affordable fact oriented assurance with omg standards
play

Affordable, fact-oriented assurance with OMG standards Nikolai - PowerPoint PPT Presentation

Jan 24, 2024 •481 likes •776 views

Affordable, fact-oriented assurance with OMG standards Nikolai Mansourov, Djenana Campara KDM Analytics, Inc. http://www.kdmanalytics.com 06-12-2010 Austin, TX Afffordable assurance ? Current approaches are too costly, so only few

  1. Affordable, fact-oriented assurance with OMG standards Nikolai Mansourov, Djenana Campara KDM Analytics, Inc. http://www.kdmanalytics.com 06-12-2010 Austin, TX

  2. Afffordable assurance ? • Current approaches are too costly, so only few ogranizations can afford them. However there is a lot more organization and even individuals how make decisions to use cyber systems for their operations, each with own definition of what is safety-critical, security-critical or mission-critical. At the current cost of assurance their can not afford it, which means that they accept risks that are unknown to them and that may be too high for them. • Affordable solutions must be scalable - There are two kinds of scalability: technical scalability and human scalability. The later is invovles a systematic and repeatable approach to assurance. The former involves automation. - Both kinds of scalability can only be achieved through standards. Standards are known to enable economies of scale based on the division of labour. • So, we must look at the assurance process and identify the opportunities for cooperation, based on exchanges and interoperability. (C) 2010 KDM Analytics, Inc. 2

  3. What is system assurance? • System performs a mission within a certain operational environment • There are hazards and threats within the environment that can lead to mishaps and failures • In order to prevent mishaps and failures, countermeasures are added to the system • But how do we know that the countermeasures are effective against the known threats and hazards? • System assurance is about making justified claims about the effectiveness of the countermeasures against threats and hazards. Claims are supported by evidence. (C) 2010 KDM Analytics, Inc. 3

  4. System assurance: knowledge-intensive product building confidence claims Assurance case evidence consumer system facts threats claims Communication hazards evidence claims interoperability evidence justification system facts planning guidance interoperability system facts threats hazards Evidence gathering System threats internal factors external factors hazards (C) 2010 KDM Analytics, Inc. 4

  5. Knowledge exchanges in system assurance • System assurance involves two key processes • evidence gathering - collection of the evidence from the system life cycle - system analysis - analysis of evidence • communication - clear, comprehnesive, defendable argument that explains the evidence - development of the assurance case is driven by existing evidence - assurance argument provides guidance for evidence collection (C) 2010 KDM Analytics, Inc. 5

  6. Fact-oriented assurance • Fact-oriented involves the following: - Facts are assertions that are considered to be elementary to be understood and agreed upon without the need for further justification. Facts involve assertions of existence of certain objects, characteristics of objects and assertions of certain relations between these objects. - Evidence is the collection of relevant facts. Evidence needs to be gathered among the miriads of facts that can be known. - Fact-oriented assurance develops claims based on the available facts. On the other hand, the assurance argument helps planning the evidence gathering, which helps focus on only those fact-finding activities that support the assurance argument - Fact-oriented also has a certain technical meaning: all knowledge items are uniformly treated as facts (objects and relationships), which facilitates their integration. Facts are stored in a physical repository (C) 2010 KDM Analytics, Inc. 6

  7. What are the facts? • System in operation involves event occurences. Operational facts usually involve snapshots of behaviors - Assurance is focused at the operational facts, as mishaps and incidents are operational events • System artifacts determine the event occurences during the operations. For cyber systems the majority of the artifacts involve code. Artifacts of a mechanical system may involve pipes, valves, gauges, etc. Artifacts of systems involving human actors are rule books, etc. • There are also various system descriptions, including blueprints, models, etc. System descriptions involve multiple viewpoints of the system of interest. (C) 2010 KDM Analytics, Inc. 7

  8. Fidelity ! Context ! Discovery ? Fidelity ? Context ? Availability ? provide context System in operation System descriptions describe describe 1. generate ? determine operational are re-modeled into ? behavior (if needed) System artifacts 2. Approaches to Assurance: 1. Model-based Assurance Fidelity ! 2. Software Vulnerability Context ? Detection 3. Fact-oriented Assurance (C) 2010 KDM Analytics, Inc. 8

  9. Fact-Oriented Assurance System in operation System descriptions automated knowledge discovery full traceability System artifacts Integrated system model (architecture repository) (C) 2010 KDM Analytics, Inc. 9

  10. Protocols of the OMG Software Assurance Ecosystem (C) 2010 KDM Analytics, Inc. 10

  11. Protocols of the • Argumentation Metamodel (ARM) : standard OMG protocol for exchanging assurance arguments Software • Software Assurance Evidence Metamodel (SAEM) : Assurance Ecosystem standard protocol for managing and exchanging evidence • Knowledge Discovery Metamodel (KDM) : standard protocol for exchanging system facts • Now also ISO/IEC 19506 • Semantics of Business Vocabularies and Rules (SBVR) : standard protocol for exchanging vocabularies and precise statements • Threats and Risk Metamodel • work in progress (C) 2010 KDM Analytics, Inc. 11

