The SPRUCE Series: Recommended Practices in the Software Development of Safety-Critical Systems

Architecture , Mission Thread Workshop No Comments »

By Kevin Fall 
Deputy Director, Research, and Chief Technology Officer

Kevin FallSoftware and acquisition professionals often have questions about recommended practices related to modern software development methods, techniques, and tools, such as how to apply agile methods in government acquisition frameworks,systematic verification and validation of safety-critical systems, and operational risk management.  In the Department of Defense (DoD), these techniques are just a few of the options available to face the myriad challenges in producing large, secure software-reliant systems on schedule and within budget.

In an effort to offer our assessment of recommended techniques in these areas, SEI built upon an existing collaborative online environment known as SPRUCE (Systems and Software Producibility Collaboration Environment), hosted on the Cyber Security & Information Systems Information Analysis Center (CSIAC)website. From June 2013 to June 2014, the SEI assembled guidance on a variety of topics based on relevance, maturity of the practices described, and the timeliness with respect to current events.  For example, shortly after the Target security breach of late 2013, we selected Managing Operational Resilience as a topic.

Ultimately, SEI curated recommended practices on five software topics: Agile at ScaleSafety-Critical SystemsMonitoring Software-Intensive System Acquisition ProgramsManaging Intellectual Property in the Acquisition of Software-Intensive Systems, and Managing Operational Resilience. In addition to a recently published paper on SEI efforts and individual posts on the SPRUCE site, these recommended practices will be published in a series of posts on the SEI blog.  This post, the first in a series by Peter Feiler, Julien Delange, and Charles Weinstock, presents the challenges in developing systems for safety-critical systems and then introduces the first three technical best practices for the software development of safety-critical systems. The second post in the series will present the remaining five practices.


Container Security in DevOps

DevOps , DevOps Tips 3 Comments »

By Chris Taschner
Senior Research Engineer
CERT Cyber Security Solutions Directive

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Chris Taschner Container-based virtualization platforms provide a means to run multiple applications in separate instances. Container technologies can provide significant benefits to DevOps, including increased scalability, resource efficiency, and resiliency. Unless containers are decoupled from the host system, however, there will be the potential for security problems. Until that decoupling happens, this blog posting describes why administrators should keep a close eye on the privilege levels given to applications running within the containers and to users accessing the host system.


AADL Code Generation for Avionics Systems

Architecture , Architecture Analysis & Design Language (AADL) No Comments »

By Julien Delange
Member of the Technical Staff
Software Solutions Division

Julien DelangeUsing the Architecture Analysis & Design Language (AADL) modeling notation early in the development process not only helps the development team detect design errors before implementation, but also supports implementation efforts and produces high-quality code. Our recent blog posts and webinar have shown how AADL can identify potential design errors and help avoid propagating them through the development process, where remediation can require massive re-engineering, delay the schedule, and increase costs. Verified specifications, however, are still implemented manually, which can lead to additional errors and might break previously verified assumptions and requirements. For these reasons, code production should be automated to preserve system specifications throughout the development process. This blog post focuses on generating code from AADL and generating configuration files for ARINC653 systems, which are used by the avionics community.


Aircraft Systems: Three Principles for Mitigating Complexity

Systems Engineering No Comments »

By Sarah Sheard
Member of the Technical Staff
Software Solutions Division

This post is the first in a series introducing our research into software and system complexity and its impact in avionics.

Sarah Sheard On July 6, 2013, an Asiana Airlines Boeing 777 airplane flying from Seoul, South Korea, crashed on final approach into San Francisco International airport. While 304 of the 307 passengers and crew members on board survived, almost 200 were injured (10 critically) and three young women died. The National Transportation Safety Board (NTSB) blamed the crash on the pilots, but also said “the complexity of the Boeing 777’s auto throttle and auto flight director—two of the plane’s key systems for controlling flight—contributed to the accident.” In a news report, acting NTSB chairman Christopher Hart stated that “The flight crew over-relied on automated systems that they did not fully understand." The NTSB report on the crash called for “reduced design complexity” and enhanced training on the airplane’s autoflight system, among other remediations. Since complexity is a vague concept, it is important to determine exactly what it means in a particular setting. This blog post describes a research area that the Carnegie Mellon University Software Engineering Institute (SEI) is undertaking to address the complexity of aircraft systems and software.


The Benefits of High Frequency Testing

DevOps , DevOps Tips No Comments »

By Todd Waits
Project Lead
CERT Cyber Security Solutions Directorate

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Todd Waits At a recent workshop we hosted, a participant asked why the release frequency was so high in a DevOps environment. When working with significant legacy applications, release may be a once-in-a-year type event, and the prospect of releasing more frequently sends the engineering teams running for the hills. More frequent releases are made possible by properly implementing risk mitigation processes, including automated testing and deployment. With these processes in place, all stakeholders can be confident that frequent releases will be successful.