Additions to challenges of security development and implementation

Signed-off-by: Paul Wortman <paul.mauddib28@gmail.com>

PBDSecPaper.tex

@@ -227,7 +227,7 @@ \section{Security}
 		\item Security Principles - guidelines or rules that when followed during system design will aid in making the system secure.
 		\item Security Policies - organizational security policies are ``the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.''  System Security Policies are rules that the information system enforces relative to the resources under its control to reflect the organizational security policy.
 		\end{itemize}
-	\item Could have security elements that attempt to optimize themselves to the system they are in based on a few pivot points (power, time, efficiency, level of randomness).  Another option for the automated tool could trade out specific security components as an easier way to increase security without requireing re-design/re-construction of the underlying element.  There is always the requirement that the overall trustworthiness of a new system must meet the standards of the security policies that `rule' the system.
+	\item In the same manner that these various security aspects (e.g. mechanisms, principles, policies) must be considered during developemtn automation, the software and hardware aspects must also come under consideration based on the desired behavior/functionality of the system under design.  Could have security elements that attempt to optimize themselves to the system they are in based on a few pivot points (power, time, efficiency, level of randomness).  Another option for the automated tool could trade out specific security components as an easier way to increase security without requireing re-design/re-construction of the underlying element.  There is always the requirement that the overall trustworthiness of a new system must meet the standards of the security policies that `rule' the system.
 	\item Virtualization should be used for exploring the design space, as it is hoped that it is obvious as to why.  Not only is the cost of prototyping incredably expensive, but redesign is equally costly.  Virtualization aids by removing the need for a physical prototyping (less monitary costs) and allows for more rapid exploration of the full design space.  While the design time for such powerful tools will be expensive (both in monitary and temporal costs), the rewards of developing, validating, and evaluating this virtualization tool will offset the early design phase costs of an automation of security component design.
 	\end{itemize}
 \item Mapping of Security onto PBD structure
@@ -236,7 +236,7 @@ \section{Security}
 	\item ``...allows security concerns to be recognized early in the development process and can be given sufficient attention in subsequent stages.  By controlling system security during architectural refinement, we can decrease software production costs and speed up the time to market.  This approach aslo enchances the role of the software architects by requiring that their decisions be not only for functional decomposition, but also for [non-functional requirements] fulfillment.''~\cite{ZhouFoss2006}
 	\item Apply here ideas of Sufficient User Documentation, Procedural Rigor, Repeatable, Documented Procedures.
 	\end{itemize}
-\item What are the research challeneges?
+\item The last, and by no means least, important topic that must be tackled in this section is the question of what exactly are the research challenges.  There has been a lot of information, ideas, and principles presented over the course of this writing along with parallels to existing research and methodologies that can be almost directly applied to the concept of mapping security development to platform-based design.  The primary cost of developing security, and running a secure system, is time.  There are the monitary and hardware costs of security developement and implementation, but even those aspects all have a time cost coupled with them.  Time, while being the most expensive part of security design is also the aspect that can be tackled and minimized with rigorous planning and documentation.  Taking into account that even the development of documentation and standards also has its own time cost associated with it, this early phase development can also diminsh the time-cpst impact for later steps in the system's development/implementation life-cycle.
 	\begin{itemize}
 	\item How to put cost on security? How to make models? What is high vs. low? (Are there models that exist?)
 	\end{itemize}