NRL Resources
Publications
View Abstract
It would be useful to write one description of software behavior to serve both requirements and design. Having one description could reduce effort by eliminating the work of developing two descriptions and of keeping them consistent throughout development and maintenance. It would also eliminate the inconsistency inherent in having two descriptions, a fertile source of error. A question paramount to software engineers is Could one description of behavior for a real system serve both requirements and design? The purpose of the present document is to answer that question by producing one such description of the software behavior of a real system. The specification presented here is based upon behavioral specifications extracted from function and abstract interface specifications developed by Paul Clements, Alan Parker, Kathryn Heninger Britton, David Parnas, John Shore, Stuart Faulk, Bruce Labaw, and David Weiss.
View Abstract
The Sage development method and associated tool set support an incremental, iterative, model-driven process to build and maintain high assurance, reactive multi-agent systems. A set of interconnected models provide documentation supporting high assurance certification efforts, maintenance, and reuse. Tools can analyze the models for important classes of errors, and generate complete multi-agent systems.
View Abstract
Annotation with security-related metadata enables discovery of resources that meet security requirements. This paper presents the NRL Security Ontology, which complements existing ontologies in other domains that focus on annotation of functional aspects of resources. Types of security information that could be described include mechanisms, protocols, objectives, algorithms, and credentials in various levels of detail and specificity. The NRL Security Ontology is more comprehensive and better organized than existing security ontologies. It is capable of representing more types of security statements and can be applied to any electronic resource. The class hierarchy of the ontology makes it both easy to use and intuitive to extend. We applied this ontology to a Service Oriented Architecture to annotate security aspects of Web service descriptions and queries. A refined matching algorithm was developed to perform requirement-capability matchmaking that takes into account not only the ontology concepts, but also the properties of the concepts.
View Abstract
This paper argues that the existing model-driven architecture paradigm does not adequately cover the visual modeling of security protocols: sequences of interactions between principals. A security protocol modeling formalism should be not only well-defined but also support event-based, compositional, comprehensive, laconic, lucid, sound, and complete modeling. Candidate visual approaches from both the OMG's MDA and other more well-defined formalisms fail to satisfy one or more of these criteria. By means of two example security protocol models, we present the GSPML visual formalism as a solution.
View Abstract
Previous quantitative models of security or survivability have been defined on a range of probable intruder behavior. This measures survivability as a statistic such as mean time to breach. This kind of purely stochastic quantification is not suitable for high-consequence systems. For high-consequence systems the quantified survivability should be based on the most competent intruders the system is likely to face. We show how to accomplish this with a contingency analysis based on variations in intruder attack-potential. The quantitative results are then organized and presented according to intruder attack potential. Examples of the technique are presented using stochastic process algebra. An interesting result for diverse replication is included in the examples.