This paper describes our practical experiences in setting and working with requirements for a piece of security software.  Principally, it discusses the conflicts that occurred between the ease of putting the initial requirements on paper and the difficulty in applying them. The requirements were not formally specified, but the process of turning them into code followed our standard software development process.  However, the informality of the requirements was not the primary source of our conflicts; we believe that ambiguity always exists, ambiguity leads to assumptions, and assumptions are what lead to flaws—some of which may cause security vulnerabilities.

By explaining our journey through the software development process, we show how seemingly obvious and easily stated requirements lead to ambiguity, choices, and the need for revisiting specifications throughout the process.  We conclude with some recommendations from our experiences that we hope will be useful to other practitioners.

This Annual Research Summary presents and overview of the 1999-2000 research activities of the faculty members in the School of Electrical and Computer Engineering at Purdue University.  It provides information on 70 of the country\‘s finest researchers literally at your fingertips.  Of course, the limitations of print media make it impossible to keep up with the changes, breakthroughs, and updates occuring almost daily, so do access our home page.  Also, printing constraints do not allow us to publish this document in color; for images notated that the originals are in color, please refer to the appropriate section of the on-line Research Summary

The modeling of penetration testing as a Petri net is surprisingly useful.  It retains key advantages of the flaw hypothesis and attack tree approaches while providing some new benefits.

This thesis examines the impact information technologies have had on the national security of the United States.  It looks at how these technologies have evolved into a significant component of the economic, military, and social construct of the nation resulting in a transition from the Industrial Age to the Information Age. It introduces a new paradigm for conflict among nations based upon attacking information infrastructures.  The political attractions and deterrents to using these new information warfare methods are discussed at great length.  The debate is then placed in a traditional realist/liberal context and examined fromm both perspectives, suggesting technological developments are explored and contrasted with new technologies to develop hypotheses regarding the future strategic impacts that these new technologies will have. An increased reliance on information technology which is highly vulnerable to failure and sabotage has created a new risk to the national security of the United States.  These vulnerabilities will be exploited during any conventional military conflicts between nation states, but several political deterrents including economic interdependence and fear of escalation decrease their attraction during peacetime.  Despite this, the political and strategic attractions of information warfare make it a likely terrorist weapon. The final chapter offers policy prescriptions and solutions for integrating these concerns into the franework of the United States grand strategy to decrease the security threat and facilitate international cooperation in this area.

The objective of this initial phase of work by IDA was to identify promising, relevant technologies from the academic and civil sectors and assess their long-term applications and payoffs for IW functions.