Evaluating configuration management tools for high assurance software development projects
MetadataShow full item record
This thesis establishes a framework for evaluating automated configuration management tools for use in high assurance software development projects and uses the framework to evaluate eight tools. The evaluation framework identifies a dozen feature areas that affect a high assurance project team's ability to achieve its configuration management goals and evaluates the different methods that existing tools use to implement each feature area. Each implementation method is assigned a risk rating that approximates the relative risk that the method adds to the overall configuration management process. The tools with the lowest total ratings minimize risk to high assurance projects. The results of the evaluation show that although certain tools are less risky to use than other tools for high assurance projects, no tool minimizes risk in all feature areas. Furthermore, none of the existing tools are designed to leverage high assurance environments-i.e. none run on operating systems that have themselves been evaluated as meeting high assurance requirements. Thus, high assurance development projects that want to leverage the benefits of configuration management tools and achieve a sufficiently strong configuration management solution must employ existing tools in a protected environment that specifically addresses the risks created by the tools' implementation methods.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Gross, Michael E. (Monterey, California. Naval Postgraduate School, 2004-03);Configuration Management (CM) plays a vital role in the development of trusted computing systems. The Common Criteria (CC) provides a framework for performing Information Technology (IT) security evaluations of these systems ...
Naval Postgraduate School (U.S.); Center for Information Systems Studies Security and Research (CISR) (2011-03);The overarching objective of Information Assurance (IA) studies is to improve security in real systems. The CISR program enables students to understand the kinds of technologies that are available to solve current computer ...
Nguyen, Thuy D.; Irvine, Cynthia E. (International Conference on Information Warfare and Security (ICIW 2008), April 2008, Omaha, Nebraska, USA, 2008-04-01);Success in information warfare will depend on resilient, reconstitutable cyber assets and the ability to assess and respond to attacks. A cornerstone of this success will be the ability of Information Assurance professionals ...