David P. Gilliam

Learn More
A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Traditionally, software security has been treated as an afterthought leading to a cycle of 'penetrate and patch.' Due to its criticality, security should be integrated as a(More)
This paper discusses new joint work by the California Institute of Technology's Jet Propulsion Laboratory and the University of California at Davis sponsored by the National Aeronautics and Space Administration to develop a security assessment instrument for the sojiware development and maintenance life cycle. The assessment instrument is a collection of(More)
This paper discusses joint work by the California Institute of Technology's Jet Propulsion Laboratov and sponsored by the National Aeronautics and Space Administration to develop a security assessment instrument for the software development arid niaititetiatice life cysle. The assessment instrument is a collection of tools and procedures to support(More)
Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach(More)
Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of software security properties. Such an approach which specifies security properties in a library that(More)
The network security assessment instrument is a comprehensive set of tools that can be used individually or collectively to ensure the security of network aware software applications and systems. Using the various tools collectively provide a distinct advantage for assuring the security of software and systems. Each tool's resulting output provides feedback(More)
Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is(More)
Traditionally, security is viewed as an organizational and Information Technology (IT) systems function. It isviewed as firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. However, until recently, little thought has been given to the importance of security in the(More)