• Corpus ID: 108629168

Investigating Advances in the Acquisition of Secure Systems Based on Open Architecture, Open Source Software, and Software Product Lines

  title={Investigating Advances in the Acquisition of Secure Systems Based on Open Architecture, Open Source Software, and Software Product Lines},
  author={Walt Scacchi and Thomas A. Alspaugh},
Abstract : The role of software acquisition ecosystems in the development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components or by replacing them. This may result in possible security requirements conflicts and organizational liability for failure to fulfill security obligations. We… 

Figures from this paper

Achieving Better Buying Power through Acquisition of Open Architecture Software Systems: Volume 1
Abstract : This research focuses on continuing investigation and refinement of techniques for identifying and reducing the costs, streamlining the process, and improving the readiness of future
This article identifies and describes a set of six emerging issues that affect the engineering of open architecture software systems that integrate proprietary and open source software components.
Cybersecure Modular Open Architecture Software Systems for Stimulating Innovation
This work discusses new ways and means by which blockchains and smart contracts can be used to continuously assure the cybersecurity of software updates arising during OA software system development and evolution processes.
Build-time view of OA design selecting OSS product family alternatives
Six key issues now found in the Defense software ecosystem are identified and described, including how to best deal with diverse, heterogeneous software IP licenses; how to address cybersecurity requirements; challenges arising in software integration and release pipelines; and how OSS evolution patterns transform software IP and cybersecurity requirements.
Licensing security
  • T. Alspaugh, W. Scacchi
  • Computer Science, Law
    2012 Fifth IEEE International Workshop on Requirements Engineering and Law (RELAW)
  • 2012
This work proposes an analogous approach for security, in which portions of exclusive security rights owned by system stakeholders may be licensed as needed to others, in exchange for appropriate security obligations.
Securing Software Ecosystem Architectures: Challenges and Opportunities
The challenges and opportunities for improving the security of software ecosystems and supply chain processes are identified and architectural models that can be visually mapped, communicated, and understood are identified.
Investigating the Use of Computer Games and Virtual Worlds for Decentralized Command and Control Final Report
This effort investigates how computer games and virtual world concepts, techniques, and tools can be employed to create an online virtual world (VW) that supports experiments in decentralized command and control (DCC), and refers to this project and the CGVW as the DECENT project and system platform.


Investigating Advances in the Acquisition of Secure Systems Based on Open Architectures
The research described in this final report for the 2011-2012 project year focuses on continuing investigation and refinement of techniques for reducing the acquisition costs of complex software systems.
The Challenge of Heterogeneously Licensed Systems in Open Architecture Software Ecosystems
This work has developed an approach for understanding and modeling software licenses, as well as for analyzing conflicts among groups of licenses in realistic system contexts and for guiding the acquisition, integration, or development of systems with open-source components in such an environment.
Software Licenses, Open Source Components, and Open Architectures
This paper identifies key properties of OSS licenses, presents a license analysis scheme to identify license conflicts arising from composed software elements, and applies it to provide guidance for software architectural design choices whose goal is to enable specific licensed component configurations.
Emerging Issues in the Acquisition of Open Source Software within the US Department of Defense
The central problem examined in this paper is to identify principles of software architecture and OSS copyright licenses that facilitate or inhibit the success of an OA strategy when OSS and open APIs are required or are otherwise employed.
Analyzing software licenses in open architecture software systems
Key properties of OSS licenses are identified, a license analysis scheme is presented, and the approach for automatically analyzing license interactions is discussed, to realize the benefits of openness when components are subject to different copyright or property licenses.
Understanding the requirements for developing open source software systems
Eight kinds of software informalisms are found to play a critical role in the elicitation, analysis, specification, validation and management of requirements for developing open software systems, and this focus enables the consideration of a reformulation of the requirements engineering process and its associated artefacts, or (in)formalisms, to better account for the requirements for developed open source software systems.
Security Requirements Engineering: A Framework for Representation and Analysis
The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements, and is evaluated by applying it to a security requirements analysis within an air traffic control technology evaluation project.
On Open and Collaborative Software Development in the DoD
There is potential to overcome the challenges discussed in this paper and engender a culture of openness and community collaboration to support the DoD mission.
Enabling Software Acquisition Improvement: Government and Industry Software Development Team Acquisition Model
There are numerous technical challenges associated with the growth and reliance on software within the DoD/Navy’s mission critical warfare systems such as: Designing and implementing truly Open Architected systems that fully meet the goals of standardized interfaces, scalability, reliability, portability, modularity and reusability; and thereby lead to higher system quality while also reducing cost and schedule.
Understanding Requirements for Open Source Software
Findings from an empirical study identify how OSS requirements are decentralized across multiple informalisms, and to the need for advances in how to specify the capabilities of existing OSS systems.