Towards Higher Assurance Software Construction via Aspects Thomas Llansó, Inventor.

Slides:

Advertisements

Similar presentations

Universal Fulfillment Organizer Leads CHT to NGOSS

Advertisements

Chemawawin Cree Nation. Community Planning Change, Expectations and Performance Some Observations Chief Clarence Easter Chemawawin Cree Nation Aboriginal.

An Institutionally Secure Integrated Data Environment (INSIDE) By University of St Andrews & University of Durham Original Aims –the development of a sustainable.

1 Doing More with Less How to Manage a Growing Enterprise with Limited Resources Kyle Slosek Thursday March 22, 2012 MCBRE 2012 Young Professionals Conference.

Ultra-Thin Microelectronics Inventing Team: Harry Charles, Charles Banda (NSA), Shaun Francomacaro, Allen Keeney, and John Lehtonen.

The Electronic Office Some supplementary information Corporate websites Office automation Company intranet.

Bruce Harris & Associates, Inc Bruce Harris & Associates, Inc. December 3, 2012.

Computational Model of a 5th Percentile Male Human Torso Emily Ward, Inventor Jack Roberts, Inventor Michael Kleinberger, Inventor.

Three-Dimensional Scanner for Archeological Artifacts patent pending Daniel Hahn, Kevin Baldwin, Donald Duncan Inventors.

Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory.

CollabSpace – An Advanced Geospatial Collaboration Environment Nigel Tzeng, PI Jennifer Ockerman, Nathan Koterba, Osbaldo Cantu Johns Hopkins University.

Applying the SOA RA Utah Public Safety ESB Project Utah Department of Technology Services April 10, 2008 Prepared by Robert Woolley.

An Information Visualization Software System to Manage Resource Access Control Policies Jaime Montemayor, Inventor Thomas Llanso, Inventor.

Prashant Lambat Sr. Manager SQA Engineering Symantec Corporation, Pune Date: 29 th January 2011.

_UK.PPT-1 Swarming Network for Intruder Detection Jerry A. Krill, Mike J. O‘Driscoll Johns Hopkins University - Applied Physics Laboratory.

Social Relationship Identification in Informal, Online Communication Archives Chris Diehl, JHU/APL Galileo Namata and Lise Getoor, University of Maryland.

Graph Query Language for Analyzing Data Graphs David Silberberg, Paul Frank, Wayne Bethea and John Gersh – Inventors.

Remotely Directed Vehicle Inspection System Protagoras Cutchis, Inventor.

Software Reuse Building software from reusable components Objectives

Implementation. We we came from… Planning Analysis Design Implementation Identify Problem/Value. Feasibility Analysis. Project Management. Understand.

Software Testing and QA Theory and Practice (Chapter 16: Test Team Organization) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and.

Process-oriented System Automation Executable Process Modeling & Process Automation.

Integrate your people maximize your knowledge Tel SalesBase Customer.

Introduction to BIM BIM Curriculum 01.

Chapter : Software Process

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

1 Software Testing and Quality Assurance Theory and Practice Chapter 16 Test Team Organization.

Laudon & Laudon: Canadian Edition

System Analysis and Design

Capability Based Planning Methodology and Tool Karen Kohri, Jeff Brown Clarence Wong, Chris Latimer Inventors.

Introduction to the Exchange Network January 9 th, 2012.

Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

Supporting Heterogeneous Users in Collaborative Virtual Environments using AOP CoopIS 2001 September 5-7, Trento, Italy M. Pinto, M. Amor, L. Fuentes,

ESA/ESTEC, TEC-QQS August 8, 2005 SAS_05_ESA SW PA R&D_Winzer,Prades Slide 1 Software Product Assurance (PA) R&D Road mapping Activities ESA/ESTEC TEC-QQS.

NATIONAL TECHNICAL UNIVERSITY OF ATHENS Image, Video And Multimedia Systems Laboratory Background

Auditing Information Systems (AIS)

Pattern-based Approach to Architecture Marcus Langford-Thomas Graham Cunningham Marcus Langford-Thomas Graham Cunningham

SOA in Tax Administration Meeting DG Taxud and SKAT Friday the 12 th of October 2012 Copenhagen.

Test Team Organization. 2  Test Groups  Integration Test Group  System Test Group  Software Quality Assurance Group  Quality.

Construction, Testing, Documentation, and Installation Chapters 15 and 16 Info 361: Systems Analysis and Design.

