Please use this identifier to cite or link to this item:
https://dair.nps.edu/handle/123456789/1314
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Daniel Smullen | |
dc.contributor.author | Travis Breaux | |
dc.date.accessioned | 2020-03-16T17:51:48Z | - |
dc.date.available | 2020-03-16T17:51:48Z | - |
dc.date.issued | 2015-04-30 | |
dc.identifier.citation | Published--Unlimited Distribution | |
dc.identifier.uri | https://dair.nps.edu/handle/123456789/1314 | - |
dc.description | Acquisition Management / Defense Acquisition Community Contributor | |
dc.description.abstract | Department of Defense (DoD) acquisition requires IT to undergo the DoD information assurance certification and accreditation process (DIACAP), which makes architecturedependent assumptions. Emerging IT architectures, such as mobile and cloud-based platforms, invalidate these assumptions and prevent the DoD from acquiring commercial technologies that are readily available to adversaries. To address this problem, we extended our initial automation framework, wherein an application profile is expressed in a formal language and scaled with evolving architectural assumptions. These profiles will help ensure that information assurance requirements are commensurate with risk and scalable based on an application's changing external dependencies. Information assurance risk levels must account for changing environmental and IA parameters (confidentiality, integrity, and availability) that result from dynamic recombination of applications during runtime. Our proposed language aims to address dynamically composable, multi-party systems that preserve security properties. Software developers and certification authorities can use these pofiles expressed in first-order logic with an inference engine to advance the DIACAP and re-check compliance as IT systems evolve over time. | |
dc.description.sponsorship | Acquisition Research Program | |
dc.language | English (United States) | |
dc.publisher | Acquisition Research Program | |
dc.relation.ispartofseries | Weapons Systems Procurement | |
dc.relation.ispartofseries | SYM-AM-15-104 | |
dc.subject | Rapid Recertification | |
dc.subject | Formal Analysis | |
dc.subject | DoD Information Assurance Certification and Accreditation Process | |
dc.subject | DIACAP | |
dc.subject | Architecturedependent Assumptions | |
dc.subject | IT Architectures | |
dc.subject | Automation Framework | |
dc.title | Towards Rapid Recertification Using Formal Analysis | |
dc.type | Article | |
Appears in Collections: | Annual Acquisition Research Symposium Proceedings & Presentations |
Files in This Item:
File | Size | Format | |
---|---|---|---|
SYM-AM-15-104.pdf | 1.18 MB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.