1 / 15

High Confidence Software and Systems HCMDSS Workshop

High Confidence Software and Systems HCMDSS Workshop. Brad Martin June 2, 2005. The Universe. Universal HCSS Research Goals. Provide a sound scientific and technological basis for assured construction of safe, secure systems

clau
Download Presentation

High Confidence Software and Systems HCMDSS Workshop

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. High Confidence Software and SystemsHCMDSS Workshop Brad Martin June 2, 2005

  2. The Universe

  3. Universal HCSS Research Goals • Provide a sound scientific and technological basis for assured construction of safe, secure systems • Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process • Reduce the effort, time, and cost of assurance and quality certification processes • Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption

  4. HCSS Research Goals Provide a sound scientific and technological basis for assured construction of safe, secure system • Strategy: Develop supporting theory and scientific base for HCSS • Components: Theory, Specification, Interoperable Reasoning, Composition and Decomposition, etc.

  5. HCSS Research Goals Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process • Strategy: Develop tools, technologies, and libraries to design and build large-scale systems • Components: Programming Languages, Tools, and Environments, Modeling and Simulation, HCSS Building Blocks, Monitoring, Detection, and Response, Evidence and Metrics, Process, etc.

  6. HCSS Research Goals Reduce the effort, time, and cost of assurance and quality certification processes • Strategy: Deployment of HCSS engineering technology • Components: Engineering and Experimentation

  7. HCSS Research Goals Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption • Strategy: Development of mature reference implementations, proofs-of-concept, tools, libraries, and techniques, conduct experiments • Components: Engineering and Experimentation

  8. Universal HCSS Research Goals • Provide a sound scientific and technological basis for assured construction of safe, secure systems • Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process • Reduce the effort, time, and cost of assurance and quality certification processes • Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption

  9. NSA HCSS Research Goals • Provide a sound scientific and technological basis for assured construction of safe, secure systems • Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process • Reduce the effort, time, and cost of assurance and quality certification processes • Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption

  10. NSA HCSS Focus • Provide a sound scientific and technological basis for assured construction of safe, secure systems • Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process • Reduce the effort, time, and cost of assurance and quality certification processes • Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption Focused on trusted development in support of domains of interest to NSA’s Information Assurance Directorate (e.g. cryptography, trusted computing, design validation) • Advocacy • Programming Methodologies • Static/Dynamic Analysis • Cryptography • Trusted Computing

  11. Backup Slides

  12. Programming Methodology: Trusted Development • Examples: Specware, Alloy, Spec#, B Method, Z • Strengths: Specification to guide code development • Issues: Interaction between structure and verification, domain formalization • Challenges: Modularity, concurrency, maintaining model/code correspondence • Theme: Generate correct code from high-level specifications instead of verifying low-level code

  13. Static and Dynamic Analysis:Design Validation • Examples: ESC/Java, BANE, Ccured, Cyclone, Fluid, Polyspace, Prefix, CodeSurfer • Strengths: Buffer overruns, overflows, memory leaks, and race conditions. • Issues: Combining different SA, integrating SA and DA • Challenges: Efficiency, precision, sensitivity • Theme: Commercial tools are going to focus on bug-finding (how do we focus on the bugs that matter?)

  14. Residents in the Universe • Industry • Academia • Government: • NSF: Cyber Trust, Science of Design, Embedded and Hybrid Systems • NASA: Computing, Information, and Communications, Mission Assurance, Software Assurance Program, Software Engineering Initiative, Highly Dependable Computing Platform Testbed • DARPA: Security-Aware Systems, Self-Regenerative Systems • NIST: Software Diagnostics and Conformance Testing Division, Computer Security Division • DHS: Cyber Security • AFRL: Software Protection Initiative • ARDA: Advanced IC Information Assurance • ….. • Coming Soon??? - DoD’s Center for Assured Software • Design approaches for the construction of assured software • Effectively and efficiently examine code for vulnerabilities • Tools and techniques to detect malicious code • Metrics and methods to determine quantitatively that assurance is improving

More Related