System Assurance: Beyond Detecting Vulnerabilities (The MK/OMG Press)

By
Nikolai Mansourov, Chief Technical Officer at KDM Analytics
Djenana Campara, President and CEO of KDM Analytics

Description
In this day of frequent acquisitions and perpetual application integrations, systems are often an amalgamation of multiple programming languages and runtime platforms using new and legacy content. Systems of such mixed origins are increasingly vulnerable to defects and subversion.

System Assurance: Beyond Detecting Vulnerabilities addresses these critical issues. As a practical resource for security analysts and engineers tasked with system assurance, the book teaches you how to use the Object Management Group’s (OMG) expertise and unique standards to obtain accurate knowledge about your existing software and compose objective metrics for system assurance. OMG’ s Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about your existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and assurance patterns. Using these standards together, you will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect your system.



Audience:
Technologists from a broad range of software companies and related industries; Security Analysts; Computer Systems Analysts, Computer Software Engineers–Systems Software, Computer Software Engineers– Applications, Computer and Information Systems Managers, Network systems and Data Communication Analysts.



From the back cover:

Learn how to defend your systems against costly security vulnerabilities and breaches!

The Object Management Group (OMG) Software Assurance Ecosystem described in this book is a significant step towards collaborative cyber security automation; it offers a standards–based solution for building security and resilience in computer systems.

Joe Jarzombek, Director for Software Assurance, Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security

System Assurance is a very complex and difficult subject. This book successfully demonstrates and describes in detail how to combine different existing tools together in order to systematically develop System Assurance documentation and justification in a practical manner for a specific domain. The book provides very useful practical guidance that can be used by technical and management practitioners for the specific domain described, and by example for others for different domains.

John P. Hopkinson, Security Strategist, Kwictech

Features

• Provides end–to–end methodology for systematic, repeatable, and affordable System Assurance
• Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument.
• Supplies an online Case Study illustrating the steps of the System Assurance Methodology using automated tools

In this day of frequent acquisitions and perpetual application integrations, systems are often an amalgamation of multiple programming languages and runtime platforms using new and legacy content. Systems of such mixed origins are increasingly vulnerable to defects and subversion.

System Assurance: Beyond Detecting Vulnerabilities addresses these critical issues. As a practical resource for security analysts and engineers tasked with system assurance, the book teaches you how to use the Object Management Group‘s (OMG) expertise and unique standards to obtain accurate knowledge about your existing software and compose objective metrics for system assurance. OMG‘s Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about your existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and assurance patterns. Using these standards together, you will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect your system.

Dr. Nikolai Mansourov is the Chief Technical Officer at KDM Analytics and is the Editor of the OMG Knowledge Discovery Metamodel (KDM) specification and the Chair of the OMG Revision Task Force for KDM. He was Chief Scientist and Chief Architect at Klocwork Inc, served as a department head at the Institute for System Programming, Russian Academy of Sciences, and has published over 50 research papers.

Djenana Campara is the CEO of KDM Analytics, a member of the Board of Directors of the Object Management Group (OMG), and she chairs the OMG Architecture–Driven Modernization and System Assurance Task Forces. She sits on several boards, and was CTO of Klocwork , which she founded in 2001. She has been awarded several US patents for her groundbreaking static analysis techniques. She has published a number of papers on software transformations, and has been quoted in publications, including The Economist and Secure Computing.

About the Author:

Nikolai Mansourov is recognized worldwide for his work in the areas of automatic code generation and using formal specifications in both forward and reverse engineering. Prior to joining KDM Analytics, Dr. Mansourov was the Chief Scientist and Chief Architect at Klocwork Inc, where he significantly helped build the company‘s credibility. Dr. Mansourov also was a department head at the Institute for System Programming, Russian Academy of Sciences, where he was responsible for numerous groundbreaking research projects in advanced software development for industry leaders Nortel Networks and Telelogic. Dr. Mansourov has published over 50 research papers and is a frequent speaker as well as member of program committees at various international research forums. He is a founding member of the World–Wide Institute of Software Architects WWISA. His impact on the industry continues through his participation on several standards bodies, including the ITU–T and Object Management Group. Dr. Mansourov is one of the first OMG–certified UML Advanced Professionals and a member of the UML2 standardization team. Dr. Mansourov is the Editor of the OMG Knowledge Discovery Metamodel (KDM) specification and the Chair of the OMG Revision Task Force for KDM.

Djenana Campara has 20+ years of experience and leadership in the software engineering field. Ms. Campara is a member of the Board of Directors of the Object Management Group (OMG). Djenana Campara chairs the OMG Architecture–Driven Modernization Task Force and Software Assurance Special Interests Group, and serves as a board member on the Canadian Consortium of Software Engineering Research (CSER). Previously, Djenana was CTO of Klocwork and chairwoman of Klocwork‘s Board of Directors. Djenana founded the company in 2001 as a successful Nortel Networks spin off. She has served as Klocwork‘s chief executive officer, securing the company‘s first round of funding as well as closing its first customers. She has been awarded four US patents for her groundbreaking static analysis techniques implemented in Klocwork‘s products. She has published a number of papers on software transformations, has been quoted in publications, including The Economist and Secure Computing, and has participated in Fortune Magazine‘s "Brainstorm 2003," an international conference of the world‘s most creative leaders.