By Julien Delange
Senior Member of the Technical Staff
Research Technology & System Solutions
a system fails, engineers too often focus on the physical components,
but pay scant attention to the software. In software-reliant systems
ignoring or deemphasizing the importance of software failures can be a
recipe for disaster. This blog post is the first in a series on recent
developments with the Architecture Analysis Design Language (AADL) standard.
Future posts will explore recent tools and projects associated with
AADL, which provides formal modeling concepts for the description and
analysis of application systems architecture in terms of distinct
components and their interactions. As this series will demonstrate, the
use of AADL helps alleviate mismatched assumptions between the hardware,
software, and their interactions that can lead to system failures.
By Grace Lewis
Edge-Enabled Tactical Systems Research
2011, Col. Timothy Hill, director of the Futures Directorate within the
Army Intelligence and Security Command, urged industry to take a more
open-standards approach to cloud computing. “Interoperability
between clouds, as well as the portability of files from one cloud to
another, has been a sticking point in general adoption of cloud
computing,” Hill said during a panel at the AFCEA International 2011 Joint Warfighting Conference.
Hill’s view has been echoed by many in the cloud computing community,
who believe that the absence of interoperability has become a barrier to
adoption. This posting reports on recent research exploring the role of standards in cloud computing and offers recommendations for future standardization efforts.
By Bill Scherlis
SEI Principal Researcher and Director, Institute for Software Research
of the principal challenges faced by developers, managers, and
researchers in software engineering and cybersecurity involve measurement and evaluation. In two previous blog posts,
I summarized some features of the overall SEI Technology Strategy. This
post focuses on how the SEI measures and evaluates its research program
to help ensure these activities address the most significant and
pervasive problems for the Department of Defense (DoD). Our goal is to
conduct projects that are technically challenging and whose solution
will make a significant difference in the development and operation of
software-reliant systems. In this post we’ll describe the process used
to measure and evaluate the progress of initiated projects at the SEI to
help maximum their potential for success.
By Austin Whisnant
Member of the Technical Staff
The CERT Network Situational Awareness Team
what assets are on a network, particularly which assets are visible to
outsiders, is an important step in achieving network situational
awareness. This awareness is particularly important for large,
enterprise-class networks, such as those of telephone, mobile, and
internet providers. These providers find it hard to track hosts,
servers, data sets, and other vulnerable assets in the network.
Exposed vulnerable assets make a network a target of opportunity, or “low-hanging fruit” for attackers. According to the 2012 Data Breach Investigations Report,
of the 855 incidents of corporate data theft reported in 2012, 174
million records were compromised. Of that figure, 79 percent of victims
were targets of opportunity because they had an easily exploitable
weakness, according to the report. This blog post highlights recent
research in how a network administrator can use network flow data to
create a profile of externally-facing assets on mid- to large-sized
By Douglas C. Schmidt
part of an ongoing effort to keep you informed about our latest work,
I’d like to let you know about some recently published SEI technical
reports and notes. These reports highlight the latest work of SEI
technologists in and systems engineering, resilience, and insider threat.
This post includes a listing of each report, author(s), and links where
the published reports can be accessed on the SEI website.