Certification process artifacts defined as measurable units for software assurance

Seok Won Lee, Robin A. Gandhi, Gail-Joon Ahn

Research output: Contribution to journalArticle

10 Citations (Scopus)

Abstract

Certification and Accreditation (C&A) process artifacts for software-intensive systems are characterized by the metrics and measures required to be produced from their units of analysis for assessing system behaviour. Software-intensive systems are complex clusters of closely interdependent system of systems that include underlying software, systems, people, processes, and operational environments. Naturally, such systems require carefully designed C&A artifacts that consider metrics and measures from multiple dimensions at different levels of abstraction in the Universe of Discourse (UoD) in order to understand, predict, and control their emergent behaviour. Hence, C&A artifacts defined as measurable units for software assurance should be the result of an aggregated reasoning of evidences from various dimensions, while maintaining traceability and alignment to real world goals/objectives in all stages of the system lifecycle. To address these research objectives, we present a novel integration framework that promotes cohesion and traceability among metrics and measures from multiple dimensions in the problem domain on the basis of the definition of a common language. By applying our framework to automate the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), we also motivate the design principles and modelling techniques necessary to generalize a course of action to conduct C&A processes with appropriate tool support for software-intensive systems.

Original languageEnglish (US)
Pages (from-to)165-189
Number of pages25
JournalSoftware Process Improvement and Practice
Volume12
Issue number2
DOIs
StatePublished - Mar 2007
Externally publishedYes

Fingerprint

Accreditation
Information technology
Computer systems
System of systems

Keywords

  • Certification and accreditation
  • Metrics and measures
  • Ontological engineering
  • Requirements engineering
  • Risk assessment
  • Software-intensive systems

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Certification process artifacts defined as measurable units for software assurance. / Lee, Seok Won; Gandhi, Robin A.; Ahn, Gail-Joon.

In: Software Process Improvement and Practice, Vol. 12, No. 2, 03.2007, p. 165-189.

Research output: Contribution to journalArticle

@article{1fd9e42db48044ef84225ad5b225d0e8,
title = "Certification process artifacts defined as measurable units for software assurance",
abstract = "Certification and Accreditation (C&A) process artifacts for software-intensive systems are characterized by the metrics and measures required to be produced from their units of analysis for assessing system behaviour. Software-intensive systems are complex clusters of closely interdependent system of systems that include underlying software, systems, people, processes, and operational environments. Naturally, such systems require carefully designed C&A artifacts that consider metrics and measures from multiple dimensions at different levels of abstraction in the Universe of Discourse (UoD) in order to understand, predict, and control their emergent behaviour. Hence, C&A artifacts defined as measurable units for software assurance should be the result of an aggregated reasoning of evidences from various dimensions, while maintaining traceability and alignment to real world goals/objectives in all stages of the system lifecycle. To address these research objectives, we present a novel integration framework that promotes cohesion and traceability among metrics and measures from multiple dimensions in the problem domain on the basis of the definition of a common language. By applying our framework to automate the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), we also motivate the design principles and modelling techniques necessary to generalize a course of action to conduct C&A processes with appropriate tool support for software-intensive systems.",
keywords = "Certification and accreditation, Metrics and measures, Ontological engineering, Requirements engineering, Risk assessment, Software-intensive systems",
author = "Lee, {Seok Won} and Gandhi, {Robin A.} and Gail-Joon Ahn",
year = "2007",
month = "3",
doi = "10.1002/spip.313",
language = "English (US)",
volume = "12",
pages = "165--189",
journal = "Software Process Improvement and Practice",
issn = "1077-4866",
publisher = "John Wiley and Sons Inc.",
number = "2",

}

TY - JOUR

T1 - Certification process artifacts defined as measurable units for software assurance

AU - Lee, Seok Won

AU - Gandhi, Robin A.

AU - Ahn, Gail-Joon

PY - 2007/3

Y1 - 2007/3

N2 - Certification and Accreditation (C&A) process artifacts for software-intensive systems are characterized by the metrics and measures required to be produced from their units of analysis for assessing system behaviour. Software-intensive systems are complex clusters of closely interdependent system of systems that include underlying software, systems, people, processes, and operational environments. Naturally, such systems require carefully designed C&A artifacts that consider metrics and measures from multiple dimensions at different levels of abstraction in the Universe of Discourse (UoD) in order to understand, predict, and control their emergent behaviour. Hence, C&A artifacts defined as measurable units for software assurance should be the result of an aggregated reasoning of evidences from various dimensions, while maintaining traceability and alignment to real world goals/objectives in all stages of the system lifecycle. To address these research objectives, we present a novel integration framework that promotes cohesion and traceability among metrics and measures from multiple dimensions in the problem domain on the basis of the definition of a common language. By applying our framework to automate the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), we also motivate the design principles and modelling techniques necessary to generalize a course of action to conduct C&A processes with appropriate tool support for software-intensive systems.

AB - Certification and Accreditation (C&A) process artifacts for software-intensive systems are characterized by the metrics and measures required to be produced from their units of analysis for assessing system behaviour. Software-intensive systems are complex clusters of closely interdependent system of systems that include underlying software, systems, people, processes, and operational environments. Naturally, such systems require carefully designed C&A artifacts that consider metrics and measures from multiple dimensions at different levels of abstraction in the Universe of Discourse (UoD) in order to understand, predict, and control their emergent behaviour. Hence, C&A artifacts defined as measurable units for software assurance should be the result of an aggregated reasoning of evidences from various dimensions, while maintaining traceability and alignment to real world goals/objectives in all stages of the system lifecycle. To address these research objectives, we present a novel integration framework that promotes cohesion and traceability among metrics and measures from multiple dimensions in the problem domain on the basis of the definition of a common language. By applying our framework to automate the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), we also motivate the design principles and modelling techniques necessary to generalize a course of action to conduct C&A processes with appropriate tool support for software-intensive systems.

KW - Certification and accreditation

KW - Metrics and measures

KW - Ontological engineering

KW - Requirements engineering

KW - Risk assessment

KW - Software-intensive systems

UR - http://www.scopus.com/inward/record.url?scp=34247487097&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34247487097&partnerID=8YFLogxK

U2 - 10.1002/spip.313

DO - 10.1002/spip.313

M3 - Article

VL - 12

SP - 165

EP - 189

JO - Software Process Improvement and Practice

JF - Software Process Improvement and Practice

SN - 1077-4866

IS - 2

ER -