Towards a Design Theory for Trustworthy Information

Similar documents
Thriving Systems Theory:

SCRUM Project Architecture and Thriving Systems Theory

in the New Zealand Curriculum

Contemplating Design Pedagogy

CHAPTER 1: INTRODUCTION TO SOFTWARE ENGINEERING DESIGN

Assessing the Welfare of Farm Animals

Towards a Software Engineering Research Framework: Extending Design Science Research

Methodology for Agent-Oriented Software

Grundlagen des Software Engineering Fundamentals of Software Engineering

A FORMAL METHOD FOR MAPPING SOFTWARE ENGINEERING PRACTICES TO ESSENCE

Socio-cognitive Engineering

IS Design Pedagogy: A Special Ontology and Prospects for Curricula

Delaware Standards for Visual & Performing Arts

Catholijn M. Jonker and Jan Treur Vrije Universiteit Amsterdam, Department of Artificial Intelligence, Amsterdam, The Netherlands

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities, IAEA Headquarters Vienna, Austria, November, 2017

Pan-Canadian Trust Framework Overview

Argumentative Interactions in Online Asynchronous Communication

Getting the evidence: Using research in policy making

Context Sensitive Interactive Systems Design: A Framework for Representation of contexts

Software-Intensive Systems Producibility

Engaging UK Climate Service Providers a series of workshops in November 2014

DiMe4Heritage: Design Research for Museum Digital Media

Integrated Reporting WG

A Theory about the Structure of GTSEs

Assessment of Smart Machines and Manufacturing Competence Centre (SMACC) Scientific Advisory Board Site Visit April 2018.

TENTATIVE REFLECTIONS ON A FRAMEWORK FOR STI POLICY ROADMAPS FOR THE SDGS

UNIT-III LIFE-CYCLE PHASES

Putting the Systems in Security Engineering An Overview of NIST

Towards a novel method for Architectural Design through µ-concepts and Computational Intelligence

TANGIBLE IDEATION: HOW DIGITAL FABRICATION ACTS AS A CATALYST IN THE EARLY STEPS OF PRODUCT DEVELOPMENT

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

Methodology. Ben Bogart July 28 th, 2011

DESIGN TYPOLOGY AND DESIGN ORGANISATION

Proficient: Kansas Visual Art Performance Standards

ENHANCED HUMAN-AGENT INTERACTION: AUGMENTING INTERACTION MODELS WITH EMBODIED AGENTS BY SERAFIN BENTO. MASTER OF SCIENCE in INFORMATION SYSTEMS

Principles for the Networked World

Systems. Professor Vaughan Pomeroy. The LRET Research Collegium Southampton, 11 July 2 September 2011

Grade 6: Creating. Enduring Understandings & Essential Questions

Non-ferrous metals manufacturing industry: vision for the future and actions needed

Guidelines for the Development of Historic Contexts in Wyoming

Agreement Technologies Action IC0801

Standard of Knowledge, Skill and Competence for Practice as an Architectural Technologist

Modeling & Simulation Roadmap for JSTO-CBD IS CAPO

Gender pay gap reporting tight for time

Visual Art Standards Grades P-12 VISUAL ART

Achievement Targets & Achievement Indicators. Envision, propose and decide on ideas for artmaking.

Grade 5: Kansas Visual Art Performance Standards

CATHOLIC REGIONAL COLLEGE SYDENHAM. Study: Studio Arts

EXPLORING HOW ENGINEERING ENTREPRENEURSHIP COMPETENCIES ALIGN WITH ABET CRITERION 3A-K

Digital Engineering Support to Mission Engineering

Six steps to measurable design. Matt Bernius Lead Experience Planner. Kristin Youngling Sr. Director, Data Strategy

Expression Of Interest

ONR Strategy 2015 to 2020

Applied Robotics for Installations and Base Operations (ARIBO)

