Naval Postgraduate School
Dudley Knox Library
NPS Dudley Knox Library
View Item 
  •   Calhoun Home
  • Departments, Schools and Academic Groups Publications
  • Acquisition Research Program
  • Acquisition Research Symposium
  • View Item
  •   Calhoun Home
  • Departments, Schools and Academic Groups Publications
  • Acquisition Research Program
  • Acquisition Research Symposium
  • View Item
  • How to search in Calhoun
  • My Accounts
  • Ask a Librarian
JavaScript is disabled for your browser. Some features of this site may not work without it.

Browse

All of CalhounCollectionsThis Collection

My Account

LoginRegister

Statistics

Most Popular ItemsStatistics by CountryMost Popular Authors

Improving Security in Software Acquisition with Data Retention Specifications

Thumbnail
Download
IconCMU-AM-17-036.pdf (1.659Mb)
Download Record
Download to EndNote/RefMan (RIS)
Download to BibTex
Author
Smullen, Daniel
Breaux, Travis
Date
2017-03
Metadata
Show full item record
Abstract
The Department of Defense (DoD) Risk Management Framework (RMF) for IT systems is aligned with the National Institute for Standards and Technology (NIST) guidance for federal IT architectures, including emergent mobile and cloud-based platforms. This guidance serves as a prescriptive lifecycle for IT engineers to recognize, understand, and mitigate security risks. However, integrators are left with the challenge - during acquisition, and during runtime integration with external services - to reason about the actions on data inherent in their system designs that may have confidentiality risks. These risks may lead to data spills; loss of confidentiality for mission data, and/or revelations about private data related to service members and their families. Solutions are needed to assist acquisition professionals to align system data practices with the RMF and NIST guidance, as well as DoD IA directives - particularly with respect to the collection, usage, transfer, and retention of data. To provide support to this end, we extended our initial automation framework, to support reasoning over data retention actions using a formal language. We propose an evaluation method for these extensions, carried out through simulations of real-world IT systems using imitation but statistically accurate synthetic data. Our language aims to address dynamically composable, multi-party systems that preserve security properties and address incipient data privacy concerns. Software developers and certification authorities can use these profiles expressed in first-order logic with an inference engine to advance the RMF, express data retention actions that promote confidentiality, and re-evaluate risk mitigation and compliance as IT systems evolve over time.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
URI
http://hdl.handle.net/10945/58892
NPS Report Number
CMU-AM-17-036
Collections
  • Acquisition Research Symposium

Related items

Showing items related by title, author, creator and subject.

  • Thumbnail

    Commercial mobile device technology implementation implications in United States Marine Corps processes: a case study approach 

    Ellis, Buddy J. (Monterey, California: Naval Postgraduate School, 2016-09);
    The United States Marine Corps is operating in an increasingly resource-limited and fiscally constrained environment while simultaneously becoming more dependent on information technology systems to efficiently train and ...
  • Thumbnail

    The effect of stem degrees on the performance and retention of junior officers in the U.S. Navy 

    Maugeri, William V., III (Monterey, California: Naval Postgraduate School, 2016-03);
    The Navy has long operated under the Rickover hypothesis, stressing the importance of recruiting and retaining Science Technology Mathematics and Engineering (STEM) background officers to man the increasingly technologically ...
  • Thumbnail

    Secure local area network services for a high assurance multilevel network 

    BryerJoyner, Susan; Heller, Scott D. (Monterey, California. Naval Postgraduate School, 1999-03);
    To reduce the cost and complexity of the current DoD information infrastructure, a Multilevel Secure (MLS) network solution eliminating hardware redundancies is required. Implementing a high assurance MLS LAN requires the ...
NPS Dudley Knox LibraryDUDLEY KNOX LIBRARY
Feedback

411 Dyer Rd. Bldg. 339
Monterey, CA 93943
circdesk@nps.edu
(831) 656-2947
DSN 756-2947

    Federal Depository Library      


Start Your Research

Research Guides
Academic Writing
Ask a Librarian
Copyright at NPS
Graduate Writing Center
How to Cite
Library Liaisons
Research Tools
Thesis Processing Office

Find & Download

Databases List
Articles, Books & More
NPS Theses
NPS Faculty Publications: Calhoun
Journal Titles
Course Reserves

Use the Library

My Accounts
Request Article or Book
Borrow, Renew, Return
Tech Help
Remote Access
Workshops & Tours

For Faculty & Researchers
For International Students
For Alumni

Print, Copy, Scan, Fax
Rooms & Study Spaces
Floor Map
Computers & Software
Adapters, Lockers & More

Collections

NPS Archive: Calhoun
Restricted Resources
Special Collections & Archives
Federal Depository
Homeland Security Digital Library

About

Hours
Library Staff
About Us
Special Exhibits
Policies
Our Affiliates
Visit Us

NPS-Licensed Resources—Terms & Conditions
Copyright Notice

Naval Postgraduate School

Naval Postgraduate School
1 University Circle, Monterey, CA 93943
Driving Directions | Campus Map

This is an official U.S. Navy Website |  Please read our Privacy Policy Notice  |  FOIA |  Section 508 |  No FEAR Act |  Whistleblower Protection |  Copyright and Accessibility |  Contact Webmaster

Export search results

The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

A logged-in user can export up to 15000 items. If you're not logged in, you can export no more than 500 items.

To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.