Secure Software Education: A Contextual Model-Based Approach

Secure Software Education: A Contextual Model-Based Approach

J. J. Simpson (System Concepts, LLC, USA), M. J. Simpson (System Concepts, LLC, USA), B. Endicott-Popovsky (University of Washington,USA) and V. Popovsky (University of Idaho,USA)
DOI: 10.4018/978-1-4666-1580-9.ch016
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

This article establishes a context for secure information systems development as well as a set of models used to develop and apply a secure software production pedagogy. A generic system model is presented to support the system context development, and to provide a framework for discussing security relationships that exist between and among information systems and their applications. An asset protection model is tailored to provide a conceptual ontology for secure information system topics, and a stable logical framework that is independent of specific organizations, technologies, and their associated changes. This asset protection model provides a unique focus for each of the three primary professional communities associated with the development and operation of secure information systems. In this paper, a secure adaptive response model is discussed to provide an analytical tool to assess risk associated with the development and deployment of secure information systems, and to use as a security metric. A pedagogical model for information assurance curriculum development is then established in the context and terms of the developed secure information system models. The relevance of secure coding techniques to the production of secure systems, architectures, and organizational operations is also discussed.
Chapter Preview
Top

Generic System Model

The practice of systems engineering has produced a number of technical, organizational and process-based approaches to the solution of large-scale, socio-technical engineering and process problems. One of the key aspects associated with systems engineering is the development of system context models and system functional models. The Generic System Model (GSM) is based on the fundamental idea of a system boundary that distinguishes a boundary between inside the system and outside the system. The system context exists outside of the system boundary; the system concept is used to organize the internal system content. The system boundary is composed of an outward-looking portion called the boundary context, and an inward-looking portion called the boundary concept that captures the controlling system values, rule sets, and structural view. As depicted in Figure 1, a specific system is composed of system functions, requirements, architecture and tests (Simpson, 2004).

Figure 1.

Generic System Model (Adapted from Figure 5, Simpson, 2004)

Complete Chapter List

Search this Book:
Reset