Presentation is loading. Please wait.

Presentation is loading. Please wait.

High Confidence Software and Systems HCMDSS Workshop Brad Martin June 2, 2005.

Published byGregory Parrish Modified over 9 years ago

Similar presentations

Presentation on theme: "High Confidence Software and Systems HCMDSS Workshop Brad Martin June 2, 2005."— Presentation transcript:

1 High Confidence Software and Systems HCMDSS Workshop Brad Martin June 2, 2005

2 The Universe

3 Universal HCSS Research Goals  Provide a sound scientific and technological basis for assured construction of safe, secure systems  Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process  Reduce the effort, time, and cost of assurance and quality certification processes  Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption

4 HCSS Research Goals Provide a sound scientific and technological basis for assured construction of safe, secure system  Strategy: Develop supporting theory and scientific base for HCSS  Components: Theory, Specification, Interoperable Reasoning, Composition and Decomposition, etc.

5 HCSS Research Goals Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process  Strategy: Develop tools, technologies, and libraries to design and build large-scale systems  Components: Programming Languages, Tools, and Environments, Modeling and Simulation, HCSS Building Blocks, Monitoring, Detection, and Response, Evidence and Metrics, Process, etc.

6 HCSS Research Goals Reduce the effort, time, and cost of assurance and quality certification processes  Strategy: Deployment of HCSS engineering technology  Components: Engineering and Experimentation

7 HCSS Research Goals Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption  Strategy: Development of mature reference implementations, proofs-of-concept, tools, libraries, and techniques, conduct experiments  Components: Engineering and Experimentation

8 Universal HCSS Research Goals  Provide a sound scientific and technological basis for assured construction of safe, secure systems  Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process  Reduce the effort, time, and cost of assurance and quality certification processes  Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption

9 NSA HCSS Research Goals  Provide a sound scientific and technological basis for assured construction of safe, secure systems  Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process  Reduce the effort, time, and cost of assurance and quality certification processes  Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption

10 NSA HCSS Focus  Advocacy  Programming Methodologies  Static/Dynamic Analysis  Provide a sound scientific and technological basis for assured construction of safe, secure systems  Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process  Reduce the effort, time, and cost of assurance and quality certification processes  Provide a technology base of advanced-prototype implementations of high- confidence technologies to enable rapid adoption Focused on trusted development in support of domains of interest to NSA’s Information Assurance Directorate (e.g. cryptography, trusted computing, design validation)  Cryptography  Trusted Computing

11

12 Backup Slides

13 Programming Methodology: Trusted Development  Examples: Specware, Alloy, Spec#, B Method, Z  Strengths: Specification to guide code development  Issues: Interaction between structure and verification, domain formalization  Challenges: Modularity, concurrency, maintaining model/code correspondence  Theme: Generate correct code from high-level specifications instead of verifying low-level code

14 Static and Dynamic Analysis: Design Validation  Examples: ESC/Java, BANE, Ccured, Cyclone, Fluid, Polyspace, Prefix, CodeSurfer  Strengths: Buffer overruns, overflows, memory leaks, and race conditions.  Issues: Combining different SA, integrating SA and DA  Challenges: Efficiency, precision, sensitivity  Theme: Commercial tools are going to focus on bug-finding (how do we focus on the bugs that matter?)

15 Residents in the Universe  Industry  Academia  Government:  NSF: Cyber Trust, Science of Design, Embedded and Hybrid Systems  NASA: Computing, Information, and Communications, Mission Assurance, Software Assurance Program, Software Engineering Initiative, Highly Dependable Computing Platform Testbed  DARPA: Security-Aware Systems, Self-Regenerative Systems  NIST: Software Diagnostics and Conformance Testing Division, Computer Security Division  DHS: Cyber Security  AFRL: Software Protection Initiative  ARDA: Advanced IC Information Assurance  …..  Coming Soon??? - DoD’s Center for Assured Software  Design approaches for the construction of assured software  Effectively and efficiently examine code for vulnerabilities  Tools and techniques to detect malicious code  Metrics and methods to determine quantitatively that assurance is improving

Download ppt "High Confidence Software and Systems HCMDSS Workshop Brad Martin June 2, 2005."

Similar presentations

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Enterprise Architecture Rapid Assessment

Enterprise Architecture Rapid Assessment
Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology

Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
Writing Quality Specifications July 9, 2004 Mark Skall Acting Director, Information Technology Laboratory National Institute of Standards and Technology.

Writing Quality Specifications July 9, 2004 Mark Skall Acting Director, Information Technology Laboratory National Institute of Standards and Technology.
Job No/ 1 © British Crown Copyright 2008/MOD Developing a High Integrity Code Generator Using iUML/iCCG Sam Moody AWE plc, Aldermaston, Berkshire, United.

Job No/ 1 © British Crown Copyright 2008/MOD Developing a High Integrity Code Generator Using iUML/iCCG Sam Moody AWE plc, Aldermaston, Berkshire, United.
Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.

Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.
Reseach in DistriNet (department of computer science, K.U.Leuven) General overview and focus on embedded systems task-force.

Reseach in DistriNet (department of computer science, K.U.Leuven) General overview and focus on embedded systems task-force.
SERC Achievements and Program Direction Art Pyster Deputy Executive Director November, 2010 www.SERCuarc.org Note by R Peak 12/7/2010: This presentation.

SERC Achievements and Program Direction Art Pyster Deputy Executive Director November, Note by R Peak 12/7/2010: This presentation.
Systems Modeling and Analysis Using Colored Petri Nets Vijay Gehlot Center of Excellence in Enterprise Technology Department of Computing Sciences.

Systems Modeling and Analysis Using Colored Petri Nets Vijay Gehlot Center of Excellence in Enterprise Technology Department of Computing Sciences.
27 September 1999 Crisis Management William L. Scherlis Carnegie Mellon University School of Computer Science.

27 September 1999 Crisis Management William L. Scherlis Carnegie Mellon University School of Computer Science.
High Confidence Medical Device Software and Systems Workshop Planning Meeting Government Introduction November 16, 2004 Sally E. Howe, Ph.D. Associate.

High Confidence Medical Device Software and Systems Workshop Planning Meeting Government Introduction November 16, 2004 Sally E. Howe, Ph.D. Associate.
High Confidence Medical Device Software and Systems: A programming languages and tools perspective Mark P Jones Department of Computer Science & Electrical.

High Confidence Medical Device Software and Systems: A programming languages and tools perspective Mark P Jones Department of Computer Science & Electrical.
End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI 48019-2122.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI
The Systems Assurance Group Dr Jaspal Sagoo Systems Assurance Group QinetiQ Trusted Information Management Malvern Technology Centre.

The Systems Assurance Group Dr Jaspal Sagoo Systems Assurance Group QinetiQ Trusted Information Management Malvern Technology Centre.
Introduction to Software Testing

Introduction to Software Testing
This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.

This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.
Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.

Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.
SKA-cba-ase 031119 1 NSF and Science of Design Avogadro Scale Engineering Center for Bits & Atoms November 18-19, 2003 Kamal Abdali Computing & Communication.

SKA-cba-ase NSF and Science of Design Avogadro Scale Engineering Center for Bits & Atoms November 18-19, 2003 Kamal Abdali Computing & Communication.
Process: A Generic View

Process: A Generic View

Similar presentations

Ads by Google