150 likes | 311 Views
High Confidence Software and Systems HCMDSS Workshop. Brad Martin June 2, 2005. The Universe. Universal HCSS Research Goals. Provide a sound scientific and technological basis for assured construction of safe, secure systems
E N D
High Confidence Software and SystemsHCMDSS Workshop Brad Martin June 2, 2005
Universal HCSS Research Goals • Provide a sound scientific and technological basis for assured construction of safe, secure systems • Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process • Reduce the effort, time, and cost of assurance and quality certification processes • Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption
HCSS Research Goals Provide a sound scientific and technological basis for assured construction of safe, secure system • Strategy: Develop supporting theory and scientific base for HCSS • Components: Theory, Specification, Interoperable Reasoning, Composition and Decomposition, etc.
HCSS Research Goals Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process • Strategy: Develop tools, technologies, and libraries to design and build large-scale systems • Components: Programming Languages, Tools, and Environments, Modeling and Simulation, HCSS Building Blocks, Monitoring, Detection, and Response, Evidence and Metrics, Process, etc.
HCSS Research Goals Reduce the effort, time, and cost of assurance and quality certification processes • Strategy: Deployment of HCSS engineering technology • Components: Engineering and Experimentation
HCSS Research Goals Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption • Strategy: Development of mature reference implementations, proofs-of-concept, tools, libraries, and techniques, conduct experiments • Components: Engineering and Experimentation
Universal HCSS Research Goals • Provide a sound scientific and technological basis for assured construction of safe, secure systems • Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process • Reduce the effort, time, and cost of assurance and quality certification processes • Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption
NSA HCSS Research Goals • Provide a sound scientific and technological basis for assured construction of safe, secure systems • Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process • Reduce the effort, time, and cost of assurance and quality certification processes • Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption
NSA HCSS Focus • Provide a sound scientific and technological basis for assured construction of safe, secure systems • Develop software and system engineering tool capabilities to achieve application-based, problem domain-based, and risk-based assurance, and broadly embed these capabilities within the system engineering process • Reduce the effort, time, and cost of assurance and quality certification processes • Provide a technology base of advanced-prototype implementations of high-confidence technologies to enable rapid adoption Focused on trusted development in support of domains of interest to NSA’s Information Assurance Directorate (e.g. cryptography, trusted computing, design validation) • Advocacy • Programming Methodologies • Static/Dynamic Analysis • Cryptography • Trusted Computing
Programming Methodology: Trusted Development • Examples: Specware, Alloy, Spec#, B Method, Z • Strengths: Specification to guide code development • Issues: Interaction between structure and verification, domain formalization • Challenges: Modularity, concurrency, maintaining model/code correspondence • Theme: Generate correct code from high-level specifications instead of verifying low-level code
Static and Dynamic Analysis:Design Validation • Examples: ESC/Java, BANE, Ccured, Cyclone, Fluid, Polyspace, Prefix, CodeSurfer • Strengths: Buffer overruns, overflows, memory leaks, and race conditions. • Issues: Combining different SA, integrating SA and DA • Challenges: Efficiency, precision, sensitivity • Theme: Commercial tools are going to focus on bug-finding (how do we focus on the bugs that matter?)
Residents in the Universe • Industry • Academia • Government: • NSF: Cyber Trust, Science of Design, Embedded and Hybrid Systems • NASA: Computing, Information, and Communications, Mission Assurance, Software Assurance Program, Software Engineering Initiative, Highly Dependable Computing Platform Testbed • DARPA: Security-Aware Systems, Self-Regenerative Systems • NIST: Software Diagnostics and Conformance Testing Division, Computer Security Division • DHS: Cyber Security • AFRL: Software Protection Initiative • ARDA: Advanced IC Information Assurance • ….. • Coming Soon??? - DoD’s Center for Assured Software • Design approaches for the construction of assured software • Effectively and efficiently examine code for vulnerabilities • Tools and techniques to detect malicious code • Metrics and methods to determine quantitatively that assurance is improving