  12. Protocols of the OMG Software Assurance Ecosystem enable exchange of machine-readable content and automation (C) 2010 KDM Analytics, Inc. 12

  13. Requirement: FPR_UNO1.1 Unobservability : The system shall ensure that any users/ subjects are unable to observe any operation on any object/resource by any other user/subject. Noun concepts: Verb concepts: System System involves object/resource information flows from user 1 to user 2 User/subject System involves operation Object/resource User/subject performs operation on object/resource Operation User/subject observes operation Sample Facts: system(‘clicks2bricks’). involves_resource(‘clicks2bricks’,‘personal information of Bill’). involves_resource(‘clicks2bricks’,‘help page 127’). involves_operation(‘clicks2bricks’,‘employee request’). involves_operation(‘clicks2bricks’,‘open page request’). user(‘Joe’). user(‘Frank’). performs(‘op001’,‘Joe’,‘employee request’,personal information of Bill’). performs(‘op002’,‘Frank’,‘open page request’,’help page 127’). observes(‘Frank’,‘op002’,‘op001’). Sample Verbalization : Sys tf m clicks2bricks involves personal informa tj on of Bi lm Claim is formalized but there is a semantic gap to the software artifacts 13 (C) 2010 KDM Analytics, Inc.

  14. FPR_UNO1.1 Unobservability : The system shall ensure that any users/ subjects are unable to observe any operation on any object/resource by any other user/subject. System System involves object/resource User/subject System involves operation information flows from user 1 to user 2 Object/resource User/subject performs operation on object/resource Operation User/subject observes operation Second tied concepts close the gap to software artifacts: Information item is a record of operation Partition System has partition Activity information item is observable by partition User/subject is associated with partition Information item partition has activity activity discloses information to partition activity performs operation on object/resource activity follows activity information item flows from partition 1 to partition 2 activity writes to information item Common vocabulary is a contract; the key to vocabulary refinement is to have a standard vocabulary of system facts 14 (C) 2010 KDM Analytics, Inc.

  15. Top level Assurance Case (C) 2010 KDM Analytics, Inc. 15

  16. Assurance Case for Unobservability (C) 2010 KDM Analytics, Inc. 16

  17. Decomposition of Claims bridges the gap to available facts (C) 2010 KDM Analytics, Inc. 17

  18. Thread entities (KDM view) Since KDM is a standard, KDM facts of the system of interest can be discovered independently of the Unobservability claims. The standard-based KDM fact repository can be reused for different assurance claims as well as other maintenance and evolution activities (C) 2010 KDM Analytics, Inc. 18

  19. KDM views provide traceability down to code T r a c e a b i l i t y c h a i n Elements of Management Coverage Closed world (C) 2010 KDM Analytics, Inc. 19

  20. KDM views and Assurance System life cycle processes (C) 2010 KDM Analytics, Inc. 20

  21. Assurance Case supports Risk Management (C) 2010 KDM Analytics, Inc. 21

  22. Unobservability Assurance Case (cont’d) Facts available in the KDM repository (directly or indirectly) (C) 2010 KDM Analytics, Inc. 22

  23. Unobservability Assurance Case (cont’d) (C) 2010 KDM Analytics, Inc. 23

  24. Unobservability Assurance Case (cont’d) (C) 2010 KDM Analytics, Inc. 24

  25. Unobservability Assurance Case (cont’d) (C) 2010 KDM Analytics, Inc. 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Affordable Housing in Africa: A fact or a Fiction ? 4 th Affordable Housing in Africa Workshop

Affordable Housing in Africa: A fact or a Fiction ? 4 th Affordable Housing in Africa Workshop

Affordable Housing in Africa: A fact or a Fiction ? 4 th Affordable Housing in Africa Workshop Cape Town 17 July 2017 Making housing finance markets work for the poor Housing backlog in Africa Morocco (pop. 33.01m) Housing deficit of 800k

664 views • 14 slides
QUALITY ASSURANCE Presented by Oakland Schools Quality Assurance Standards required by MDHHS 1)

QUALITY ASSURANCE Presented by Oakland Schools Quality Assurance Standards required by MDHHS 1)

QUALITY ASSURANCE Presented by Oakland Schools Quality Assurance Standards required by MDHHS 1) Covered services are medically necessary, as determined and documented through appropriate and objective testing, evaluation and diagnosis. 2)

613 views • 29 slides
CS 6410: ADVANCED SYSTEMS KEN BIRMAN Fall 2015 A PhD-oriented course about research in systems

