Abstract
Advances in the field of computer network technology have allowed unprecedented levels of information sharing to be possible between users. As a result, there has been an increased need within the Department of Defense (DOD) to protect sensitive information and data sources against unauthorized access or disclosure. Reflective of this, the number of USAF Electronic Systems Division (ESD) acquisitions being directed to meet stringent security requirements is increasing. Absent from the cost analysis community has been a systematic approach for estimating the resources to build computer systems that are trusted to protect the information they process.
This paper presents a framework, based on research conducted by The MITRE Corporation, that identifies and schedules the security engineering tasks necessary to build a trusted computer system. For the program manager, this framework provides for the technical planning of security-relevant engineering activities around an acquisition’s major development milestones. The framework has been constructed in sufficient detail to support level of effort costing and, as a consequence, permits the cost analysis process to be directly incorporated into a project’s specific security engineering approach. A database has been initiated on security engineering costs, and insights into the major cost drivers associated with specific security requirements are shown.
The security engineering task schedules and the effort data presented in this paper, collectively provide an approach for estimating the cost to build trusted computer systems that meet DOD 5200.28-STD requirements. This research represents our first step in evolving a cost methodology sensitive to the very complex system-wide technical issues involved with building secure systems for the DOD. We offer the research summary contained in this paper, so that the defense cost and security technical communities may review, comment on, and expand upon the approach within their organizations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
“Department of Defense Standard: Department of Defense Trusted Computer System Evaluation Criteria,” DOD 5200.28-STD, Department of Defense, Washington, DC, December 1985. (Revised March 1988).
“Military Standard Work Breakdown Structures For Defense Materiel Items,” MIL-STD-881A, 25 April 1975.
Boehm, B. W., Software Engineering Economics, Prentice-Hall, 1981.
“Trusted Network Interpretation of the Trusted Computer Security Evaluation Criteria,” NCSC-TG-005, Version 1, National Computer Security Center, Fort Meade, MD, 31 July 1987.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1991 Springer-Verlag New York Inc.
About this paper
Cite this paper
Garvey, P.R. (1991). A Framework for Estimating the Cost to Build Trusted Computer Systems. In: Kankey, R., Robbins, J. (eds) Cost Analysis and Estimating. Springer, New York, NY. https://doi.org/10.1007/978-1-4612-3202-5_1
Download citation
DOI: https://doi.org/10.1007/978-1-4612-3202-5_1
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4612-7831-3
Online ISBN: 978-1-4612-3202-5
eBook Packages: Springer Book Archive