Towards Dependable and Secure Software: Requirements Engineering Approach

----------------------------------------------------------------------
                 SE Group Seminar
----------------------------------------------------------------------
Speaker:        Prof. Seok-Won Lee
                Dept. of Information & Computer Engineering/
                Software Convergence Technology
                Graduate School of Software
                Ajou University, Republic of Korea

Title:          "Towards Dependable and Secure Software: Requirements
                 Engineering Approach"

Date:           Monday, 3 December 2012

Time:           9:30pm - 10:30am

Venue:          Room 3315 (via lifts 17/18), HKUST

Abstract:

Engineering a dependable software system that meets our needs is a
challenging task and requires a variety of analysis and development
techniques. Dependability has to be engineered into a system in its early
stage of design and development task to build comprehensive understanding
of its nature and purposeful behavior within the context of people,
technology and the process. Among many dependability attributes, we focus
on the security attribute and its certification and accreditation process
that aggregates evidences for multi-dimensional analysis to assure its
level of acceptance. Security breaches most often occur due to a cascading
effect of failure among security constraints that collectively contribute
to overall secure system behavior in a socio-technical environment.
Therefore, during security certification activities, analysts must
systematically take into account the nexus of causal chains that exist
among security constraints imposed by regulatory requirements. Numerous
regulatory requirements specified in natural language documents or listed
in spreadsheets/databases do not facilitate such analysis. We present a
step-wise methodology to discover and understand the multi-dimensional
correlations among regulatory requirements for the purpose of
understanding the potential for risk due to non-compliance during system
operation. Our lattice algebraic computational model helps estimate the
collective adequacy of diverse security constraints imposed by regulatory
requirements and their interdependencies with each other in a bounded
scenario of investigation. Abstractions and visual metaphors combine human
intuition with metrics available from the methodology to improve the
understanding of risk based on the level of compliance with regulatory
requirements. In addition, a problem domain ontology that classifies and
categorizes regulatory requirements from multiple dimensions of a
socio-technical environment promotes a common understanding among
stakeholders during certification and accreditation activities. A
preliminary empirical investigation of our theoretical propositions has
been conducted in the domain of The United States Department of Defense
Information Technology Security Certification and Accreditation Process
(DITSCAP). This work contributes a novel approach to understand the level
of compliance with regulatory requirements in terms of the potential for
risk during system operation. This work has been partially supported by
the grants from Space and Naval Warfare Systems Center (SPAWAR) US
Department of Navy, Department of Defense, and National Science
Foundation.

******************
Biography:

Dr. Seok-Won Lee is currently a Dean of Graduate School of Software and
Associate Professor of Information & Computer Engineering at Ajou
University. He has been an Assistant Professor of Information Security at
the University of Texas at San Antonio, a Visiting Professor at the
University of Nebraska - Lincoln, and an Assistant Professor of Software
Engineering and a Director of Knowledge-intensive Software Engineering
(NiSE) research group at the Univ. of North Carolina at Charlotte. Prior
to joining to the UNC Charlotte, he was affiliated with Science
Applications International Corporation (SAIC) and IBM T.J. Watson Research
Center as senior research scientists. He received his M.Sc. in Computer
Science from University of Pittsburgh, and Ph.D. in Information Technology
from George Mason University. His areas of specialization include software
engineering with specific expertise in ontological requirements
engineering and domain modeling, and knowledge engineering with specific
expertise in knowledge acquisition, machine learning and knowledge-based
systems. He serves as chairs, organizers, editors and the program
committee members for numerous journals, conferences, and workshops in
software requirements engineering, secure software engineering and other
related areas such as information security and assurance, critical
infrastructure protection, service-oriented computing, visual analytics
and self-adaptive software systems. He has published more than 100
refereed articles. He is a professional member of IEEE, ACM and AAAI.