System Assurance book cover

System Assurance

Beyond Detecting Vulnerabilities

System Assurance Beyond Detecting Vulnerabilities provides a comprehensive view of systematic, repeatable, and affordable cyberdefense that goes beyond knowledge of vulnerabilities and includes knowledge of the system, knowledge of risks and threats, knowledge of security safeguards, as well as knowledge of the assurance argument, together with the corresponding evidence answering the question why a system is secure. The book is organized into four parts. The first part provides an introduction to cybersecurity knowledge; the need for information exchanges for systematic, repeatable, and affordable cyberdefense; and the motivation for the Object Management Group (OMG) Software Assurance Ecosystem. It discusses the nature of system assurance and its difference for vulnerability detection, and introduces the OMG standard on Software Assurance Cases. It describes an end-to-end methodology for system assurance in the context of the OMG Software Assurance Ecosystem that brings together risk analysis, architecture analysis, and code analysis in an integrated process that is guided and planned by the assurance argument. The second part describes various aspects of cybersecurity knowledge required for building cybersecurity arguments. This knowledge includes system knowledge, knowledge related to security threats and risks, and vulnerability knowledge. The third part provides an overview of the protocols of the OMG Software Assurance Ecosystem. It covers the Common Fact Model approach; linguistic models and the OMG Semantics of Business Vocabularies and Rules (SBVR) standard; and the OMG Knowledge Discovery Metamodel (KDM). The fourth part presents a case study to illustrate some of the activities of a system assurance evaluation.


Technologists from a broad range of software companies and related industries; Security Analysts; Computer Systems Analysts, Computer Software Engineers-Systems Software, Computer Software Engineers- Applications, Computer and Information Systems Managers, Network systems and Data Communication Analysts.

Paperback, 368 Pages

Published: December 2010

Imprint: Morgan Kaufmann

ISBN: 978-0-12-381414-2


  • "The Object Management Group (OMG) Software Assurance Ecosystem described in this book is a significant step towards collaborative cyber security automation; it offers a standards-based solution for building security and resilience in computer systems." -Joe Jarzombek, Director for Software Assurance, Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security

    "System Assurance is a very complex and difficult subject. This book successfully demonstrates and describes in detail how to combine different existing tools together in order to systematically develop System Assurance documentation and justification in a practical manner for a specific domain. The book provides very useful practical guidance that can be used by technical and management practitioners for the specific domain described, and by example for others for different domains." -John P. Hopkinson, Security Strategist, Kwictech


