A Framework for Estimating the Cost to Build Trusted Computer Systems

Conference paper


Advances in the field of computer network technology have allowed unprecedented levels of information sharing to be possible between users. As a result, there has been an increased need within the Department of Defense (DOD) to protect sensitive information and data sources against unauthorized access or disclosure. Reflective of this, the number of USAF Electronic Systems Division (ESD) acquisitions being directed to meet stringent security requirements is increasing. Absent from the cost analysis community has been a systematic approach for estimating the resources to build computer systems that are trusted to protect the information they process.

This paper presents a framework, based on research conducted by The MITRE Corporation, that identifies and schedules the security engineering tasks necessary to build a trusted computer system. For the program manager, this framework provides for the technical planning of security-relevant engineering activities around an acquisition’s major development milestones. The framework has been constructed in sufficient detail to support level of effort costing and, as a consequence, permits the cost analysis process to be directly incorporated into a project’s specific security engineering approach. A database has been initiated on security engineering costs, and insights into the major cost drivers associated with specific security requirements are shown.

The security engineering task schedules and the effort data presented in this paper, collectively provide an approach for estimating the cost to build trusted computer systems that meet DOD 5200.28-STD requirements. This research represents our first step in evolving a cost methodology sensitive to the very complex system-wide technical issues involved with building secure systems for the DOD. We offer the research summary contained in this paper, so that the defense cost and security technical communities may review, comment on, and expand upon the approach within their organizations.


Security Policy Security Requirement Evaluation Class Security Engineering Security Class 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    “Department of Defense Standard: Department of Defense Trusted Computer System Evaluation Criteria,” DOD 5200.28-STD, Department of Defense, Washington, DC, December 1985. (Revised March 1988).Google Scholar
  2. 2.
    “Military Standard Work Breakdown Structures For Defense Materiel Items,” MIL-STD-881A, 25 April 1975.Google Scholar
  3. 3.
    Boehm, B. W., Software Engineering Economics, Prentice-Hall, 1981.zbMATHGoogle Scholar
  4. 4.
    “Trusted Network Interpretation of the Trusted Computer Security Evaluation Criteria,” NCSC-TG-005, Version 1, National Computer Security Center, Fort Meade, MD, 31 July 1987.Google Scholar

Copyright information

© Springer-Verlag New York Inc. 1991

Authors and Affiliations

  1. 1.The METRE CorporationBedfordUSA

Personalised recommendations