Common Test Project CMU Presentation Jason Weighley Manager Test Engineering.

Testing as a Driver for Development Change Wall Street Systems Graham Thomas.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Business and Information Technology Working Together for the Regulator Stephen Hord, Director of Product Development – UBmatrix.

Teaching material for a course in Software Project Management & Software Engineering – part V.

Requirements Engineering

2015 NetSymm Overview NETSYMM OVERVIEW December

Developing and Implementing a Constructivist Learning Environment: Tranlating Theory into Practice Dr. Doug Yarger, Dr. Rex Thomas, Dr. Peter Boysen Iowa.

Robert Aydelotte ExxonMobil - Upstream Technical Computing 13 May 2004 Standardizing Fluid Property Reporting.

Eurostat 1.SDMX: Background and purpose 1 Edward Cook Eurostat Unit B5: “Central data and metadata services” SDMX Basics course, October 2015.

Thursday August 20, 2009 John Anderson Page 1 Accelerator Interlock System Issues Flow Down of Requirements from the Safety Order to Engineered Safety.

Ontologies for the Semantic Web Prepared By: Tseliso Molukanele Rapelang Rabana Supervisor: Associate Professor Sonia Burman 20 July 2005.

Next Generation Logistics Transactions – Extensible Markup Language (XML) Kick-Off Meeting Welcome/Purpose Lt Col Ed Vicencio, Deputy Director Defense.

Automated Data Capture Technologies O It is often necessary or convenient to capture data automatically, for example the delivery of a package by an Cable.

Joint Information Systems Committee 09/03/2016 | | Slide 1 Toolkit and Demonstrator Calls Section Title Tish Roberts JISC programme Manager.

Michael Radloff, Martin Schultz 12th International Conference BPM 2014 Modeling Concepts for Internal Controls in Business Processes – an Empirically Grounded.

Tool Support for Testing Classify different types of test tools according to their purpose Explain the benefits of using test tools.

“Business first, technology's the tool.”. The Application Hosting business model is based on a very simple idea:  Install application software on powerful.

TGDC Meeting, July 2011 VVSG 1.1 Test Suite Status Mary Brady Manager, NIST Information Systems Group, Software and Systems Division, ITL

System Software Laboratory Databases and the Grid by Paul Watson University of Newcastle Grid Computing: Making the Global Infrastructure a Reality June.

Survey On Concern Separation in Service Integration by Tomas Cerny* and Michal J. Donahoo # * Czech Technical University, Czech Rep. # Baylor University,

Enterprise Service Bus

WP3 Security SQA INDIGO - DataCloud

License Plate Technology “Design for Camera Readability”

The First Steps To A Knowledge Management Database

It is great that we automate our tests, but why are they so bad?

Tools of Software Development

Semantic Web: Commercial Opportunities and Prospects

doc.: IEEE <doc#>

Requirements Engineering

Presentation transcript:

Towards Higher Assurance Software Construction via Aspects Thomas Llansó, Inventor

Background Software is ever more complex –Determining correctness very challenging What about software security functions? –Are they correct and properly integrated? –Often we hire independent labs to find out Employ an evaluation process (e.g., “Common Criteria”) Can be slow and costly (>6 months, >$100k)

Roots of the Problem Painful Integration –Security code… cuts across systems mixed in with application code hard to evolve over time –Integration via non-specialists Painful Evaluation –Manual, slow tracing –Extra scrutiny due to pedigree –Repeat as system evolves

What we want 1.improved security 2.easier integration What if we had a tool that could... –Automatically integrate security code –Enforce separation of duties –Allow automated tracing 3. faster evaluations 4. lower costs …even as software changes over time? requirements ↔ security code ↔ application code

Underlying Technology Key technologies/techniques in tool –Requirements Taxonomy –Aspects (from Aspect-Oriented programming) –Marker Annotations –XML for mappings / representation

Tool (“SRTD”)

Technology Applications Many stakeholders may find use for the tool StakeholderApplication Security DevelopersBuild and map security code Application DevelopersVerify mapping correctness Test PersonnelVerify code meets requirements System EvaluatorsRequirements ↔ Code tracing

Commercial Opportunities For technical information contact: Thomas Llanso, Inventor For licensing information contact: Norma Lee Todd, Technology Manager Office of Technology Transfer The Johns Hopkins University Applied Physics Laboratory Johns Hopkins Road Laurel, MD