CS 6410: ADVANCED SYSTEMS KEN BIRMAN Fall 2015 A PhD-oriented course about research in systems

CS 6410: ADVANCED SYSTEMS KEN BIRMAN Fall 2015 A PhD-oriented course about research in systems About me... My research is focused on high assurance In fact as a graduate student I was torn between machine learning in medicine and

921 views • 62 slides
Transit- Oriented Affordable Housing Fund 2017: $100,000 2 The Regional Park Solar-

Transit- Oriented Affordable Housing Fund 2017: $100,000 2 The Regional Park Solar-

5.1 2016 GVRD SUSTAINABILITY INNOVATION FUND APPLICATIONS Ann Rowan PROGRAM MANAGER, COLLABORATION INITIATIVES, EXTERNAL RELATIONS Climate Action Committee, May 4, 2016 Transit- Oriented Affordable Housing Fund 2017: $100,000 2 The

355 views • 32 slides
EXTERNAL QUALITY ASSURANCE AT PROGRAM LEVEL: STANDARDS & PERSPECTIVES Colin N. Peiris 1 ,

EXTERNAL QUALITY ASSURANCE AT PROGRAM LEVEL: STANDARDS & PERSPECTIVES Colin N. Peiris 1 ,

EXTERNAL QUALITY ASSURANCE AT PROGRAM LEVEL: STANDARDS & PERSPECTIVES Colin N. Peiris 1 , Samanthi Wickramasinghe 1 and Sriyani E. Peiris 2 1 Quality Assurance and Accreditation Council of the UGC, Sri Lanka 2 University of Peradeniya, Sri

495 views • 18 slides
AAT Practice Assurance Dawn Clarkson - FMAAT ATT Todays Practice Assurance event will give

AAT Practice Assurance Dawn Clarkson - FMAAT ATT Todays Practice Assurance event will give

AAT Practice Assurance Dawn Clarkson - FMAAT ATT Todays Practice Assurance event will give you: An understanding of the regulations and standards you must follow Practical guidance on how to comply with the Practice Assurance

942 views • 36 slides
Standards and Guidelines for Quality Assurance in Higher Education in Africa (ASG-QA) Presented

Standards and Guidelines for Quality Assurance in Higher Education in Africa (ASG-QA) Presented

Standards and Guidelines for Quality Assurance in Higher Education in Africa (ASG-QA) Presented to: AUC ADVISORY BOARD Hosted by the University of Latvia 21 st March 2018 Maputo, Mozambique Presenter: Dr. Rispa A. Odongo Chair, of ASG-QA

286 views • 26 slides
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Standards 1300 1322 Presentation by SBAs Office

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Standards 1300 1322 Presentation by SBAs Office

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Standards 1300 1322 Presentation by SBAs Office of Internal Audit Topic pics Introduction 1. Quality Assurance & Improvement Program 2. Internal Assessments-Ongoing Monitoring 3.

851 views • 55 slides
Quality Assurance & Standards PSD3 Nov 2013 PSD3 QA Lecture 1 Overview Quality

Quality Assurance & Standards PSD3 Nov 2013 PSD3 QA Lecture 1 Overview Quality

Quality Assurance & Standards PSD3 Nov 2013 PSD3 QA Lecture 1 Overview Quality Assurance (QA) checking what we are producing QA standards checking the checking PSD3 QA Lecture 2 Further Reading Sommerville 9 th

341 views • 32 slides
MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why

MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why

Luanna Cambas, P.E. LADOTD District 02 Lab Engineer Jason Davis, P.E. LADOTD Field Quality Assurance Administrator MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why needed? Sampling &

1.01k views • 63 slides
QUALITY ASSURANCE UNPACKING AND UNDERSTANDING NATIONAL CORE STANDARDS 24 MAY 2018 WHAT HAS TO

QUALITY ASSURANCE UNPACKING AND UNDERSTANDING NATIONAL CORE STANDARDS 24 MAY 2018 WHAT HAS TO

QUALITY ASSURANCE UNPACKING AND UNDERSTANDING NATIONAL CORE STANDARDS 24 MAY 2018 WHAT HAS TO BE REGULATED? WHAT & HOW DO WE MEASURE? Sub- Risk Domains Extreme Domains Categories Vital Essential 2. Safety, Clinical Risk

430 views • 26 slides
What solves this equation? Equation: n : if n = 0 then 1 else n 1 ) ? fact fact ( n

What solves this equation? Equation: n : if n = 0 then 1 else n 1 ) ? fact fact ( n

What solves this equation? Equation: n : if n = 0 then 1 else n 1 ) ? fact fact ( n = The factorial function! Factorial in lambda calculus Wish for: fact = \n.(zero? n) 1 (times n (fact (pred n))); But: on right-hand side, fact is

471 views • 14 slides
NCHMA Finding Profitable Opportunities and Financing Affordable Housing Summit Mini Market

