Entries for month: May 2012

The Latest Research Reports from the SEI

Architecture , Architecture Analysis & Design Language (AADL) , CERT No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. SchmidtHappy Memorial Day. As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in architecture analysis, patterns for insider threat monitoring, source code analysis and insider threat security reference architecture. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.


Group-Context-Aware Mobile Applications

Handheld Devices , Tactical Systems 2 Comments »

By Marc Novakouski,
Member of the Technical Staff
Research, Technology & System Solutions

Marc NovakouskiOur modern data infrastructure has become very effective at getting the information you need, when you need it. This infrastructure has become so effective that we rely on having instant access to information in many aspects of our lives.  Unfortunately, there are still situations in which the data infrastructure cannot meet our needs due to various limitations at the tactical edge, which is a term used to describe hostile environments with limited resources, from war zones in Afghanistan to disaster relief in countries like Haiti and Japan. This blog post describes our ongoing research in the Advanced Mobile Systems initiative at the SEI on edge-enabled tactical systems to address problems at the tactical edge.


New SIEM Signature Developed to Address Insider Threats

Insider Threat , CERT No Comments »

By Randy Trzeciak
Senior Member of the Technical Staff
The CERT Program

Randy TrzeciakAccording to the 2011 CyberSecurity Watch Survey, approximately 21 percent of cyber crimes against organizations are committed by insiders. Of the 607 organizations participating in the survey, 46 percent stated that the damage caused by insiders was more significant than the damage caused by outsiders. Over the past 11 years, researchers at the CERT Insider Threat Center have documented incidents related to malicious insider activity. Their sources include media reports, the courts, the United States Secret Service, victim organizations, and interviews with convicted felons. From these cases, CERT researchers have identified four models of insider threat behavior: (1) information technology (IT) sabotage, (2) fraud, (3) national security/espionage, and (4) theft of intellectual property (IP). Using those patterns, our researchers have developed network monitoring controls that combine technological tools with behavioral indicators to warn network traffic analysts of potential malicious behavior. While these controls do not necessarily identify ongoing cyber crimes, they may identify behaviors of at-risk insiders that an organization should consider for further investigation. This blog posting, the second in a series highlighting controls developed by the CERT Insider Threat Center, explores controls developed to prevent, identify, or detect IT sabotage.


Towards Common Operating Platform Environments, Second in a Series

Common Operating Platform Environments (COPEs) , Architecture No Comments »

Part 2: Understanding Success Drivers
By Douglas C. Schmidt,
Principal Researcher

Douglas C. SchmidtCommon operating platform environments (COPEs) are reusable software infrastructures that incorporate open standards; define portable interfaces, interoperable protocols, and data models; offer complete design disclosure; and have a modular, loosely coupled, and well-articulated software architecture that provides applications and end users with many shared capabilities. COPEs can help reduce recurring engineering costs, as well as enable developers to build better and more powerful applications atop a COPE, rather than wrestling repeatedly with tedious and error-prone infrastructure concerns. Despite technical advances during the past decade, however, building affordable and dependable COPE-based solutions for the DoD remains elusive. This blog posting—the second in a three-part series—builds upon the first posting to describe key success drivers for COPEs that proactively and intentionally exploit commonality across multiple DoD acquisition programs.