Establishing trustworthiness in services of the critical infrastructure through certification and accreditation

Seok Won Lee, Robin A. Gandhi, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Trustworthiness in services provided by the Critical Infrastructure (CI) is essentially dependent on the quality of underlying software, systems, practice and environment, as which the software information infrastructures are becoming increasingly a major component of business, industry, government and defense. The level of trustworthiness required from services that are operational in such critical software information infrastructures is often established based on standardized infrastructure-wide evaluation criteria - Certification and Accreditation (C&A) - through the identification of operational risks and the determination of conformance with established security standards and best practices. In order to effectively establish such levels of trustworthiness for services in the CI, we identify the need for a structured and comprehensive C&A framework with appropriate tool support that combines its theoretical and practical aspects. In this paper, we present our efforts in developing such a framework that leverages novel techniques from software requirements engineering and knowledge engineering to support the automation of the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), which is a standard for certifying and accrediting the information networks that support the Defense Information Infrastructure (DII). Through the examples derived from our case study, we further motivate the applicability and appropriateness of our framework.

Original languageEnglish (US)
Title of host publicationSESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)1595931147, 9781595931146
DOIs
StatePublished - May 15 2005
Externally publishedYes
Event2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications, SESS 2005 - St. Louis, United States
Duration: May 15 2005May 16 2005

Publication series

NameSESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications

Other

Other2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications, SESS 2005
CountryUnited States
CitySt. Louis
Period5/15/055/16/05

Keywords

  • Critical Infrastructure Protection
  • Information Security Requirements Engineering
  • Information Systems Certification and Accreditation
  • Ontological Engineering
  • Risk Assessment

ASJC Scopus subject areas

  • Mechanical Engineering
  • Software
  • Automotive Engineering

Fingerprint Dive into the research topics of 'Establishing trustworthiness in services of the critical infrastructure through certification and accreditation'. Together they form a unique fingerprint.

  • Cite this

    Lee, S. W., Gandhi, R. A., & Ahn, G. J. (2005). Establishing trustworthiness in services of the critical infrastructure through certification and accreditation. In SESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications (SESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications). Association for Computing Machinery, Inc. https://doi.org/10.1145/1083200.1083205