Abstract
The environment in which software projects are managed has evolved dramatically in recent years. This evolution has been driven by an extraordinary increase in network connectivity and extensive use of contractors for system development, raising issues of interoperability, security, ownership, and intellectual property rights. Project managers face the ongoing challenge of creating an orderly incremental development process, which often proceeds for years, in this complex environment. At the same time, the dependency of organizations, their suppliers, and their customers on complex, large-scale information systems is increasing at an astonishing rate, to the point that conduct of business operations is virtually impossible if these systems are compromised. As a result, survivability is receiving increasing attention as a key property of critical systems. Survivability is the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents. Given the severe consequences of system failure, it is clear that many more organizations should be, and at present are not, concerned with survivability issues. However, when survivability is added to the project management equation, software life cycles can look rather different from the traditional life-cycle model. In this paper we discuss this changing software project management environment, the impact of system survivability, and life-cycle activities that are tailored to development and evolution of survivable systems. Achieving survivable systems requires that survivability be integrated into project life cycles, and not treated as an add-on property.
Similar content being viewed by others
References
Anderson, R.H., A.C. Hearn and R.O. Hundley (1997), "RAND Studies of Cyberspace Security Issues and the Concept of a U.S. Minimum Essential Information Infrastructure," In Proceedings of the 1997 Information Survivability Workshop, CERT Coordination Center, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA.
Boehm, B.W. (1989), Software Risk Management, IEEE Computer Society Press, Los Alamitos, CA.
Carrol, J.M. (1999), "Five Reasons for Scenario-Based Design," In Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences, IEEE Computer Society Press, Los Alamitos, CA.
Department of Defense (DoD) (1985), "Department of Defense Trusted Computer System Evaluation Criteria," DoD 5200.28-STD, National Computer Security Center, Department of Defense Computer Security Center.
Ebert, C. (1997), "Dealing with Nonfunctional Requirements in Large Software Systems," Annals of Software Engineering 3, 367-395.
Ellison, R., D. Fisher, R.C. Linger, H.F. Lipson, T. Longstaff and N.R. Mead (1999), "Survivable Network Systems: An Emerging Discipline," Technical Report CMU/SEI-97-TR-013 (November 1997, revised May 1999), Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA.
Ellison, R., R.C. Linger, T. Longstaff and N. R. Mead (1999), "Survivable Network System Analysis: A Case Study," IEEE Software 16, 4, 70-77.
Kazman, R., M. Klein, M. Barbacci, T. Longstaff, H.F. Lipson and S.J. Carriere (1998), "The Architecture Tradeoff Analysis Method," In Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, IEEE Computer Society Press, Los Alamitos, CA; available at: http: //www.sei.cmu.edu/ata/.
Kemmerer, R.A. and P.A. Porras (1991), "Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels," IEEE Transactions on Software Engineering 17, 11, 1166-1185.
Linger, R.C. (1999), "Systematic Generation of Stochastic Diversity as an Intrusion Barrier in Survivable Systems Software," In Proceedings of 32nd Annual Hawaii International Conference on System Sciences (HICSS-32), IEEE Computer Society Press, Los Alamitos, CA; available at: http://www.cert. org/research/.
Linger, R.C., N.R. Mead and H.F. Lipson (1998), "Requirements Definition for Survivable Network Systems," In Proceedings of the International Conference on Requirements Engineering, IEEE Computer Society Press, Los Alamitos, CA, 14-23; available at: http://www.cert.org/research/.
Linger, R.C. and C.J. Trammell (1999), "Cleanroom Software Engineering Theory and Practice," In Industrial Strength Formal Methods in Practice, M.G. Hinchey and J.P. Bowen, Eds., Springer, London, UK.
Lipson, H.F. and D.A. Fisher (1999), "Survivability: A New Technical and Business Perspective on Security," In Proceedings of the 1999 New Security Paradigms Workshop, Association for Computing Machinery, New York.
Marmor-Squires, A., J. McHugh, M. Branstad, B. Danner, L. Nagy, P. Rougeau and D. Sterne (1989), "A Risk Driven Process Model for the Development of Trusted Systems," In Proceedings of the 1989 Computer Security Applications Conference, IEEE Computer Society Press, Los Alamitos, CA, pp. 184-192.
Marmor-Squires, A.B. and P.A. Rougeau (1988), "Issues in Process Models and Integrated Environments for Trusted Systems Development," In Proceedings of the 11th National Computer Security Conference, National Institute of Standards and Technology, Gaithersburg, MD.
McHugh, J. (1983), "Towards the Generation of Efficient Code from Verified Programs," Ph.D. Dissertation, The University of Texas at Austin, Austin, TX.
McHugh, J., C.N. Payne and C. Martin (1994), "Assurance Mappings," In Handbook for the Computer Security Certification of Trusted Systems, Center for High Assurance Computing Systems, Naval Research Laboratory, Washington, DC.
Mills, H.D. (1992), "Certifying the Correctness of Software," In Proceedings of 25th Hawaii International Conference on System Sciences, IEEE Computer Society Press, Los Alamitos, CA.
Mills, H.D., R.C. Linger and A.R. Hevner (1986), Principles of Information Systems Analysis and Design, Academic Press, New York.
Parnas, D.L. and P.C. Clements (1986), "A Rational Design Process: How and Why to Fake It," IEEE Transactions on Software Engineering 12, 2, 251-257.
Prowell, S.J., C.J. Trammell, R.C. Linger and J.H. Poore (1999), Cleanroom Software Engineering: Technology and Process, Addison-Wesley, Reading, MA.
Royce, W.W. (1987), "Managing the Development of Large Software Systems," In Proceedings of the 9th International Conference on Software Engineering, IEEE Computer Society Press, Los Alamitos, CA.
Stavely, A.M. (1999), Toward Zero-Defect Programming, Addison-Wesley, Reading, MA.
Young, W.D. and J. McHugh (1987), "Coding for a Believable Specification to Implementation Mapping," In Proceedings of 1987 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, CA.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Mead, N.R., Linger, R.C., McHugh, J. et al. Managing Software Development for Survivable Systems. Annals of Software Engineering 11, 45–78 (2001). https://doi.org/10.1023/A:1012587001946
Issue Date:
DOI: https://doi.org/10.1023/A:1012587001946