IDEAS home Printed from https://ideas.repec.org/h/spr/sprchp/978-1-4612-3202-5_1.html
   My bibliography  Save this book chapter

A Framework for Estimating the Cost to Build Trusted Computer Systems

In: Cost Analysis and Estimating

Author

Listed:
  • Paul R. Garvey

    (The METRE Corporation)

Abstract

Advances in the field of computer network technology have allowed unprecedented levels of information sharing to be possible between users. As a result, there has been an increased need within the Department of Defense (DOD) to protect sensitive information and data sources against unauthorized access or disclosure. Reflective of this, the number of USAF Electronic Systems Division (ESD) acquisitions being directed to meet stringent security requirements is increasing. Absent from the cost analysis community has been a systematic approach for estimating the resources to build computer systems that are trusted to protect the information they process. This paper presents a framework, based on research conducted by The MITRE Corporation, that identifies and schedules the security engineering tasks necessary to build a trusted computer system. For the program manager, this framework provides for the technical planning of security-relevant engineering activities around an acquisition’s major development milestones. The framework has been constructed in sufficient detail to support level of effort costing and, as a consequence, permits the cost analysis process to be directly incorporated into a project’s specific security engineering approach. A database has been initiated on security engineering costs, and insights into the major cost drivers associated with specific security requirements are shown. The security engineering task schedules and the effort data presented in this paper, collectively provide an approach for estimating the cost to build trusted computer systems that meet DOD 5200.28-STD requirements. This research represents our first step in evolving a cost methodology sensitive to the very complex system-wide technical issues involved with building secure systems for the DOD. We offer the research summary contained in this paper, so that the defense cost and security technical communities may review, comment on, and expand upon the approach within their organizations.

Suggested Citation

  • Paul R. Garvey, 1991. "A Framework for Estimating the Cost to Build Trusted Computer Systems," Springer Books, in: Roland Kankey & Jane Robbins (ed.), Cost Analysis and Estimating, chapter 1, pages 1-37, Springer.
    • Handle: RePEc:spr:sprchp:978-1-4612-3202-5_1
    DOI: 10.1007/978-1-4612-3202-5_1
    as

    Download full text from publisher

    To our knowledge, this item is not available for download. To find whether it is available, there are three options:
    1. Check below whether another version of this item is available online.
    2. Check on the provider's web page whether it is in fact available.
    3. Perform a
    for a similarly titled item that would be available.

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:sprchp:978-1-4612-3202-5_1. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.