Entries for month: December 2012

2012: The Research Year in Review

No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. SchmidtAs part of our mission to advance the practice of software engineering and cybersecurity through research and technology transition, our work focuses on ensuring the development and operation of software-reliant Department of Defense (DoD) systems with predictable and improved quality, schedule, and cost. To achieve this mission, the SEI conducts research and development (R&D) activities involving the DoD, federal agencies, industry, and academia. As we look back on 2012, this blog posting highlights our many R&D accomplishments.

Read more...

Ultimate Architecture Enforcement: Prevent Code Violations at Code-Commit Time

Architecture No Comments »

By Paulo Merson,
Visiting Scientist
Research, Technology, & System Solutions

Paulo Merson Occasionally this blog will highlight different posts from the SEI blogosphere. Today’s post by Paulo Merson, a senior member of the technical staff in the SEI’s Research, Technology, and System Solutions Program, is from the SATURN Network blog. This post explores Merson’s experience using Checkstyle and pre-commit hooks on Subversion to verify the conformance between code and architecture.

 

Read more...

Assessing the State of the Practice of Cyber Intelligence

Cyber-physical Systems 1 Comment »

By Troy Townsend,
Senior Analyst
SEI Emerging Technology Center

Troy Townsend The majority of research in cyber security focuses on incident response or network defense, either trying to keep the bad guys out or facilitating the isolation and clean-up when a computer is compromised. It’s hard to find a technology website that’s not touting articles on fielding better firewalls, patching operating systems, updating anti-virus signatures, and a slew of other technologies to help detect or block malicious actors from getting on your network. What’s missing from this picture is a proactive understanding of who the threats are and how they intend to use the cyber domain to get what they want. Our team of researchers—which included Andrew Mellinger, Melissa Ludwick, Jay McAllister, and Kate Ambrose Sereno—sought to help organizations bolster their cyber security posture by leveraging best practices in methodologies and technologies that provide a greater understanding of potential risks and threats in the cyber domain. This blog posting describes how we are approaching this challenge and what we have discovered thus far.

Read more...

Enabling and Measuring Early Detection of Insider Threats

Insider Threat No Comments »

By Dr. Bill Claycomb
Senior Member of the Technical Staff
CERT Insider Threat Center

William ClaycombSabotage of IT systems by employees (the so-called “inside threat”) is a serious problem facing many companies today.  Not only can data or computing systems be damaged, but outward-facing systems can be compromised to such an extent that customers cannot access an organization’s resources or products.  Previous blog postings  on the topic of insider threat have discussed mitigation patterns, controls that help identify insiders at risk of committing cyber crime, and the protection of next-generation DoD enterprise systems against insider threats through the capture, validation, and application of enterprise architectural patterns. This blog post describes our latest research in determining the indicators that insiders might demonstrate prior to attacks.

Read more...

Reflection on 20 Years of Software Architecture: A Presentation by Robert Schwanke

Architecture 2 Comments »

By Bill Pollak
Transition Manager
Research, Technology, & System Solutions

Bill PollakIt is widely recognized today that software architecture serves as the blueprint for both the system and the project developing it, defining the work assignments that must be performed by design and implementation teams. Architecture is the primary purveyor of system quality attributes that are hard to achieve without a unifying architecture; it’s also the conceptual glue that holds every phase of projects together for their many stakeholders. Last month, we presented two posting in a series from a panel at SATURN 2012 titled “Reflections on 20 Years of Software Architecture” that discussed the increased awareness of architecture as a primary means for achieving desired quality attributes and advances in software architecture practice for distributed real-time embedded systems during the past two decades. This blog posting—the next in the series—provides a lightly edited transcription of a presentation by Robert Schwanke, who reflected on four general problems in software architecture: modularity, systems of systems, maintainable architecture descriptions, and system architecture.

Read more...