Using Quality Attributes as a Means to Improve Acquisition Strategies

Acquisition , Architecture No Comments »

By Lisa Brownsword,
Senior Members of the Technical Staff

Lisa BrownswordAlthough software is increasingly important to the success of government programs, there is often little consideration given to its impact on early key program decisions. The Carnegie Mellon University Software Engineering Institute (SEI) is conducting a multi-phase research initiative aimed at answering the question: is the probability of a program’s success improved through deliberately producing a program acquisition strategy and software architecture that are mutually constrained and aligned? Moreover, can we develop a method that helps government program offices produce such alignment? This blog post, the third in a series on this multi-year research, describes our approach to determining how acquisition quality attributes can be expressed and used to facilitate alignment among the software architecture and acquisition strategy.

Read more...

Provenance Inference in Software

CERT , Malware No Comments »

By Will Casey
Senior Member of the Technical Staff
CERT Division

Will Casey Code clones are implementation patterns transferred from program to program via copy mechanisms including cut-and-paste, copy-and-paste, and code-reuse.  As a software engineering practice there has been significant debate about the value of code cloning. In its most basic form, code cloning may involve a codelet (snippets of code) that undergoes various forms of evolution, such as slight modification in response to problems.  Software reuse quickens the production cycle for augmented functions and data structures. So, if a programmer copies a codelet from one file into another with slight augmentations, a new clone has been created stemming from a founder codelet.  Events like these constitute the provenance or historical record of all events affecting a codelet object. This blog posting describes exploratory research that aims to understand the evolution of source and machine code and, eventually, create a model that can recover relationships between codes, files, or executable formats where the provenance is not known.

Read more...

The Latest Research from the SEI

Architecture , Cloud Computing , Insider Threat , System of Systems , Team Software Process (TSP) No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. SchmidtAs part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in systems of systems integration from an architectural perspective, unintentional insider threat that derives from social engineering, identifying physical security gaps in international mail processing centers and similar facilities, countermeasures used by cloud service providers, the Team Software Process (TSP), and key automation and analysis techniques. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website. 

Read more...

Security Pattern Assurance through Round-trip Engineering

Architecture No Comments »

By Rick Kazman
Senior Member of the Technical Staff
Software Solutions Division

Rick KazmanThe process of designing and analyzing software architectures is complex. Architectural design is a minimally constrained search through a vast multi-dimensional space of possibilities. The end result is that architects are seldom confident that they have done the job optimally, or even satisfactorily. Over the past two decades, practitioners and researchers have used architectural patterns to expedite sound software design. Architectural patterns are prepackaged chunks of design that provide proven structural solutions for achieving particular software system quality attributes, such as scalability or modifiability. While use of patterns has simplified the architectural design process somewhat, key challenges remain. This blog explores these challenges and our solutions for achieving system security qualities through use of patterns.

Read more...

The Importance of Software Architecture in Big Data Systems

Big Data 7 Comments »

By Ian Gorton
Senior Member of the Technical Staff
Software Solutions Division

Ian Gorton Many types of software systems, including big data applications, lend them themselves to highly incremental and iterative development approaches. In essence, system requirements are addressed in small batches, enabling the delivery of functional releases of the system at the end of every increment, typically once a month. The advantages of this approach are many and varied. Perhaps foremost is the fact that it constantly forces the validation of requirements and designs before too much progress is made in inappropriate directions.  Ambiguity and change in requirements, as well as uncertainty in design approaches, can be rapidly explored through working software systems, not simply models and documents. Necessary modifications can be carried out efficiently and cost-effectively through refactoring before code becomes too ‘baked’ and complex to easily change. This posting, the second in a series addressing the software engineering challenges of big data, explores how the nature of building highly scalable, long-lived big data applications influences iterative and incremental design approaches.

Read more...