach are: it results in development of a model that is executable, supporting both upfront and runtime checking of process-workflow requirements; aids comprehension and communication among stakeholders and process engineers; and provides for incorporating accountability and risk management into the engineering of process workflows.en_US
dc.format.extent13 p.en_US
dc.publisherIEEEen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleModeling human-in-the-loop security analysis and decision-making processen_US
dc.typeArticleen_US
dc.contributor.corporateNaval Postgraduate School (U.S.)en_US
dc.contributor.departmentElectrical and Computer Engineeringen_US
dc.subject.authorFormal methodsen_US
dc.subject.authorInformation assuranceen_US
dc.subject.authorProcess modelingen_US
dc.subject.authorSoftware engineeringen_US
dc.subject.authorStatechart assertionsen_US
dc.subject.authorVerification and validationen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record