Thread Safety Analysis in C and C++

Concurrency Analysis , Secure Coding , Thread Role Analysis No Comments »

By Aaron Ballman
Senior Member of the Technical Staff
CERT Secure Coding Initiative

Aaron BallmanWith the rise of multi-core processors, concurrency has become increasingly common. The broader use of concurrency, however, has been accompanied by new challenges for programmers, who struggle to avoid race conditions and other concurrent memory access hazards when writing multi-threaded programs. The problem with concurrency is that many programmers have been trained to think sequentially, so when multiple threads execute concurrently, they struggle to visualize those threads executing in parallel. When two threads attempt to access the same unprotected region of memory concurrently (one reading, one writing) logical inconsistencies can arise in the program, which can yield security concerns that are hard to detect. The ongoing struggle with concurrent threads of execution has introduced a whole class of concurrency-related issues, from race conditions to deadlock. Developers need help writing concurrent code correctly. This post, the second in a series on concurrency analysis, introduces Clang Thread Safety Analysis, a tool that was developed as part of a collaboration between Google and and the Secure Coding Initiative in the SEI's CERT Division. Clang Thread Safety Analysis uses annotations to declare and enforce thread safety policies in C and C++ programs.


Code Generation with AADL: A State-of-the-Art Report

Architecture , Architecture Analysis & Design Language (AADL) No Comments »

By Julien Delange 
Member of the Technical Staff
Software Solutions Division

Dr. Julien DelangeGiven that up to 70 percent of system errors are introduced during the design phase, stakeholders need a modeling language that will ensure both requirements enforcement during the development process and the correct implementation of these requirements. Previous work demonstrates that using the Architecture Analysis & Design Language (AADL) early in the development process not only helps detect design errors before implementation, but also supports implementation efforts and produces high-quality code. Our latest blog posts anda recent webinar have shown how AADL can identify potential design errors and avoid propagating them through the development process. Verified specifications, however, are still implemented manually. This manual process is labor intensive and error prone, and it introduces errors that might break previously verified assumptions and requirements. For these reasons, code production should be automated to preserve system specifications throughout the development process. This blog post summarizes different perspectives on research related to code generation from architecture models. 


Designing Insider Threat Programs

Insider Threat No Comments »

By Andrew P. Moore
Lead Researcher
CERT Insider Threat Team 

Andrew P. Moore Insider threat is the threat to organization’s critical assets posed by trusted individuals - including employees, contractors, and business partners - authorized to use the organization’s information technology systems. Insider threat programs within an organization help to manage the risks due to these threats through specific prevention, detection, and response practices and technologies. The National Industrial Security Program Operating Manual (NISPOM), which provides baseline standards for the protection of classified information, is considering proposed changes that would require contractors that engage with federal agencies, which process or access classified information, to establish insider threat programs. The proposed changes to the NISPOM were preceded by Executive Order 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information. Signed by President Obama in September 2011, Executive Order 13587 requires federal agencies that operate or access classified computer networks to implement insider threat detection and prevention programs.


Agile Metrics: Seven Categories

Acquisition , Agile No Comments »

By Will Hayes 
Senior Member of the Technical Staff
Software Solutions Division 

Will HayesMore and more, suppliers of software-reliant Department of Defense (DoD) systems are moving away from traditional waterfall development practices in favor of agile methods. As described in previous posts on this blog, agile methods are effective for shortening delivery cycles and managing costs. If the benefits of agile are to be realized effectively for the DoD, however, personnel responsible for overseeing software acquisitions must be fluent in metrics used to monitor these programs. This blog post highlights the results of an effort by researchers at the Carnegie Mellon University Software Engineering Institute to create a reference for personnel who oversee software development acquisition for major systems built by developers applying agile methods. This post also presents seven categories for tracking agile metrics.


Eliciting and Analyzing Unstated Requirements

Requirements , Sociotechnical Ecosystems 2 Comments »

By Mike Konrad Principal Researcher
SEI Software Solutions Division

Michael KonradAs recent news attests, the rise of sociotechnical ecosystems (STE)—which, we define as a software system that engages a large and geographically-distributed community in a shared pursuit—allows us to work in a mind space and a data space that extends beyond anything that we could have imagined 20 or 30 years ago. STEs present opportunities for tackling problems that could not have even been approached previously because the needed experts and data are spread across multiple locations and distance. Since STEs can be complex and have many diverse stakeholders, a key challenge faced by those responsible for establishing and sustaining them is eliciting requirements to inform their development efforts. Yet stakeholders often have requirements that they are not aware of, so they do not specify them. Uncovering these unstated requirements can be hard and is not well-supported by traditional approaches to requirements elicitation. This blog post describes initial results of an effort by researchers at the Carnegie Mellon University Software Engineering Institute—in addition to myself, the team included Nancy MeadRobert Stoddard, and Mary Beth Chrissis—aimed at developing an approach for determining the unstated needs of stakeholders typical of large, diverse programs and especially STEs.