A Knowledge-Centric Approach for Complex Systems. Chris R. Powell 1/29/2015

The Role of Co-production in RCOFS: Toward Usable Climate Services

ENGAGE MSU STUDENTS IN RESEARCH OF MODEL-BASED SYSTEMS ENGINEERING WITH APPLICATION TO NASA SOUNDING ROCKET MISSION

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

First steps towards a mereo-operandi theory for a system feature-based architecting of cyber-physical systems

PBL Challenge: DNA Microarray Fabrication Boston University Photonics Center

EXPERIENCES OF IMPLEMENTING BIM IN SKANSKA FACILITIES MANAGEMENT 1

Convergence and Differentiation within the Framework of European Scientific and Technical Cooperation on HTA

How to Keep a Reference Ontology Relevant to the Industry: a Case Study from the Smart Home

Current Challenges for Measuring Innovation, their Implications for Evidence-based Innovation Policy and the Opportunities of Big Data

Proposed Curriculum Master of Science in Systems Engineering for The MITRE Corporation

Initial draft of the technology framework. Contents. Informal document by the Chair

REPORT ON THE INTERNATIONAL CONFERENCE MEMORY OF THE WORLD IN THE DIGITAL AGE: DIGITIZATION AND PRESERVATION OUTLINE

Distilling Scenarios from Patterns for Software Architecture Evaluation A Position Paper

TOURISM INSIGHT FRAMEWORK GENERATING KNOWLEDGE TO SUPPORT SUSTAINABLE TOURISM. IMAGE CREDIT: Miles Holden

learning progression diagrams

Software Is More Than Code

Transactions on Information and Communications Technologies vol 4, 1993 WIT Press, ISSN

LICENSING THE PALLAS-REACTOR USING THE CONCEPTUAL SAFETY DOCUMENT

A SYSTEMIC APPROACH TO KNOWLEDGE SOCIETY FORESIGHT. THE ROMANIAN CASE

Towards a Magna Carta for Data

Delaware Standards for Visual & Performing Arts

Framework Programme 7

progressive assurance using Evidence-based Development

Model Based Systems Engineering with MagicGrid

MECHANICAL DESIGN LEARNING ENVIRONMENTS BASED ON VIRTUAL REALITY TECHNOLOGIES

Score grid for SBO projects with a societal finality version January 2018

DIGITAL TRANSFORMATION LESSONS LEARNED FROM EARLY INITIATIVES

ANALYSIS OF BENEFITS AND CHALLENGES TOWARDS MALAY TECHNOLOGICAL TERMINOLOGIES IN HIGHER SKILL LEARNING

Ethics Guideline for the Intelligent Information Society

Systems Architecting and Software Architecting - On Separate or Convergent Paths?

University of Massachusetts Amherst Libraries. Digital Preservation Policy, Version 1.3

APEC Internet and Digital Economy Roadmap

SDN Architecture 1.0 Overview. November, 2014

AN INTERROGATIVE REVIEW OF REQUIREMENT ENGINEERING FRAMEWORKS

Information and Communication Technology

n y s a t a Major Sequence Level Portfolio An Official Program of the New York State Art Teachers Association

Metrology in the Digital Transformation

SAUDI ARABIAN STANDARDS ORGANIZATION (SASO) TECHNICAL DIRECTIVE PART ONE: STANDARDIZATION AND RELATED ACTIVITIES GENERAL VOCABULARY

ABSTRACT. Keywords: information and communication technologies, energy efficiency, research and developments, RTD, categorization, gap analysis.