  • Foreword


    Chapter 1: Why hackers know more about our systems

    1.1 Operating in cyberspace involves risks

    1.2 Why hackers are repeatedly successful

    1.3 What are the challenges in defending cybersystems?

    1.3.1 Difficulties in understanding and assessing risks

    1.3.2 Complex supply chains

    1.3.3 Complex system integrations

    1.3.4 Limitations of system assessment practices

    1.3.5 Limitations of white-box vulnerability detection

    1.3.6 Limitations of black-box vulnerability detection

    1.4 Where do we go from here?

    1.4.1 Systematic and repeatable defense at affordable cost

    1.4.2 The OMG software assurance ecosystem

    1.4.3 Linguistic modeling to manage the common vocabulary

    1.5 Who should read this book?

    Chapter 2: Confidence as a product

    2.1 Are you confident that there is no black cat in the dark room?

    2.2 The nature of assurance

    2.2.1 Engineering, risk, and assurance

    2.2.2 Assurance case

    2.3 Overview of the assurance process

    2.3.1 Producing confidence

    2.3.2 Economics of confidence

    Chapter 3: How to build confidence

    3.1 Assurance in the system life cycle

    3.2 Activities of system assurance process

    3.2.1 Project definition

    3.2.2 Project preparation

    3.2.3 Assurance argument development

    3.2.4 Architecture security analysis

    3.2.5 Evidence analysis

    3.2.6 Assurance case delivery

    Chapter 4: Knowledge of system as an element of cybersecurity argument

    4.1 What is system?

    4.2 Boundaries of the system

    4.3 Resolution of the system description

    4.4 Conceptual commitment for system descriptions

    4.5 System architecture

    4.6 Example of an architecture framework

    4.7 Elements of system

    4.8 System knowledge involves multiple viewpoints

    4.9 Concept of operations (CONOP)

    4.10 Network configuration

    4.11 System life cycle and assurance

    4.11.1 System life cycle stages

    4.11.2 Enabling systems

    4.11.3 Supply chain

    4.11.4 System life cycle processes

    4.11.5 The implications to the common vocabulary and the integrated system model

    Chapter 5: Knowledge of risk as an element of cybersecurity argument

    5.1 Introduction

    5.2 Basic cybersecurity elements

    5.2.1 Assets

    5.2.2 Impact

    5.2.3 Threats

    5.2.4 Safeguards

    5.2.5 Vulnerabillities

    5.2.6 Risks

    5.3 Common vocabulary for threat identification

    5.3.1 Defining discernable vocabulary for Assets

    5.3.2 Threats and hazards

    5.3.3 Defining discernable vocabulary for injury and impact

    5.3.4 Defining discernable vocabulary for threats

    5.3.5 Threat scenarios and attacks

    5.3.6 Defining discernable vocabulary for vulnerabilities

    5.3.7 Defining discernable vocabulary for safeguards

    5.3.8 Risk

    5.4 Systematic threat identification

    5.5 Assurance strategies

    5.5.1 Injury argument

    5.5.2 Entry point argument

    5.5.3 Threat argument

    5.5.4 Vulnerability argument

    5.5.5 Security requirement argument

    5.6 Assurance of the threat identification

    Chapter 6: Knowledge of vulnerabilities as an element of cybersecurity argument

    6.1 Vulnerability as a unit of knowledge

    6.1.1 What is vulnerability?

    6.1.2 The history of vulnerability as a unit of knowledge

    6.1.3 Vulnerabilities and the phases of the system life cycle

    6.1.4 Enumeration of vulnerabilities as a Knowledge product

    6.2 Vulnerability databases

    6.2.1 US-CERT

    6.2.2 Open source vulnerability database

    6.3 Vulnerability life cycle

    6.4 NIST Security content automation protocol (SCAP) ecosystem

    6.4.1 Overview of SCAP ecosystem

    6.4.2 Information exchanges in SCAP ecosystem

    Chapter 7: Vulnerability patterns as a new assurance content

    7.1 Beyond current SCAP ecosystem

    7.2 Vendor-neutral vulnerability patterns

    7.3 Software fault patterns

    7.3.1 Safeguard clusters and corresponding SFPs

    7.3.2 Direct injury clusters and corresponding SFPs

    7.4 Example software fault pattern

    Chapter 8: OMG software assurance ecosystem

    8.1 Introduction

    8.2 OMG assurance ecosystem: toward collaborative cybersecurity

    Chapter 9: Common fact model for assurance content

    9.1 Assurance content

    9.2 The objectives

    9.3 Design criteria for information exchange protocols

    9.4 Trade-offs

    9.5 Information exchange protocols

    9.6 The nuts and bolts of fact models

    9.6.1 Objects

    9.6.2 Noun concepts

    9.6.3 Facts about existence of objects

    9.6.4 Individual concepts

    9.6.5 Relations between concepts

    9.6.6 Verb concepts

    9.6.7 Characteristics

    9.6.8 Situational concepts

    9.6.9 Viewpoints and views

    9.6.10 Information exchanges and assurance

    9.6.11 Fact-oriented integration

    9.6.12 Automatic derivation of facts

    9.7 The representation of facts

    9.7.1 Representing facts in XML

    9.7.2 Representing facts and schemes in Prolog

    9.8 The common schema

    9.9 System assurance facts

    Chapter 10: Linguistic models

    10.1 Fact models and linguistic models

    10.2 Background

    10.3 Overview of SBVR

    10.4 How to use SBVR

    10.4.1 Simple vocabulary

    10.4.2 Vocabulary entries

    10.4.3 Statements

    10.4.4 Statements as formal definitions of new concepts

    10.5 SBVR vocabulary for describing elementary meanings

    10.6 SBVR vocabulary for describing representations

    10.7 SBVR vocabulary for describing extensions

    10.8 Reference schemes

    10.9 SBVR semantic formulations

    10.9.1 Defining new terms and facts types using SBVR

    Chapter 11: Standard protocol for exchanging system facts

    11.1 Background

    11.2 Organization of the KDM vocabulary

    11.2.1 Infrastructure layer

    11.2.2 Program elements layer

    11.2.3 Resource layer

    11.2.4 Abstractions layer

    11.3 The process of discovering system facts

    11.4 Discovering the baseline system facts

    11.4.1 Inventory views

    11.4.2 Build views

    11.4.3 Data views

    11.4.4 UI views

    11.4.5 Code views

    11.4.6 Platform views

    11.4.7 Event views

    11.5 Performing architecture analysis

    11.5.1 Structure views

    11.5.2 Conceptual views

    Chapter 12: Case study

    12.1 Introduction

    12.2 Background

    12.3 Concepts of operations

    12.3.1 Executive summary

    12.3.2 Purpose

    12.3.3 Locations

    12.3.4 Operational authority

    12.3.5 System architecture

    12.4 Business vocabulary and security policy for Clicks2Bricks in SBVR

    12.5 Building the integrated system model

    12.5.1 Building the baseline system model

    12.5.2 Enhancing the baseline model with the system architecture facts

    12.6 Mapping cybersecurity facts to system facts

    12.7 Assurance case



advert image