High Confidence Software and Systems HCMDSS Workshop Brad Martin June 2, 2005.

Slides:

Advertisements

Similar presentations

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Advertisements

Enterprise Architecture Rapid Assessment

Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

Writing Quality Specifications July 9, 2004 Mark Skall Acting Director, Information Technology Laboratory National Institute of Standards and Technology.

Job No/ 1 © British Crown Copyright 2008/MOD Developing a High Integrity Code Generator Using iUML/iCCG Sam Moody AWE plc, Aldermaston, Berkshire, United.

Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.

Reseach in DistriNet (department of computer science, K.U.Leuven) General overview and focus on embedded systems task-force.

SERC Achievements and Program Direction Art Pyster Deputy Executive Director November, Note by R Peak 12/7/2010: This presentation.

Systems Modeling and Analysis Using Colored Petri Nets Vijay Gehlot Center of Excellence in Enterprise Technology Department of Computing Sciences.

27 September 1999 Crisis Management William L. Scherlis Carnegie Mellon University School of Computer Science.

High Confidence Medical Device Software and Systems Workshop Planning Meeting Government Introduction November 16, 2004 Sally E. Howe, Ph.D. Associate.

High Confidence Medical Device Software and Systems: A programming languages and tools perspective Mark P Jones Department of Computer Science & Electrical.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI

The Systems Assurance Group Dr Jaspal Sagoo Systems Assurance Group QinetiQ Trusted Information Management Malvern Technology Centre.

Introduction to Software Testing

This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.

Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.

SKA-cba-ase NSF and Science of Design Avogadro Scale Engineering Center for Bits & Atoms November 18-19, 2003 Kamal Abdali Computing & Communication.

Process: A Generic View

CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.

Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.

© Siemens AG, CT SE 1, Dr. A. Ulrich C O R P O R A T E T E C H N O L O G Y Research at Siemens CT SE Software & Engineering Development Techniques.

High Confidence Medical Device Software and Systems Workshop: Government Participants and their Expectations June 2 – 3, 2005 Sally E. Howe, Ph.D. Associate.

Towards Scalable Modular Checking of User-defined Properties Thomas Ball, MSR Brian Hackett, Mozilla Shuvendu Lahiri, MSR Shaz Qadeer, MSR Julien Vanegue,

Abstract This talk focuses on the strategy and research agenda developed and being implemented by the High Confidence Software and Systems group at the.

Software Engineering ‘The establishment and use of sound engineering principles (methods) in order to obtain economically software that is reliable and.

1 Chapter 2 The Process. 2 Process  What is it?  Who does it?  Why is it important?  What are the steps?  What is the work product?  How to ensure.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Computer Science and Engineering 1 Cloud ComputingSecurity.

CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.

What is a life cycle model? Framework under which a software product is going to be developed. – Defines the phases that the product under development.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Advanced Technology Center Slide 1 Requirements-Based Testing Dr. Mats P. E. Heimdahl University of Minnesota Software Engineering Center Dr. Steven P.

Chapter 2 Process: A Generic View

ESA/ESTEC, TEC-QQS August 8, 2005 SAS_05_ESA SW PA R&D_Winzer,Prades Slide 1 Software Product Assurance (PA) R&D Road mapping Activities ESA/ESTEC TEC-QQS.

EMI INFSO-RI SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.

Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.

Research Heaven, West Virginia A Compositional Approach for Validation of Formal Models Bojan Cukic, Dejan Desovski West Virginia University NASA OSMA.

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

Radar Open Systems Architectures

Revitalizing High-End Computing – Progress Report July 14, 2004 Dave Nelson (NCO) with thanks to John Grosh (DoD)

1 Introduction to Software Engineering Lecture 1.

21-22 May 2004IMPROQ 2004 / Impact of SW Processes on Quality Workshop 1 Quality for Components: Component and Component- Based Software Quality Issues.

Programmable Logic Educating Assurance Engineers NASA Glenn Research Center Kalynnda Berens (PI) Jackie Somos (Course designer)

Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.

Page 1 Advanced Technology Center HCSS 03 – April 2003 vFaat: von Neumann Formal Analysis and Annotation Tool David Greve Dr. Matthew Wilding Rockwell.

International Workshop Jan 21– 24, 2012 Jacksonville, Fl USA Model-based Systems Engineering (MBSE) Initiative Slides by Henson Graves Presented by Matthew.

National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.

E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.

Tuesday October 25, 2005 Preview SoBeNeT- II project.

Hosted by: Institute for Software Integrated Systems (ISIS) Vanderbilt University Software Reliability for FCS Discussion Format May 18-19, 2004 ARO Workshop.

International Telecommunication Union © ITU-T Study Group 17 Integrated Application of SDL Amardeo Sarma NEC Europe Ltd.

Software Engineering Introduction.

ARO Workshop Wendy Roll - May 2004 Topic 4: Effects of software certification on the current balance between software/system modeling, analysis and testing.

Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas Cyber Security Research on Engineering Solutions Dr. Bhavani.

Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory.

SE513 Software Quality Assurance Lecture12: Software Reliability and Quality Management Standards.

Expedition Workshop Strategic Leadership For Networking and Information Technology Education September 16, 2008 Chris Greer Director, NCO.

ARO Workshop Wendy Roll - May 2004 Topic 4: Effects of software certification on the current balance between software/system modeling, analysis and testing.

National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Bill Fisher Security Engineer National.

February 14, 2013 Center for Hybrid and Embedded Software Systems Organization Faculty Edward A. Lee, EECS Alberto Sangiovanni-Vincentelli,

1 Ontological Foundations For SysML Henson Graves September 2010.

Seventeen (17) Principles of Internal Cont New Gov’t Internal Control Standards.

Testbed for Medical Cyber-Physical Systems

Software Design Methodology

Retargetable Model-Based Code Generation in Ptolemy II

Engineering Autonomy Mr. Robert Gold Director, Engineering Enterprise

An overview of the CHESS Center

Computer Science and Engineering

Presentation transcript:

High Confidence Software and Systems HCMDSS Workshop Brad Martin June 2, 2005

The Universe

Universal HCSS Research Goals  Provide a sound scientific and technological basis for assured construction of safe, secure systems  Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process  Reduce the effort, time, and cost of assurance and quality certification processes  Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption

HCSS Research Goals Provide a sound scientific and technological basis for assured construction of safe, secure system  Strategy: Develop supporting theory and scientific base for HCSS  Components: Theory, Specification, Interoperable Reasoning, Composition and Decomposition, etc.

HCSS Research Goals Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process  Strategy: Develop tools, technologies, and libraries to design and build large-scale systems  Components: Programming Languages, Tools, and Environments, Modeling and Simulation, HCSS Building Blocks, Monitoring, Detection, and Response, Evidence and Metrics, Process, etc.

HCSS Research Goals Reduce the effort, time, and cost of assurance and quality certification processes  Strategy: Deployment of HCSS engineering technology  Components: Engineering and Experimentation

HCSS Research Goals Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption  Strategy: Development of mature reference implementations, proofs-of-concept, tools, libraries, and techniques, conduct experiments  Components: Engineering and Experimentation

Universal HCSS Research Goals  Provide a sound scientific and technological basis for assured construction of safe, secure systems  Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process  Reduce the effort, time, and cost of assurance and quality certification processes  Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption

NSA HCSS Research Goals  Provide a sound scientific and technological basis for assured construction of safe, secure systems  Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process  Reduce the effort, time, and cost of assurance and quality certification processes  Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption

NSA HCSS Focus  Advocacy  Programming Methodologies  Static/Dynamic Analysis  Provide a sound scientific and technological basis for assured construction of safe, secure systems  Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process  Reduce the effort, time, and cost of assurance and quality certification processes  Provide a technology base of advanced-prototype implementations of high- confidence technologies to enable rapid adoption Focused on trusted development in support of domains of interest to NSA’s Information Assurance Directorate (e.g. cryptography, trusted computing, design validation)  Cryptography  Trusted Computing

Backup Slides

Programming Methodology: Trusted Development  Examples: Specware, Alloy, Spec#, B Method, Z  Strengths: Specification to guide code development  Issues: Interaction between structure and verification, domain formalization  Challenges: Modularity, concurrency, maintaining model/code correspondence  Theme: Generate correct code from high-level specifications instead of verifying low-level code

Static and Dynamic Analysis: Design Validation  Examples: ESC/Java, BANE, Ccured, Cyclone, Fluid, Polyspace, Prefix, CodeSurfer  Strengths: Buffer overruns, overflows, memory leaks, and race conditions.  Issues: Combining different SA, integrating SA and DA  Challenges: Efficiency, precision, sensitivity  Theme: Commercial tools are going to focus on bug-finding (how do we focus on the bugs that matter?)

Residents in the Universe  Industry  Academia  Government:  NSF: Cyber Trust, Science of Design, Embedded and Hybrid Systems  NASA: Computing, Information, and Communications, Mission Assurance, Software Assurance Program, Software Engineering Initiative, Highly Dependable Computing Platform Testbed  DARPA: Security-Aware Systems, Self-Regenerative Systems  NIST: Software Diagnostics and Conformance Testing Division, Computer Security Division  DHS: Cyber Security  AFRL: Software Protection Initiative  ARDA: Advanced IC Information Assurance  …..  Coming Soon??? - DoD’s Center for Assured Software  Design approaches for the construction of assured software  Effectively and efficiently examine code for vulnerabilities  Tools and techniques to detect malicious code  Metrics and methods to determine quantitatively that assurance is improving