Information Communication Technology

HELPING THE DESIGN OF MIXED SYSTEMS

A4BLUE - Adaptive Automation in Assembly For BLUE collar workers satisfaction in Evolvable context

Building Collaborative Networks for Innovation

The Hidden Structure of Mental Maps

Design Science Research Methods. Prof. Dr. Roel Wieringa University of Twente, The Netherlands

Transcription:

Towards a Design Theory for Trustworthy Information Elegance Defense in Depth Defining Domains Systems Identity Management intuitiveness divisibility Simple Trusted Components Les Waguespack, Ph.D., Professor! Auditing Authorizing Complete Mediation Operations usability predictability Few Trusted Components effectiveness vitality sustainability Risk Management trustworthy fidelity robustness confidence Manageable Access scalability factorability Assurance Least constructibility Separation Linking Roles and Domains Privilege 30 LJ David J. Yates, Ph.D., Associate Professor! William T. Schiano, DBA, Professor!! Computer Information Systems Bentley University Waltham Massachusetts!! HICSS-47 - Hawaii January 9, 2014 1

Threads of Theory in Design Notes on the Synthesis of Form The Protection of Information Systems - Saltzer The Oregon Experiment A Pattern Language A Timeless Way of Building Pattern Languages of Program Design - Coplien Design Patterns - Gamma OO Patterns - Coad A Vision of a Living World The Luminous Ground The Phenomenon of Life The Process of Creating of Life 2004 Trustworthy IS Design Theory 1964 1975 1977... 1971 1973 1976 1979 1979 1987 1980 No Silver Bullet: Essence and Accidents... - Brooks Metaphors We LIve By - Lakoff 1991 Designing Software for Ease of Extension and Contraction - Parnas 1992 1995 Information Systems Security: A Comprehensive Model - McCumber 1999 Philosophy in the Flesh - Lakoff 2000 2002 2003 2005 Computer Security Bishop 2010 Thriving Systems Theory & Metaphor-Driven Modeling - Waguespack 2014 A Lattice Model of Secure Information Flow - Denning Where Mathematics Comes From - Lakoff Secure Computer Systems: Mathematical Foundations - Bell / LaPadula Program Development by Stepwise Refinement - Wirth The Nature of Order - Alexander Software Engineering Object Modeling Cognitive Linguistics Security Theory Thriving 2 Systems

Motivation The current state of design thinking about security has led to many gaps in information systems security. Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (Organisation for Economic Co-operation and Development (2002)): A growing number and wider variety of threats and vulnerabilities marks the Internet Age. Only an approach that takes due account of the interests of all participants, and the nature of the systems, networks, and related services, can provide effective security. We need a design theory for information systems and business models with principles of form and function: 1) that enable stakeholders to integrate the broad range of security concerns and potential responses, 2) in a balance that satisfies stakeholders objective and aesthetic conception of quality and trustworthiness. 3

Statement of requirements that explicitly defines the security expectations of the mechanism(s) Policy Assurance Engenders Trust Assurance 4 Mechanisms Executable entities that are designed and implemented to meet the requirements of the policy

Statement of requirements that explicitly defines the security expectations of the mechanism(s) Bishop, p. 479 Policy Assurance Assurance Engenders Trust Provides justification that the mechanism meets policy through assurance evidence and approvals based on evidence 4 Mechanisms Executable entities that are designed and implemented to meet the requirements of the policy

The subjective, intention of the stakeholders defining satisfactory behavior Policy Security Management Sustains Trust Assurance 5 The objective, computational elements implementing the physical security model Mechanisms

The subjective, intention of the stakeholders defining satisfactory behavior Policy Assurance A dynamic alignment of policy and mechanisms responding to emerging threats and evolving requirements: environment and technology 5 Security Management Sustains Trust The objective, computational elements implementing the physical security model Mechanisms

Trustworthy Systems Security policies are assumed to be internally consistent and to reflect the requirements of the organization to which they apply. Similarly, security mechanisms are assumed to work correctly and to perform the functions for which they are intended. These crucial aspects of trustworthiness are commonly glossed over because they are difficult to quantify or analyze. Elisabeth Sullivan Part 6, (Bishop (2002), Computer Security: Art and Science, Addison-Wesley, Boston, MA.) Trust in information systems must be driven by a combination of: 1) responding to the stakeholders tacit expectations and 2) shaping those expectations by crafting a security model that defines trustworthy systems behaviors and outcomes. 6

