Using simulation to engineer cybersecurity requirements
Article No.: 45, Pages 1 - 4
Abstract
When large software projects fail, it is often because of inappropriate, misunderstood, or poorly conceived requirements. When a project is successful, the cost of building the system can be exceeded by the cost of correcting problems discovered after delivery. This is particularly true of cybersecurity problems, which are typically discovered after a system has been put into operation. By addressing cybersecurity in a system's requirements - at the beginning of the system lifecycle - the total cost of the system can be substantially reduced. In this paper, we discuss the role that modeling and simulation may play in the construction of appropriate and clearly articulated requirements for cybersecurity in complex software systems.
References
[1]
R. N. Charette. Why software fails. IEEE Spectrum, September 2005.
[2]
P. K. Davis and R. H. Anderson. Improving the Composability of Department of Defense Models and Simulations. RAND Corporation, Santa Monica, CA, 2004.
[3]
S. Komanduri, R. Shay, P. G. Kelley, M. L. Mazurek, L. Bauer, N. Christin, L. F. Cranor, and S. Egelman. Of passwords and people: measuring the effect of password-composition policies. In Proceedings of the 2011 annual conference on Human factors in computing systems (CHI '11). ACM, 2011.
[4]
E. Mak, S. Mittal, M.-H. Hwang, and J. J. Nutaro. Automated Link-16 testing using the discrete event system specification and extensible markup language. The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, 7(1):39--62, January 2010.
[5]
National Institute of Standards and Technology. Special Publication 800-53 Revision 3: Recommended security controls for federal information systems and organizations, August 2009.
[6]
National Research Council Committee on Modeling and Simulation Enhancements for 21st Century Manufacturing and Defense Acquisition. Modeling and Simulation in Manufacturing and Defense Acquisition: Pathways to Success. The National Academies Press, 2002.
[7]
J. Nutaro. A Discrete EVent System simulator, June 2012.
[8]
J. J. Nutaro. Building Software for Simulation: Theory and Algorithms, with Applications in C++. Wiley, 2010.
[9]
K. R. Rosen. The history of medical simulation. Journal of Critical Care, 23(2):157--166, 2008.
[10]
U. S. Department of Homeland Security. Catalog of Control Systems Security: Recommendations for Standards Developers, March 2010.
[11]
B. P. Zeigler, H. Praehofer, and T. G. Kim. Theory of Modeling and Simulation, 2nd edition. Academic Press, 2000.
Index Terms
- Using simulation to engineer cybersecurity requirements
Recommendations
What Is a Requirements Engineer?
The lack of a clear definition about what constitutes a requirements engineer is problematic. Companies trying to establish clear RE responsibilities don't have clear standards on how to train their people, define the role, or choose the right people ...
Quality Requirements Analysis Using Requirements Frames
QSIC '11: Proceedings of the 2011 11th International Conference on Quality SoftwareDefining quality requirements completely and correctly is more difficult than defining functional requirements because stakeholders do not state most of quality requirements explicitly. We thus propose a method to measure a requirements specification ...
Using Simulation to Investigate Requirements Prioritization Strategies
ASE '08: Proceedings of the 23rd IEEE/ACM International Conference on Automated Software EngineeringAgile and traditional plan-based approaches to software system development both agree that prioritizing requirements is an essential activity. They differ in basic strategy - when to prioritize, to what degree, and how to guide implementation. As with ...
Comments
Information & Contributors
Information
Published In
January 2013
282 pages
ISBN:9781450316873
DOI:10.1145/2459976
Copyright © 2013 Authors.
Sponsors
- Los Alamos National Labs: Los Alamos National Labs
- Sandia National Labs: Sandia National Laboratories
- DOE: Department of Energy
- Oak Ridge National Laboratory
- Lawrence Livermore National Lab.: Lawrence Livermore National Laboratory
- BERKELEYLAB: Lawrence National Berkeley Laboratory
- Argonne Natl Lab: Argonne National Lab
- Idaho National Lab.: Idaho National Laboratory
- Pacific Northwest National Laboratory
- Nevada National Security Site: Nevada National Security Site
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 January 2013
Check for updates
Qualifiers
- Research-article
Conference
CSIIRW '13
Sponsor:
- Los Alamos National Labs
- Sandia National Labs
- DOE
- Lawrence Livermore National Lab.
- BERKELEYLAB
- Argonne Natl Lab
- Idaho National Lab.
- Nevada National Security Site
CSIIRW '13: Cyber Security and Information Intelligence
January 8 - 10, 2013
Tennessee, Oak Ridge, USA
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 126Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 07 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in