This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
January/February 2011 (vol. 9 no. 1)
pp. 18-21
Cynthia Irvine, Naval Postgraduate School
J.R. Rao, IBM Thomas J. Watson Research Center
Construction of highly trustworthy systems is quite challengiwng and requires experienced leaders who can guide development teams through technical, political, and bureaucratic hurdles. Today's systems must be designed so that their security claims remain valid from inception through retirement. Hence, security engineering must start at the earliest stages of development, when wise choices can have a major impact on system trustworthiness and vulnerabilities are relatively inexpensive to fix. This guest editors' introduction notes the apparent scarcity of large projects incorporating rigorous security engineering and enumerates topics for further investigation, such as compositionality, formal modeling and verification, RAS and resiliency, economic factors, user acceptability and usability, and extensibility.

1. S. Bellovin, "Stuxnet: The First Weaponized Software?", blog, 27 Sept. 2010; www.cs.columbia.edu/~smb/blog/2010-092010-09-27.html .
2. W.H. Ware, "Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security," tech. report R-609-1, RAND, 1970.
3. P.A. Karger and R.R. Schell, "Thirty Years Later: The Lessons from the Multics Security Evaluation," Proc. 18th Annual Computer Security Applications Conf., IEEE CS Press, 2002, pp. 119–126.
4. J.P. Anderson, "Computer Security Technology Planning Study," tech. report ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, 1972.
5. G. Pottinger, Proof Requirements in the Orange Book: Origins, Implementation, and Implications, Mathematical Sciences Inst., Cornell Univ., 1994.

Index Terms:
Secure Engineering, Trustworthy, High Assurance, Common Criteria, Root of Trust, TPM, Compositionality, Engineering Secure Systems
Citation:
Cynthia Irvine, J.R. Rao, "Guest Editors' Introduction: Engineering Secure Systems," IEEE Security & Privacy, vol. 9, no. 1, pp. 18-21, Jan.-Feb. 2011, doi:10.1109/MSP.2011.10
Usage of this product signifies your acceptance of the Terms of Use.