Please use this identifier to cite or link to this item:
Title: Managing Risk in Mobile Applications With Formal Security Policies
Authors: Travis Breaux
Ashwini Rao
Keywords: Information Technology
IT Architectures
Mobile Computing Platforms
Commercial Technology
Net-Centric Warfare
Issue Date: 30-Apr-2013
Publisher: Acquisition Research Program
Citation: Published--Unlimited Distribution
Series/Report no.: Information Technology
Abstract: Department of Defense (DoD) acquisition requires information technology (IT) to undergo the DoD information assurance certification and accreditation process (DIACAP), which makes strong architecture-dependent assumptions. Emerging IT architectures, such as mobile computing platforms, invalidate these assumptions and prevent the DoD from acquiring commercial technologies that are readily available to adversaries. To address this problem, we introduce a preliminary framework in which an application profile is expressed in a formal language and scaled with evolving architectural assumptions. This profile aims to incorporate information assurance (IA) requirements that are commensurate with risk and scalable based on an application's changing external dependencies. Information assurance risk levels that account for changing user identities and IA parameters (confidentiality, integrity, and availability) will result from dynamic recombination of mobile applications during runtime. The language is expressed in first-order logic and includes an evolvable lexicon to describe changing system configurations. We envision that software developers and certification authorities can use these formal profiles with an inference engine to complete the DIACAP and maintain compliance as IT systems evolve over time. The framework has been evaluated using existing DoD acquisition and DIACAP policy and a case study in a popular mobile application ecosystem.
Description: Software Acquisition / Defense Acquisition Community Contributor
Appears in Collections:Annual Acquisition Research Symposium Proceedings & Presentations

Files in This Item:
File SizeFormat 
SYM-AM-13-069.pdf317.28 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.