Investigating Advances in the Acquisition of Secure Systems Based on Open Architecture, Open Source Software, and Software Product Lines.

摘要

The role of software acquisition ecosystems in the development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components or by replacing them. This may result in possible security requirements conflicts and organizational liability for failure to fulfill security obligations. We have developed an approach to modeling software security requirements as 'security licenses' for analyzing conflicts among groups of such licenses in realistic systems and for guiding the acquisition, integration, and development of systems with open source components. This paper reports on our efforts to extend our approach to specifying and analyzing software intellectual property licenses to software security licenses that are associated with secure OA systems. The report contains four sections: (1) Advances in the Acquisition of Secure Systems Based on Open Architectures, (2) Presenting Software License Conflicts through Argumentation, (3) Modding as an Open Source Approach to Extending Computer Game Systems, (4) Modding as a Basis for Developing Game Systems, and (5) Final Report Discussion and Prospects for Future Acquisition Research.