Entries for month: October 2013

Analyzing Routing Tables

CERT No Comments »

By Timur Snoke
Member of the Technical Staff
CERT Network Situational Awareness Team
Timur Snoke

Occasionally this blog will highlight different posts from the SEI blogosphere. Today we are highlighting a post from the CERT/CC Blog by Timur Snoke, a member of the technical staff in the SEI’s CERT Division. This post describes maps that Timur has developed using Border Gateway Protocol (BGP) routing tables to show the evolution of public-facing autonomous system numbers (ASN). These maps help analysts inspect the BPG routing tables to reveal disruptions to an organization’s infrastructure. They also help analysts glean geopolitical information for an organization, country, or a city-state, which helps them identify how and when network traffic is subverted to travel nefarious alternative paths to place communications deliberately at risk.

Read more...

AADL: SAVI and Beyond

Architecture Analysis & Design Language (AADL) No Comments »

By Julien Delange,
Senior Member of the Technical Staff
Software Solutions Division

Julien DelangeThe size and complexity of aerospace software systems has increased significantly in recent years. When looking at source lines of code (SLOC), the size of systems has doubled every four years since the mid 1990s, according to a recent SEI technical report. The 27 million SLOC that will be produced from 2010 to 2020 is expected to exceed $10 billion. These increases in size and cost have also been accompanied by significant increases in errors and rework after a system has been deployed. Mismatched assumptions between hardware, software, and their interactions often result in system problems that are detected only after the system has been deployed when rework is much more expensive to complete. To address this problem, the Society of Automotive Engineers (SAE) released the Architecture Analysis & Design Language (AADL), which helps software and system architects address the challenges of designing life- and safety-critical systems by providing a modeling notation with well defined real-time and architectural semantics that employ textual and graphic representations. This blog posting, part of an ongoing series on AADL, describes the use of AADL in the aerospace industry to improve safety and reliability.

Read more...

Addressing the Software Engineering Challenges of Big Data

Big Data No Comments »

By Ian Gorton
Senior Member of the Technical Staff
Software Solutions Division
(This blog post was co-authored by John Klein)

Ian GortonNew data sources, ranging from diverse business transactions to social media, high-resolution sensors, and the Internet of Things, are creating a digital tidal wave of big data that must be captured, processed, integrated, analyzed, and archived. Big data systems storing and analyzing petabytes of data are becoming increasingly common in many application areas. These systems represent major, long-term investments requiring considerable financial commitments and massive scale software and system deployments. With analysts estimating data storage growth at 30 to 60 percent per year, organizations must develop a long-term strategy to address the challenge of managing projects that analyze exponentially growing data sets with predictable, linear costs. This blog post describes a lightweight risk reduction approach called Lightweight Evaluation and Architecture Prototyping (for Big Data) we developed with fellow researchers at the SEI. The approach is based on principles drawn from proven architecture and technology analysis and evaluation techniques to help the Department of Defense (DoD) and other enterprises develop and evolve systems to manage big data.

Read more...

AADL: Initial Foundations

Architecture Analysis & Design Language (AADL) No Comments »

By Julien Delange,
Senior Member of the Technical Staff
Software Solutions Division

Julien Delange When life- and safety-critical systems fail (and this happens in many domains), the results can be dire, including loss of property and life. These types of systems are increasingly prevalent, and can be found in the altitude and control systems of a satellite, the software-reliant systems of a car (such as its cruise control and anti-lock braking system), or medical devices that emit radiation. When developing such systems, software and systems architects must balance the need for stability and safety with stakeholder demands and time-to-market constraints. The Architectural Analysis & Design Language (AADL) helps software and system architects address the challenges of designing life- and safety-critical systems by providing a modeling notation with well-defined real-time and architectural semantics that employ textual and graphic representations. This blog posting, part of an ongoing series on AADL, focuses on the initial foundations of AADL.

Read more...

Vulnerabilities and Attack Vectors

CERT No Comments »

By Will Dormann
Senior Member of the Technical Staff
CERT Vulnerability Analysis Team

Will DormannOccasionally this blog will highlight different posts from the SEI blogosphere. Today we are highlighting a recent post by Will Dormann, a senior member of the technical staff in the SEI’s CERT Division, from the CERT/CC  Blog. This post describes a few of the more interesting cases that Dormann has encountered in his work investigating attack vectors for potential vulnerabilities. An attack vector is the method that malicious code uses to propagate itself or infect a computer to deliver a payload or harmful outcome by exploiting system vulnerabilities.

Read more...