While certification is widely recognized as a means to increase system trustworthiness and reduce uncertainty in decision making, it faces severe challenges preventing a wider adoption thereof. Certification is not adequately planned and integrated within the development process, leading to suboptimal scenarios where certification introduces the need to further modify the developed system with high costs. We propose a methodology that bridges the gap between software development and certification processes. Our methodology automatically produces the certification requirements driving all steps of the development process, and maximizes the strength of certificates while taking costs under control. We formalize the above problem as a multi-objective mathematical program and solve it through a genetic algorithm. The proposed approach is tested in a real-world, cloud-based financial scenario at CaixaBank and its performance and quality is evaluated in a simulated scenario.

Bridging the Gap between Certification and Software Development / C.A. Ardagna, N. Bena, R.M. De Pozuelo - In: ARES '22: Proceedings[s.l] : ACM, 2022. - ISBN 9781450396707. - pp. 1-10 (( Intervento presentato al 2022. convegno International Conference on Availability, Reliability and Security tenutosi a Wien nel Austria [10.1145/3538969.3539012].

Bridging the Gap between Certification and Software Development

C.A. Ardagna;N. Bena;
2022

Abstract

While certification is widely recognized as a means to increase system trustworthiness and reduce uncertainty in decision making, it faces severe challenges preventing a wider adoption thereof. Certification is not adequately planned and integrated within the development process, leading to suboptimal scenarios where certification introduces the need to further modify the developed system with high costs. We propose a methodology that bridges the gap between software development and certification processes. Our methodology automatically produces the certification requirements driving all steps of the development process, and maximizes the strength of certificates while taking costs under control. We formalize the above problem as a multi-objective mathematical program and solve it through a genetic algorithm. The proposed approach is tested in a real-world, cloud-based financial scenario at CaixaBank and its performance and quality is evaluated in a simulated scenario.
Certification; Software Development; Security
Settore INF/01 - Informatica
H20_RIA19EDAMI_01 - Cyber security cOmpeteNce fOr Research anD Innovation (CONCORDIA) - DAMIANI, ERNESTO - H20_RIA - Horizon 2020_Research & Innovation Action/Innovation Action - 2019
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
ABP.ARES2022.pdf

accesso aperto

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 994.46 kB
Formato Adobe PDF
994.46 kB Adobe PDF Visualizza/Apri
ABP.ARES2022.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 994.46 kB
Formato Adobe PDF
994.46 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/938487
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact