Towards a Requirements-Driven Workbench for Supporting Software Certification and Accreditation

Authors:
Seok-Won Lee;Robin A. Gandhi;Siddharth Wagle
Affiliations:
University of North Carolina at Charlotte, USA;University of North Carolina at Charlotte, USA;University of North Carolina at Charlotte, USA
Venue:
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Year:
2007

Citing 7
Cited 4

OKBC: a programmatic foundation for knowledge base interoperability

AAAI '98/IAAI '98 Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence
Guest Editors' Introduction: Ontologies

IEEE Intelligent Systems
Goal-Oriented Requirements Enginering: A Roundtrip from Research to Practice

RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Establishing trustworthiness in services of the critical infrastructure through certification and accreditation

SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Ontology-based Active Requirements Engineering Framework

APSEC '05 Proceedings of the 12th Asia-Pacific Software Engineering Conference
Building problem domain ontology from security requirements in regulatory documents

Proceedings of the 2006 international workshop on Software engineering for secure systems
Process Artifacts Defined as an Aspectual Service to System Models

SOCCER '06 Proceedings of the Service-Oriented Computing: Consequences for Engineering Requirements

The 3rd International Workshop on Software Engineering for Secure Systems SESS07--Dependable and Secure

ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Visual Analytics for Requirements-driven Risk Assessment

REV '07 Proceedings of the Second International Workshop on Requirements Engineering Visualization
A software product certification model

Software Quality Control
Reducing the footprint of certifiable health software during early stage development

Proceedings of the 3rd Workshop on Software Engineering in Health Care

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security certification activities for software systems rely heavily on requirements mandated by regulatory documents and their compliance evidences to support accreditation decisions. Therefore, the design of a workbench to support these activities should be grounded in a thorough understanding of the characteristics of certification requirements and their relationships with certification activities. To this end, we utilize our findings from the case study of a certification process of The United States Department of Defense (DoD) to identify the design objectives of a requirements-driven workbench for supporting certification analysts. The primary contributions of this paper are: identifying key areas of automation and tool support for requirements-driven certification activities; an ontology-driven dynamic and flexible workbench architecture to address process variability; and a prototype implementation.