Thriving Systems Theory Identity Elegance Stepwise Refinement Modularization Cohesion Programmability Transparency Design Choice Properties in Confluence Experienced as Design Quality Encapsulation Composition of Function Reliability Scale Patterns Extensibility User Friendliness Correctness 7

Thriving Systems Theory Programmability Transparency Reliability usability Identity intuitiveness effectiveness objective structural subjective aesthetic predictability Elegance vitality sustainability Stepwise Refinement thriving divisibility robustness Modularization scalability factorability Cohesion constructibility Scale Encapsulation Composition of Function Patterns Extensibility fidelity confidence User Friendliness Correctness 7

Security Design Aspects Programmability Transparency Reliability Authorizing Operations Auditing Complete Mediation Identity Identity Management Few Trusted Components Patterns Elegance Elegance Extensibility Stepwise Refinement Defense in Depth Modularization Defining Domains Security Principles and Protocols Grouped by the Choice Property They Express Risk Management Manageable Access User Friendliness Simple Trusted Components Assurance Least Cohesion Separation Linking Roles and Domains Privilege Correctness Scale Encapsulation Composition of Function 8

Security Design Aspects Authorizing Operations: the ability to adjust the scope and depth of protection to meet stakeholder security concerns Auditing: facility for threat identification and classification supporting forensics and ongoing policy review and evolution Elegance: protection mechanisms effectively, efficiently, and simply organized, realizing a security policy resonating with the stakeholder community s conception of security and welfare Identity Management: comprehensive and definitive naming of system elements to allow application and assurance of security mechanisms Complete Mediation: assured system-wide application and enforcement of protection mechanisms Few Trusted Components: minimal and symmetric formulation of criteria, privilege and protection across domains Auditing Authorizing Complete Mediation Operations Identity Management Few Trusted Components Elegance Defense in Depth Defense in Depth: graduated protections in layers spanning application, platform and communication architecture Defining Domains Simple Trusted Components Security Principles and Protocols Grouped by the Choice Property They Express Risk Management Manageable Access Assurance Least Separation Linking Roles and Domains Defining Domains: a topological definition of protection by requirement where constituent elements are subject to consistent policy and protection mechanisms Privilege Simple Trusted Components: a preference for atomic protection mechanisms and system elements Separation: segregating protection domains and mediating their exchange of information, control and authority Linking Roles & Domains: cascading authentication and separation of domains to attenuate privileges Least Privilege: preferring that domain access spans the minimum range feasible to support required functionality Assurance: evidence based monitoring of policy and protection mechanisms across domains Risk Management: dynamic policy and protection specification supporting timely response to the changing threat landscape and evolving stakeholder intentions Manageable Access: coherent and user-accessible policy and protection mechanisms to manage and monitor domains 8

Trustworthy Systems Theory Identity Management Elegance intuitiveness Defense in Depth divisibility Defining Domains Simple Trusted Components objective structural Authorizing Operations subjective aesthetic Auditing Complete Mediation usability predictability Few Trusted Components effectiveness vitality sustainability Risk Management trustworthy fidelity robustness confidence Manageable Access scalability factorability Least constructibility Assurance Separation Linking Roles and Domains Privilege

