Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

The network security assessment instrument is a comprehensive set of tools that can be used individually or collectively to ensure the security of network aware software applications and systems. Using the various tools collectively provide a distinct advantage for assuring the security of software and systems. Each tool's resulting output provides feedback into the other tools. Thus, more comprehensive assessment results are attained through the leverage each tool provides to the other when they are employed in concert. Previous portions of this work were presented at the IEEE Wet Ice 2000 and 2001 Workshops and are printed in those proceedings. This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles. This portion, the flexible modeling framework (FMF), focuses on modeling requirements and early lifecycle designs to discover vulnerabilities that result from interaction between system components that are either under development in a new system or proposed as additions to an existing system. There are early indications that this new approach, the flexible modeling framework (FMF), has promise in the areas of network security as well as other critical areas such as system safety. Information about the overall research effort regarding network security is available at http://security.jpl.nasa.gov/rssr.