Keynote: Security Engineering: Developments and Directions

Abstract

Security Engineering is a critical component of systems engineering. When complex and large systems are put together, one needs to ensure that the systems are secure. Security engineering methodologies include gathering the security requirements, specifying the security policies, designing the security model, identifying the security critical components of the system design, security verification and validation and security testing. Before installation, one needs to develop a concept of operation (CONOPS) as well as carry out certification and accreditation. Much of the previous work in security engineering has focused on end to end security. That is, the organization needs to ensure that the applications, database systems, operating systems and networks have to be secure. In addition, one needs to ensure security when the subsystems are composed to form a larger system. More recently with open systems and the Web, secure system development is taking a whole new direction. The Office of the Deputy Assistant Secretary of Defense in the United States (Information and Identity Assurance) has stated that "the Department of Defense's (DoD) policy, planning, and war fighting capabilities are heavily dependent on the information technology foundation provided by the Global Information Grid (GIG). However, the GIG was built for business efficiency instead of mission assurance against sophisticated adversaries who have demonstrated intent and proven their ability to use cyberspace as a tool for espionage and criminal theft of data. GIG mission assurance works to ensure the DoD is able to accomplish its critical missions when networks, services, or information are unavailable, degraded, or distrusted." To meet the needs of mission assurance challenges, President's (George W. Bush) cyber plan (CNCI) has listed the area of developing multipronged approaches to supply chain risk management as one of the priorities. CNCI states that the reality of global supply chains presents significant challenges in thwarting counterfeit, or maliciously designed hardware and software products. To overcome such challenges and support successful mission assurance we need to design flexible and secure systems whose components may be untrusted or faulty. We need to achieve the secure operation of mission critical systems constructed from untrusted, semitrusted and fully trusted components for successful mission assurance. This keynote address will discuss the developments in security engineering from requirements, to policy to model to design to verification to testing as well as developing CONOPS and conducting certification and accreditation. System evaluation, usability and metrics related issues will also be discussed. Finally we will discuss the changes that have to be made to security engineering to support the next generation of secure systems for mission critical applications.