Conclusion This is only a first step toward a design theory for trustworthy information systems. Pedagogical applications of Thriving Systems Theory have shown positive results in improving student design performance but, we have no industrial-strength experience to this point. Our next step is to develop a choice-property guided design methodology - ideally for artifact design and implementation in the field. Framing security design through a lens of Thriving Systems Theory informs the security intentions and security mechanisms encompassing stakeholder, policy maker, and developer. Our focus on artifact resonance with stakeholder intentions defines trustworthiness as a product of a subjective and objective portfolio of design concerns that must be managed in harmony. 10

discussion LWaguespack@Bentley.edu

HICSS47 - Towards a Design Theory for Trustworthy Information Systems Leslie J. Waguespack, David J. Yates & William T. Schiano Bentley University, Waltham, Massachusetts, USA lwaguespack@bentley.edu dyates@bentley.edu wschiano@bentley.edu Trustworthiness: artifact resonance with stakeholder intentions as a product of a subjective and objective portfolio of design concerns managed in harmony. Thriving Systems Theory Choice Property Modularization Design Action modularize Action Definition employing or involving a module or modules as the basis of design or construction Cohesion factor express as a product of factors Encapsulation Composition of Function Stepwise Refinement Scale Identity encapsulate assemble elaborate focus identify enclose the essential features of something succinctly by a protective coating or membrane fit together the separate component parts of (a machine or other object) develop or present (a theory, policy, or system) in detail (of a person or their eyes) adapt to the prevailing level of light [abstraction] and become able to see clearly establish or indicate who or what (someone or something) is Patterns pattern give a regular or intelligible form to Programmability User Friendliness Reliability Correctness generalize accommodate normalize align make or become more widely or generally applicable fit in with the wishes or needs of make something more normal, which typically means conforming to some regularity or rule put (things) into correct or appropriate relative positions Transparency expose reveal the presence of (a quality or feeling) Extensibility Elegance extend coordinate render something capable of expansion in scope, effect, or meaning bring the different elements of (a complex activity or organization) into a relationship that is efficient or harmonious Security Design Aspect Defining Domains: a topological definition of protection by requirement where constituent elements are subject to consistent policy and protection mechanisms Simple Trusted Components: a preference for atomic protection mechanisms and system elements Separation: segregating protection domains and mediating their exchange of information, control and authority Linking Roles & Domains: cascading authentication and separation of domains to attenuate privileges Defense in Depth: graduated protections in layers spanning application, platform and communication architecture Least Privilege: preferring that domain access spans the minimum range feasible to support required functionality Identity Management: comprehensive and definitive naming of system elements to allow application and assurance of security mechanisms Few Trusted Components: minimal and symmetric formulation of criteria, privilege and protection across domains Authorizing Operations: the ability to adjust the scope and depth of protection to meet stakeholder security concerns Manageable Access: coherent and user-accessible policy and protection mechanisms to manage and monitor domains Complete Mediation: assured system-wide application and enforcement of protection mechanisms Assurance: evidence based monitoring of policy and protection mechanisms across domains Auditing: facility for threat identification and classification supporting forensics and ongoing policy review and evolution Risk Management: dynamic policy and protection specification supporting timely response to the changing threat landscape and evolving stakeholder intentions Elegance: protection mechanisms effectively, efficiently, and simply organized, realizing a security policy resonating with the stakeholder community s conception of security and welfare Abbreviated Bibliography Alexander C. The Nature of Order An Essay on the Art of Building and the Nature of the Universe: Book I - The Phenomenon of Life, The Center for Environmental Structure, Berkeley, CA, 2002. Bell, D. E., & LaPadula, L. J. Secure Computer Systems: Mathematical Foundations, Technical Report Mitre-2547, Vol. 1, Bedford, MA, USA, 1973. Bishop, M. Computer Security: Art and Science, Addison-Wesley, Boston, MA, 2003. Brooks F. P. No Silver Bullet: Essence and Accidents of Software Engineering, Computer, 20(4), 1987, pp. 9-19. Lampson, B. W. Computer Security in the Real World, Computer, 37(6), 2004, pp. 37-46. OECD. Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, OECD, 2002, www.oecd.org/sti/ ieconomy/1946962.doc, retrieved 20 August 2014. Saltzer, J. H., & Schroeder, M. D. The Protection of Information in Computer Systems, Proceedings of the IEEE, 63(9), 1975, pp. 1278-1308. Waguespack, L. J. Thriving Systems Theory and Metaphor-Driven Modeling, Springer, London, UK, 2010. Waguespack, L. J., & Schiano, W. T. Thriving Systems Theory: An Emergent Information Systems Design Theory, in 46th Hawaii International Conference on Systems Sciences, 2014, pp. 3757-3766. handout -

