TY - GEN
T1 - Bridging the Gap between Certification and Software Development
AU - Ardagna, Claudio A.
AU - Bena, Nicola
AU - De Pozuelo, Ramon Martín
N1 - Publisher Copyright:
© 2022 ACM.
PY - 2022/8/23
Y1 - 2022/8/23
N2 - While certification is widely recognized as a means to increase system trustworthiness and reduce uncertainty in decision making, it faces severe challenges preventing a wider adoption thereof. Certification is not adequately planned and integrated within the development process, leading to suboptimal scenarios where certification introduces the need to further modify the developed system with high costs. We propose a methodology that bridges the gap between software development and certification processes. Our methodology automatically produces the certification requirements driving all steps of the development process, and maximizes the strength of certificates while taking costs under control. We formalize the above problem as a multi-objective mathematical program and solve it through a genetic algorithm. The proposed approach is tested in a real-world, cloud-based financial scenario at CaixaBank and its performance and quality is evaluated in a simulated scenario.
AB - While certification is widely recognized as a means to increase system trustworthiness and reduce uncertainty in decision making, it faces severe challenges preventing a wider adoption thereof. Certification is not adequately planned and integrated within the development process, leading to suboptimal scenarios where certification introduces the need to further modify the developed system with high costs. We propose a methodology that bridges the gap between software development and certification processes. Our methodology automatically produces the certification requirements driving all steps of the development process, and maximizes the strength of certificates while taking costs under control. We formalize the above problem as a multi-objective mathematical program and solve it through a genetic algorithm. The proposed approach is tested in a real-world, cloud-based financial scenario at CaixaBank and its performance and quality is evaluated in a simulated scenario.
KW - Certification
KW - Security
KW - Software Development
UR - http://www.scopus.com/inward/record.url?scp=85136972521&partnerID=8YFLogxK
U2 - 10.1145/3538969.3539012
DO - 10.1145/3538969.3539012
M3 - Conference contribution
AN - SCOPUS:85136972521
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 17th International Conference on Availability, Reliability and Security, ARES 2022
PB - Association for Computing Machinery
T2 - 17th International Conference on Availability, Reliability and Security, ARES 2022
Y2 - 23 August 2022 through 26 August 2022
ER -