NCHMA Finding Profitable Opportunities and Financing Affordable Housing Summit Mini Market

NCHMA Finding Profitable Opportunities and Financing Affordable Housing Summit Mini Market Update: Transportation Oriented Development March 30, 2017 Transit-Oriented-Development TOD is a neighborhood (re)development which includes a mix

491 views • 35 slides
Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of

Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of

Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of captured and coded data Quality assurance of downstream processes (including data security and integrity) Quality assurance of population counts,

129 views • 12 slides
Mt. Rainier Affordable Housing Group University of Washington Project Goals Provide

Mt. Rainier Affordable Housing Group University of Washington Project Goals Provide

Mt. Rainier Affordable Housing Group University of Washington Project Goals Provide affordable family housing Encourage equitable transit-oriented development Explore how to achieve cost efficiencies Rainier Beach, Seattle Rainier

318 views • 12 slides
Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for

Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for

Software Assurance Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for software Particularly assurance of security Bad (buggy, insecure software) comes not from discrete, unpredictable,

561 views • 18 slides
HashMap Friday Four Square Today! Outside Gates at 4:15PM Not All Data is Linear

HashMap Friday Four Square Today! Outside Gates at 4:15PM Not All Data is Linear

HashMap Friday Four Square Today! Outside Gates at 4:15PM Not All Data is Linear HashMap<String, String> myMap = new HashMap<String, String>(); CS106A CS106A Cool HashMap<String, String> myMap = new HashMap<String,

666 views • 33 slides
Data Mining & Analytics Data Mining Reference Model Data Warehouse Legal and Ethical Issues

Data Mining & Analytics Data Mining Reference Model Data Warehouse Legal and Ethical Issues

Data Mining & Analytics Data Mining Reference Model Data Warehouse Legal and Ethical Issues Slides by Michael Hahsler Data Mining & Analytics Analytics is the discovery and communication of meaningful patterns in data. Analytics

687 views • 19 slides
U i U i Using Using Flash Fl Fl Flash SSDs h h SSD SSDs as SSD as Primary Primary P i

U i U i Using Using Flash Fl Fl Flash SSDs h h SSD SSDs as SSD as Primary Primary P i

U i U i Using Using Flash Fl Fl Flash SSDs h h SSD SSDs as SSD as Primary Primary P i P i Database Database Storage Storage g Robert Gottstein, Ilia Petrov, Guillermo G. Almeida, Todor Ivanov, Alex Buchmann

406 views • 25 slides
Ener Energy gy and and Pe Performance Can Can a Wi Wimpy mpy Node Node Cl Clus uster

Ener Energy gy and and Pe Performance Can Can a Wi Wimpy mpy Node Node Cl Clus uster

Ener Energy gy and and Pe Performance Can Can a Wi Wimpy mpy Node Node Cl Clus uster Challeng Challenge a Br Brawn awny Ser Server? er? Daniel Schall Theo Hrder University of Kaiserslautern, Germany Motivation Analyzing

365 views • 25 slides
Lecture 11: Core State Machines I 2015-12-10 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal

Lecture 11: Core State Machines I 2015-12-10 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal

Software Design, Modelling and Analysis in UML Lecture 11: Core State Machines I 2015-12-10 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal 11 2015-12-10 main Albert-Ludwigs-Universit at Freiburg, Germany Contents & Goals

501 views • 18 slides
Clojure and the Web Glenn Vanderburg InfoEther glenn@infoether.com @glv Clojure Clojure

Clojure and the Web Glenn Vanderburg InfoEther glenn@infoether.com @glv Clojure Clojure

Clojure and the Web Glenn Vanderburg InfoEther glenn@infoether.com @glv Clojure Clojure Modern dialect of Lisp Runs on the JVM Gives priority to performance and concurrency Surface Extra literals (maps, vectors, sets,

721 views • 23 slides
Omnigram Explorer: A New Interactive Tool for Exploring Bayesian Networks Kevin B Korb 1 & Tim

Omnigram Explorer: A New Interactive Tool for Exploring Bayesian Networks Kevin B Korb 1 & Tim

Omnigram Explorer: A New Interactive Tool for Exploring Bayesian Networks Kevin B Korb 1 & Tim Taylor 2 1 Faculty of Information Technology, Monash University 2 University of London International Programmes www.tim-taylor.com/omnigram

403 views • 15 slides
Software Development Methodologies Lecturer: Raman Ramsin Lecture 16 Process Metamodels Sharif

Software Development Methodologies Lecturer: Raman Ramsin Lecture 16 Process Metamodels Sharif

Software Development Methodologies Lecturer: Raman Ramsin Lecture 16 Process Metamodels Sharif University of Technology Department of Computer Engineering 1 Software Development Methodologies Lecture 16 Process Metamodels Process

372 views • 21 slides

More recommend