Robin A. Gandhi

Ontology-based active requirements engineering framework

Software-intensive systems are systems of systems that rely on complex interdependencies among themselves as well as with their operational environment to satisfy the required behavior. As we integrate such systems to create information infrastructures that are critical to the quality of our lives and the businesses they support, the need to effectively predict, control and evolve their behavior is ever increasing. To deal with their complexity, an important first step is to understand and model software-intensive systems, their environments and the interdependencies among them at different levels of abstractions from multiple dimensions. In this paper, we present an ontology-based active requirements engineering (Onto-ActRE) framework that adopts a mixed-initiative approach to elicit, represent and analyze the diversity of factors associated with software-intensive systems. The Onto-ActRE framework integrates various RE modeling techniques with complementary semantics in a unifying ontological engineering process. We also present examples from the practice of our framework with appropriate tool support that combines theoretical and practical aspects.

Building problem domain ontology from security requirements in regulatory documents

Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related domain knowledge. We apply our methodology to build problem domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).

Building decision support problem domain ontology from natural language requirements for software assurance

The process of engineering software-intensive systems that comply with their Certification and Accreditation (C&A) requirements involves many critical decision-making activities for the related stakeholders. Considering the exhaustive nature of C&A activities together with the complexity of software-intensive systems, effective decision making relies heavily on the ways to understand and structure the problem domain concepts concerning decision points for interpretation, applicability, scope, evaluation, and impact of the enforced C&A requirements. These decision points are further complicated by natural language specifications of inherently non-functional C&A requirements scattered across multiple regulatory documents with complex interdependencies at different levels of abstractions in the organizational hierarchy, which often result in subjective interpretations and non-standard implementations of the C&A process. To address these issues, we define a systematic methodology using novel techniques from software Requirements Engineering (RE) and knowledge engineering for understanding and structuring the problem domain concepts based on a uniform representation format that promotes common understanding among stakeholders. Specifically, we use advanced ontological engineering techniques driven by theoretical RE foundations to systematically elicit, model, understand, and analyze problem domain concepts concerning significant and difficult decision points throughout the C&A process. We demonstrate the appropriateness of our methodology in creating decision support problem domain ontology using several examples derived from our experiences on automating the Department of Defense Information Technology Security C&A Process (DITSCAP).

Requirements Engineering Visualization: A Survey on the State-of-the-Art

Requirements engineering visualization is a rapidly growing field of research; however, the specific characteristics of what makes for effective visualizations during a particular engineering phase have not yet been distinguished. Visualizations, when coupled with traditional practices, augment the ability of resulting requirements artifacts to reach a wide range of stakeholders and provide for a rapid and shared understanding of complex information. This paper represents a survey of the research papers presented during the REV workshops from 2006 to 2008 in order to ascertain how the research trends have evolved over the past few years. By examining approaches to requirements engineering visualization that have been proposed, in retrospect, we hope to show the areas of recent focus, as well as to discover those areas that may hold opportunities for further research with respect to the most commonly understood RE lifecycle phases and activities. In the process, we offer a preliminary classification scheme through which to categorize the various research efforts. Where none existed before, the resulted categorization enables a constructive discussion about the coverage of previous REV contributions from various perspectives, while discovering the gaps, and provides opportunities for further research with the understanding of the trends of applying visualization in requirements engineering research and practice.

Using semantic templates to study vulnerabilities recorded in large software repositories

Software repositories are rich sources of information about vulnerabilities that occur during a products lifecycle. Although available, such information is scattered across numerous databases. Furthermore, in large software repositories, a single vulnerability may span across multiple components and have multidimensional interactions with other vulnerabilities. Thus, identifying the patterns of vulnerability occurrence in a larger context of software development continues to be an open problem. Here we present findings from our study of vulnerable software components using an ontology-guided analysis of vulnerabilities recorded in a software projects code repository. In this approach, a semantic template for each type of vulnerability is created from information in the Common Weakness Enumeration dictionary. Next, known vulnerabilities and related concepts in the repository are tagged with concepts from the template. Based on the characteristics of the resources affected by these vulnerabilities, other similar resources in the software can be identified for closer inspection and verification. We present results from our study of vulnerabilities in the Apache web server.

Common criteria requirements modeling and its uses for quality of information assurance (QoIA)

The Common Criteria for Information Technology Security Evaluation (CCITSE), usually referred to as the Common Criteria (CC), establishes a level of trustworthiness and confidence that should be placed in the security functions of products or systems and the assurance measures applied to them. CC achieves this by evaluating the product or system conformance with a common set of requirements set forth by it. To engineer a product that meets the information assurance goals of CC, a structured and comprehensive methodology is required to drive the activities undertaken in all the stages of the software requirements engineering (RE) process. Such a methodology is inevitable to understand and attain the Quality of Information Assurance (QoIA). As an effort in this direction, we focus on the use of object-oriented ontology modeling as an effective way of representing and enforcing the given common set of requirements established by CC. Our methodology leverages novel techniques from software requirement engineering and knowledge engineering. This paper also describes how this methodology can effectively realize CC-related requirements of the target systems and help evaluate such systems for conformance to the certification and accreditation (C&A) process.

Certification process artifacts defined as measurable units for software assurance

Certification and Accreditation (C&A) process artifacts for software-intensive systems are characterized by the metrics and measures required to be produced from their units of analysis for assessing system behaviour. Software-intensive systems are complex clusters of closely interdependent system of systems that include underlying software, systems, people, processes, and operational environments. Naturally, such systems require carefully designed C&A artifacts that consider metrics and measures from multiple dimensions at different levels of abstraction in the Universe of Discourse (UoD) in order to understand, predict, and control their emergent behaviour. Hence, C&A artifacts defined as measurable units for software assurance should be the result of an aggregated reasoning of evidences from various dimensions, while maintaining traceability and alignment to real world goals/objectives in all stages of the system lifecycle. To address these research objectives, we present a novel integration framework that promotes cohesion and traceability among metrics and measures from multiple dimensions in the problem domain on the basis of the definition of a common language. By applying our framework to automate the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), we also motivate the design principles and modelling techniques necessary to generalize a course of action to conduct C&A processes with appropriate tool support for software-intensive systems. Copyright

Discovering and Understanding Multi-dimensional Correlations among Certification Requirements with application to Risk Assessment

In this paper we outline our approach to discover and understand multi-dimensional correlations among regulatory security certification requirements in the context of a complex software system. A thorough understanding of these correlations is necessary to assure that diverse constraints imposed by numerous certification requirements are adequate for collectively contributing to emergent security properties in a highly interconnected socio-technical environment. We elaborate on methodological support to discover an exhaustive set of applicable certification requirements in a given operational scenario of the target software system. We then describe techniques to systematically understand the multi-dimensional correlations among these requirements with application to security risk assessment. The case study of applying our approach to a regulatory certification process of The United States Department of Defense (DoD) is presented.

Visual Analytics for Requirements-driven Risk Assessment

Risk assessment is a complex decision making process during certification and accreditation (C&A) activities. It requires to understand the multidimensional correlations among numerous C&A requirements to reason about their collective and adequate behavior to minimize risks to a software system. Also, diverse stakeholders in the organizational hierarchy should be able to comprehend and utilize the risk assessment artifacts to agree upon an acceptable level of risks and justify the criticality and cost of mitigation strategies related to C&A requirements. We believe requirements visualization plays an important role in providing rich contextual information for understanding and analyzing risk assessment artifacts and present our initial experiences in using intuitive visual metaphors and their explanations for requirements-driven risk assessment.

An integrated framework for control system simulation and regulatory compliance monitoring

Abstract This paper presents SCADASiM, an integrated framework for control system simulation and near-real-time regulatory compliance monitoring with respect to cybersecurity. With numerous legacy control system installations already in place, current approaches for highly detailed simulations demand a significant modeling effort to be useful. Furthermore, the complexity and lack of technical uniformity in legacy SCADA systems often obscures their core operational semantics, making regulatory compliance monitoring only available to personnel with intimate knowledge about the system. To address these issues, the SCADASiM framework includes two parts. First, it allows rapid recreation of message-based interactions between cyber and physical entities. The resulting simulation is geared towards facilitating the development of strategic and near-real-time security related regulatory compliance monitoring capabilities for critical infrastructure owners. Second, it includes new language utilities for collecting and monitoring the system events necessary to demonstrate regulatory compliance in real-time. In an integrated framework, the simulation facilitates policy authoring using the new language utilities, which in turn allow the observance of policy violation with its operational impact using “what-if” scenarios about coordinated attacks on the infrastructure. The two parts of the framework are synchronized by a SCADA taxonomy described using semantic web representation standards. The abstract layers of our taxonomy map to regulatory requirements that mandate security controls in the critical infrastructure, while the lower layers map to actual system components and their events that characterize actual system behavior. Here we describe the design decisions and structure of the SCADASiM framework as well as its initial feasibility using an in-lab control system simulation that replicates a water supply system.