Software Engineering Architecture Team

The University of Tulsa

Home
Publications
- 2006-2008
- 1992-2005
Research
- SALR
- SCM
Courses
Tools
- Collidescope
- ConPN
People
Links
Contact Us
Site Map
Contact:
Dr. R. F. Gamble
gamble@utulsa.edu

reSEAT yourself in our world of research...

Security Certification Modeling, AFOSR, 2005-2008

The Air Force Office of Scientific Research has awarded a 3+ year contract to Dr. Rose Gamble to explore Security Certification Modeling for systems of systems. A framework for Security Certification Models (SCMs) has been completed and can be successfully migrated to the DIACAP. The framework consists of a UML Component Security Policy Profile and Policy Interaction Semantics. SCMs have been illustrated using three distinct examples encompassing multiple security policies, constraints, and certification criteria. Expressing certification criteria to adequately determine compliance can benefit from both uniform and detailed terminology. The framework provides a foundation for this terminology through its policy interaction semantics - a detailed definition and resource reference that substantiates each attribute, method, and constraint across multiple policies.

Research during 2006 and 2007 saw the completion of the security certification modeling framework, the instantiation of three distinct examples to show its use in conflict detection, and the uniform expression of specific certification guidelines in domain-specific terms that adhered to framework attributes. The framework is comprised of a UML Component Security Policy Profile and Policy Interaction Semantics. The Component Security Policy Profile specifies in UML the Security Policy Descriptors developed in the first year of the effort. During the past year (the second year of the effort) the Security Policy Descriptors have been assigned attributes, methods, and constraints according to Policy Interaction Semantics that substantiates similar naming conventions that can be distinctly used by different security policy types as needed. Templates for constraints on instantiated policies were outlined to promote flexibility with instantiating a particular security policy type for a specific component. Finally, we have explored the development of a Violation Tree to allow for visual and graphical processing of policy interaction conflicts or clashes and their relationship to risks with respect to confidentiality, integrity, and availability.