HICSS47 - Towards a Design Theory for Trustworthy Information Systems Leslie J. Waguespack, David J. Yates & William T. Schiano Bentley University, Waltham, Massachusetts, USA lwaguespack@bentley.edu dyates@bentley.edu wschiano@bentley.edu Transparency stworthy ystems heory Programmability Reliability Authorizing Operations Auditing Complete Mediation Identity ective hetic Patterns Identity Management usability predictability Few Trusted Components Elegance Elegance intuitiveness effectiveness subjective aesthetic vitality Extensibility sustainability Risk Management Stepwise Refinement Defense in Depth trustworthy divisibility fidelity robustness confidence Modularization Defining Domains objective structural Manageable Access User Friendliness scalability Simple Trusted Components factorability Least constructibility Assurance Cohesion Correctness objec struc Separation Linking Roles and Domains Privilege Scale Encapsulation LJW, 20 Composition of Function Thriving Systems Theory provides a vocabulary and framework for identifying and harmonizing security concerns in design decisions that align mechanisms with intentions to engender stakeholders trust in information systems.! By categorizing security protocols of policy and mechanism aligned with TST choice properties, stakeholders and designers can dynamically tune the balance of functionality with structures that protect confidentiality, integrity and availability. That balance produces a qualitative resonance, the experience of trustworthiness that combines the subjective (aesthetic) with the objective (computational) stakeholder expectations. http://cis.bentley.edu/lwaguespack/docpdffiles/hicss47slides.pdf handout -

A Special Ontology of Design abstract artistry satisfaction effectiveness perception of design (n) what Design cost to implement efficiency generative activity activity affect environmental parameter conceptual metaphor ontological primitive why to design (v) how metaphorical lens LJW 2014

A Special Ontology of Design system edifice model artifact generative activity activity affect environmental parameter conceptual metaphor ontological primitive what scientific knowledge culture abstract artistry satisfaction effectiveness perception of design (n) cost to implement efficiency craft innovation belief why purpose need intention to design (v) metaphorical lens how method process LJW 2014

A special ontology of design! constructs: why, how, what! The Why establishes the purpose of the artifact based on the intention and mindset of the designer! The How determines the mode of implementation of the artifact as process or methodology! The What is the product of the implementation that is the design effort s attempt at addressing the intention! relationships! the Why informs the How through design (v)! the How produces the What as artifact, edifice, model or system! the Why perceives the What s characteristics! the implementation of What bypassing design(v) might be called artistry where the intention is rendered directly in the artifact (given that any material art product involves some implementation if not design(v) )! modifiers! the Why is conditioned by scientific knowledge, culture and/or belief in forming intention! the conceptual metaphor is the designer s mental model characterizing both the objective and subjective constructs to be produced in What by How! the conceptual metaphor translates the Why through design (v) to instruct the How! the How implements the What incurring cost and exhibiting efficiency! the What s design(n) characteristics are perceived by the Why through the conceptual metaphor to interpret the What s characteristics to exhibit satisfaction and/or effectiveness! the How is conditioned by existing craft that may be altered with implementation experience through innovation! The metaphorical lens is both the source of instruction between the Why and How as well as the standard for interpretation from which the assessment of satisfaction will be realized! It s interesting to note that although the characteristics of What seem to be the focus of design(v), only How is engaged directly with Why. It is as though How is the object of design rather than What. What simply provides the test case (the design(n)) that is evaluated as consistent or not against the Why, the result of the conveyance of Why s intention to How!? LJW 2014

Organizations design artifacts." Organizations design processes." Perhaps the most important artifact organizations should design is why they design!

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback