Safety- and Security-Related Requirements for
|
|
- Cory Webb
- 5 years ago
- Views:
Transcription
1 Engineering - and -Related for Software-Intensive t Systems Presented at SSTC 2010 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Donald Firesmith, Terry Roberts & Stephen Blanchette, Jr. 27 April 2010
2 Report Documentation Page Form Approved OMB No Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 27 APR REPORT TYPE 3. DATES COVERED to TITLE AND SUBTITLE Engineering - and -Related for Software-Intensive Systems 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Carnegie Mellon University,Software Engineering Institute,Pittsburgh,PA, PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 11. SPONSOR/MONITOR S REPORT NUMBER(S) 13. SUPPLEMENTARY NOTES Presented at the 22nd Systems and Software Technology Conference (SSTC), April 2010, Salt Lake City, UT. Sponsored in part by the USAF. U.S. Government or Federal Rights License 14. ABSTRACT 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified Same as Report (SAR) 18. NUMBER OF PAGES 48 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18
3 This work was created in the performance of Federal Government Contract Number FA C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at This Presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering g Institute at permission@sei.cmu.edu. NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. 2
4 Contents Three Disciplines Challenges Fundamental Concepts - and -Related Collaboratively Conclusion 3
5 Three Disciplines:,, and Engineering 4
6 Three Related Disciplines Engineering the engineering g discipline within systems engineering g concerned with lowering the risk of unintentional unauthorized harm to valuable assets to a level that is acceptable to the system s stakeholders by preventing, detecting, and reacting to such harm, mishaps (i.e., accidents and incidents), hazards, vulnerabilities, and safety risks Engineering the engineering discipline within systems engineering concerned with lowering the risk of intentional unauthorized harm to valuable assets to a level that is acceptable to the system s stakeholders by preventing, detecting, and reacting to such harm, misuses (i.e., attacks and incidents), id threats, t vulnerabilities, and security risks Engineering g the engineering discipline within systems/software engineering concerned with identifying, analyzing, reusing, specifying, managing, verifying, and validating goals and requirements (including safety- and security-related requirements) 5
7 Challenges: Combining,, and Engineering 6
8 Challenges 1 engineering, safety engineering, and security engineering have different: Communities Disciplines with different training, books, journals, and conferences Professions with different job titles Fundamental underlying concepts and terminologies Tasks, techniques, and tools and security engineering are: Typically treated as secondary specialty engineering disciplines Performed separately from, largely Independently of, and lagging behind the primary engineering workflow: (requirements, architecture, design, etc.) 7
9 Challenges 2 Current separate methods for performing requirements, safety, and security engineering are inefficient and ineffective. Separation of requirements engineering, safety engineering, and security engineering: Causes poor safety- and security-related requirements that are often: Vague/unverifiable/unfeasible architectural and design constraints Capabilities or goals rather than requirements Inadequate and too late to drive architecture development and test planning Makes it unnecessarily difficult to achieve certification and accreditation for safe/secure operations 8
10 Challenges 3 Poor requirements are a primary cause of more than half of all project failures (defined in terms of): Major Cost Overruns Major Schedule Overruns Major Functionality not delivered Cancelled Projects Delivered Systems that are never used Poor requirements are a major root cause of many (or most) accidents involving i software-intensive t i systems. requirements often mandated (e.g., Industry Best Practices, Functions) Often, these are not derived into meaningful requirements at the engineering level 9
11 Challenges 4 Constant tension: How safe and secure is safe and secure enough? What is needed: Better consistency between safety and security engineering More consistent concepts and terminology Reuse of techniques across disciplines Less unnecessary overlap and avoidance of redundant work Better collaboration: Between safety and security engineering g With requirements engineering Better safety- and security-related requirements 10
12 Fundamental Concepts: A Foundation for Understanding 11
13 Quality Model Architectural Components System defines the meaning of the quality of a Quality Model defines the meaning of a specific type of quality of a Quality Characteristics Quality Attributes are measured along Quality Measurement Scales measure quality along Quality Measurement Methods are measured using Internal Quality Characteristics External Quality Characteristics 12
14 Quality Characteristics (External) Quality Characteristic Internal Quality Characteristic External Quality Characteristic Configurability Efficiency Functionality Interoperability Serviceability Compliance Dependability Environmental Habitability Operability Compatibility Usability Robustness Performance Soundness Availability Correctness Predictability Occupational Health Survivability Capacity Reliability Stability 13
15 1 the quality characteristic capturing the degree to which the system: Properly prevents, detects, reacts to, and adapts to: Unintended and unauthorized harm to valuable assets due to the occurrence of Abuses enabled by the existence of Dangers Has defensibility risks that are acceptably low to its stakeholders Valuable Assets may be people, organizations, property, services, or environments Harm may be direct or indirect, intentional or unintentional, authorized or unauthorized 14
16 2 and security aspects of defensibility are defined in a similar il manner by replacing: Abuse with either mishap (safety) or misuse (security) Danger with either hazard (safety) or threat (security) risks with safety risks and security risks 15
17 - and -Related 16
18 There s More Than One Type Too often, only a single type of requirements is considered when there are many types that need consideration: Special non-functional requirements: and security requirements are quality requirements - and security-significant requirements (functional, data, and interface) and security functions/subsystems requirements and security constraints: Architectural and design constraints Mandated defensibility controls (i.e., safeguards and countermeasures) Separation of safety/security/requirements engineering almost assures gaps in requirements gaps in requirements Gaps in Lead to Shortcomings in Delivered Systems 17
19 Four Types of -Related Constraints Constraints Constraints Functional Quality Data Interface Constraints Intolerable Risk SAL = 4 High Risk SAL = 3 Moderate Risk SAL = 2 - Significant SAL = Independent SAL = 0 System Primary Mission Supporting Function / Subsystem Low Risk SAL = 1 / Assurance Level (SAL) Function / Subsystem Function / Subsystem 18
20 Example - and -Related / Requirement When in mode V, the system shall limit the occurrence of accidental harm of type W to valuable assets of type X to an average rate of no more than Y asset value per Z time duration. When in mode X, the system shall detect misuses of type Y an average age of at least Z percent of the time. / Significant Requirement The system shall automatically ti transport t passengers between stations. ti The system shall enable users to update their personal information. / Function / Subsystem Requirement The system shall include a fire detection and suppression subsystem. The system shall support the encryption/decryption of sensitive data. / Constraint The system shall not contain any of the hazardous materials in Table X. The system shall use passwords for user authentication. 19
21 Collaboratively Engineering - & -Related e e 20
22 Stovepipes are Typical Team System Engineering Engineering System Team Stakeholder Stakeholder Asset Asset Abuse Abuser Work Products Work Products Abuse Abuser Vulnerability Vulnerability Danger Danger Risk Vague Need * Gap * Risk Significance Vague Need Significance Defense To Engineering Defense 21
23 A Better Way Ensure close collaboration among,, and Teams Better Integrate and Methods: Concepts and Terminology Techniques and Work Products Provide Cross Training Better Integrate t and Methods with Methods: Early during Development Cycle Clearly define Team Responsibilities Provide Cross Training Develop all types of - and -relatedrelated Ensure that these have appropriate Properties 22
24 An Overall Engineering Method Monitoring Abuse Investigation Program Planning Policy Development Compliance Assessment Certification & Accreditation 23
25 Reqts Engineering Reqts Engineering Team collaborates with Team System and Engineering Team Engineering Stakeholder Asset Abuse Abuser Work Products Identification - Related Vulnerability Validation Verification Danger perform perform Risk Stakeholders Subject Matter Experts Team Team Significance Defense 24
26 Conclusion 25
27 Summary Engineering safety- and security-related requirements requires appropriate Concepts / Methods / Techniques & Tools / Expertise These must come from the respective experts in: engineering (safety- and security-related requirements) engineering (analysis and safety goals) engineering (analysis and security goals) BUT, // Engineering need to be: Properly interwoven. Consistent with each other. Performed collaboratively and in parallel (i.e., overlapping in time). A collaborative process will advance and Engineering to 1 st class efforts Ultimately, collaboration will improve the safety and security aspects of delivered systems 26
28 Contact Information Donald Firesmith Senior Member of the Tech. Staff Acquisition Support Program Telephone: World Wide Web: edu U.S. mail: Software Engineering Institute Customer Relations 4500 Fifth Avenue Pittsburgh, PA USA Customer Relations SEI Phone: SEI Fax:
29 Backup 28
30 Quality Attributes Occurrence of Unauthorized Harm Occurrence of Abuse (Mishap, Misuse, or Incident) Existence of External Abuser Existence of Internal Vulnerability Existence of Danger (Hazard or Threat) Existence of Risk Problem Prevention Problem Detection Problem Reaction Problem Adaptation Harm Arrest Mitigation Recovery Counterattack () Robustness Occupational Health Problem Type Solution Type Attribute Attribute Attribute measures quality along a Survivability Quality Characteristic Quality Attribute is measured along a Quality Measurement Scale Quality Measurement Method Quality Model defines the meaning of the quality of a System 29
31 Unauthorized Harm to Valuable Assets Stakeholders have an interest in the must defend System value Unauthorized Harm may occur to Valuable Assets People Organizations Property Environment Services Human Beings Development Tangible Property Private Property Roles Played Owner Supplier Intangible Property Public Property User Commercial Property 30
32 Types of Harm Survivability e.g., caused to enemy forces by weapons systems Unintentional (Accidental) Harm Attacker-Caused (Malicious) Harm Authorized Harm Unauthorized Harm Valuable Assets may occur to Harm Direct Harm Indirect Harm Harm to People Harm to Organizations Harm to Property Harm to the Environment Harm to a Service Death Bankruptcy Destruction Destruction Corruption Injury Illness Kidnap Corruption (bribery or extortion) Hardship Lost Market Share Lost Profits Loss of Reputation Damage Corruption Theft Unauthorized Access Unauthorized Disclosure Damage Loss of Use Unauthorized Usage (Theft) Accidental Loss of Service Denial of Service (DOS) Repudiation of Transaction 31
33 Types of Abuses Abuses Events Mishaps () Misuses () Survivability Abuses Accidents Incidents Successful Civilian Attacks Incidents Military Attacks Survivability Incidents cause cause Unauthorized Harm Unsuccessful Attacks Probes 32
34 Types of Abusers System Developer System Maintainer Non-malicious Human Abuser System Operator User Non-malicious External System Arsonist Cracker Aspect of the Natural Environment Non-malicious Abuser () Disgruntled Employee Identity Thief Mugger Foreign Industrial Professional Government Spy Criminal Attacker creates and uses Malware Malicious Abuser () Rapist Software Malware Hardware Malware Malware System Terrorist Backdoor Spyware Trojan Worm Virus may include existence of Abuser is the ultimate cause of a Abuse Event System-External Condition System-Internal Condition are partially defined in terms of the existence of system-external Condition Danger may result in exploits Accident () Incident Attack () Incident Hazard () Threat () Vulnerability 33
35 Vulnerabilities Defenses Dangers eliminate or mitigate are partially defined in terms of the existence of system-internal Vulnerabilities exploit may cause Abusers typically cause Abuses may cause Nonmalicious Abusers Malicious Abusers desire Stakeholders have have an interest in the must meet Stakeholder Needs exist in the System must defend Unauthorized Harm may occur to define types of quality of the Quality Factors value Valuable Assets 34
36 Dangers Risks is the expected amount of are partially defined in terms of vulnerable are partially defined in terms of the existence of system-internal Vulnerabilities may cause or enable can be estimated using the probability of Dangers may enable the occurrence of Abuses are partially defined in terms of the existence of system-external Abusers typically cause Nonmalicious Abusers Malicious Abusers exploit Stakeholders have have an interest in the must meet exist in the System must defend may cause Unauthorized Harm may occur to define types of quality of the desire Quality Factors Stakeholder Needs value Valuable Assets 35
37 Risks is due to can be estimated in terms of Risk are estimated in terms of Dangers is the likelihood of the occurrence of Harm Likelihood can be estimated in terms of Harm Severity Danger Likelihood Harm Event Conditional Likelihood may result in Hazard Threat Accident Successful Likelihood Likelihood Likelihood Attack Likelihood Abuses is the conditional likelihood given danger of occurrence of may cause Unauthorized Harm categorizes amount of corresponds to the expected amount of may occur to Valuable Assets 36
38 Risk in terms of Software Degree of Control is due to Risk Dangers may result in Abuses can be estimated in terms of Software Degree of Control is software s control over occurrence of Harm Severity is estimated in terms of may cause Unauthorized Harm categorizes amount of corresponds to the expected amount of may occur to Valuable Assets 37
39 Types of Positive (shall) Business Facility Data Contractual (Stakeholder) Derived (Developer) Operational Maintenance Sustainment Training Retirement Negative (shall not) Process (Method) Quality Functional Software Hardware People Product Data Non-Functional Interface Entity Procedure Documentation System/ Subsystem Primary Mission Supporting Constraints Object Material Architecture Constraints Design Constraints t Implementation Constraints Integration Constraints Configuration Constraints 38
40 Types of -Related - Significant Function/Subsystem Constraints t - Significant Function/Subsystem Constraints - Significant Function/Subsystem Constraints System - Related -Related -Related 39
41 Systems and Engineering Engineering Vision Statement Team Team collaborates with Context Diagram Understand Goals ConOps Scenarios Team Use Cases System Models Specifications Understand Architecture Architecture Model Architecture Documentation Architecture Team 40
42 Asset Subject Matter Experts Stakeholders provide input during provide input during Project Documentation (RFP, Contract, ConOps) Generic / Reusable Asset Tables ZATS Asset Value and Harm Severity Categories Generic / Reusable Asset Value and Harm Tables Standard / Reusable Asset-Harm Goals Team Team collaborates with Asset Compliance Repository Preparation Asset Identification Asset to Stakeholder Mapping Asset Use Value Harm Team Support Standard d / Reusable Asset-Harm Asset Table Asset Stakeholder Table Asset Usage Table Asset Value and Harm Table Asset-Harm Goals Stakeholders Team Identification Validation Subject Matter Experts perform Team Team Engineering Asset-Harm Prevention Asset-Harm Detection Asset-Harm Reaction Asset-Harm Asset-Harm Asset-Harm and Engineering 41
43 Abuse (Misuse and Mishap) Subject Matter Experts Team Team collaborates with Stakeholders provide input during provide input during Project Documentation (RFP, Contract, ConOps) Asset Table Asset Value and Harm Table Generic / Reusable Abuse Type Lists Generic / Reusable Abuse Table Standard / Reusable Abuse Likelihood Categories Abuse Compliance Repository Preparation Abuse Identification Abuse Tree Abuse Case Abuse Goal Identification Team Support and Engineering Abuse Table Abuse Trees Abuse Cases Abuse Goals Stakeholders Team Identification Validation Subject Matter Experts perform Team Team Engineering Abuse Prevention Abuse Detection Abuse Reaction Abuse Abuse (Mishap) Abuse (Misuse) Generic / Reusable Abuse Goals 42
44 Vulnerability Architects, Designers, and Implementers Quality Engineers, Testers, and Maintainers Actual / Proposed System Architecture t Actual / Proposed System Design Actual / Proposed System Implementation Asset Value and Harm Table Failure Mode Effect Criticality (FMECA) Table provide input during provide input during Team collaborates with Vulnerability Compliance Repository Team Preparation Vulnerability Identification System Vulnerability Operational Vulnerability Vulnerability Goal Identification Team Support and Engineering Vulnerability Table Vulnerability Goals Architects, Designers, and Implementers Team Identification Validation Quality Engineers, Testers, and Maintainers Team Engineering Team Vulnerability Vulnerability Vulnerability Vulnerability Constraints Vulnerability Constraints Vulnerability Constraints 43
45 Abuser Subject Matter Experts Stakeholders provide input during provide input during Project Documentation (RFP, Contract, ConOps) Generic / Reusable Abuser Lists Generic / Reusable Abuser Profiles Generic / Reusable Abuser-Related Goals Team Team collaborates with Abuser Compliance Repository and Engineering Preparation Abuser Identification Abuser Profiling Abuser Occurrence Abuser Goal Development Team Support Standard / Reusable Abuser-Related Potential Abuser List Abuser Profiles Abuser Occurrence Table Abuser- Related Abuser- Related Goals Stakeholders Subject Matter Experts Team Identification Validation Team Team Abuser Protection Abuser Detection Abuser Reaction Abuser Abuser Engineering 44
46 Danger Team Team collaborates Subject Matter with Experts and Engineering Team Engineering Stakeholders System and Documentation Other System Documentation Non-System Documentation Generic / Reusable Danger Lists provide input during provide input during Danger Preparation Danger Identification Danger Profiling Danger Cause Danger Effects Danger Likelihood Cause Root Cause Common Cause Danger (Hazard & Threat) Profiles Danger (Hazard & Threat) Cause and Effects Diagrams Identification Validation Generic / Reusable Hazard and Threat Danger Hazard Threat Generic / Reusable Danger Profiles Generic / Reusable Danger Likelihoods Compliance Repository Danger Goal Identification Team Support Danger Goals Stakeholders Subject Matter Experts Team Team 45
47 Risk Subject Matter Experts Team Team collaborates with Asset Risk Table Team Engineering Standard / Reusable Risk Stakeholders Generic / Reusable Risk Tables provide input during provide input during Risk Preparation Risk Determination Harm Risk Table Abuse Risk Table Danger Risk Table Identification Risk Risk Risk Abuse Table Risk Goal Identification Risk Goals Validation Abuse Trees Abuse Cases Compliance Repository Team Support Danger Profiles Danger Cause and Effects Diagrams and Engineering Stakeholders Subject Matter Experts Team Team 46
48 Significance Subject Matter Experts Team Team collaborates with Engineering Team Stakeholders and Goals provide input during provide input during Significance SAL Categorization SEAL Definition Repository Identification Project-Specific and Assurance Level (SAL) Definitions Project-Specific and Evidence Assurance Level (SEAL) Definitions Compliance Repository and Architecture Engineering Engineering g SEAL Allocation collaborate in the performance of Architecture Representations produces Architecture Team Stakeholders Architecture Verification perform Subject Matter Experts Team Team 47
49 Defense Subject Matter Experts Stakeholders and Generic / Reusable Safeguard and Countermeasure Lists Standard Defense Functionality and Constraint and Risks provide input during provide input during Team Team collaborates with Defense Compliance Repository Defense Type Identification Defense Functionality Identification Market Research Defense Selection Defense Adequacy collaborate in the performance of Architecting and Engineering Architecture Team Countermeasure and Safeguard Type Lists List of Defense Functions / Subsystems Vendor Trade Studies Countermeasure and Safeguard Selection Reports Stakeholders Team Identification Validation Subject Matter Experts Team Team Function/ Subsystem Function/ Subsystem Defense Function / Subsystem Defense Constraints Constraints t Constraints Engineering 48
2013 US State of Cybercrime Survey
2013 US State of Cybercrime Survey Unknown How 24 % Bad is the Insider Threat? Insiders 51% 2007-2013 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting
More informationARINC653 AADL Annex Update
ARINC653 AADL Annex Update Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Julien Delange AADL Meeting February 15 Report Documentation Page Form Approved OMB No. 0704-0188
More informationComponents and Considerations in Building an Insider Threat Program
Components and Considerations in Building an Insider Threat Program Carly Huth Insider Threat Researcher, CEWM Carly L. Huth is an insider threat researcher in the Cyber Enterprise and Workforce Management
More informationPreventing Insider Sabotage: Lessons Learned From Actual Attacks
Preventing Insider Sabotage: Lessons Learned From Actual Attacks Dawn Cappelli November 14, 2005 2005 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting
More informationCyber Threat Prioritization
Cyber Threat Prioritization FSSCC Threat and Vulnerability Assessment Committee Jay McAllister Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information
More informationEmpirically Based Analysis: The DDoS Case
Empirically Based Analysis: The DDoS Case Jul 22 nd, 2004 CERT Analysis Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 The CERT Analysis Center is part of the
More informationService Level Agreements: An Approach to Software Lifecycle Management. CDR Leonard Gaines Naval Supply Systems Command 29 January 2003
Service Level Agreements: An Approach to Software Lifecycle Management CDR Leonard Gaines Naval Supply Systems Command 29 January 2003 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting
More informationA Review of the 2007 Air Force Inaugural Sustainability Report
Headquarters U.S. Air Force A Review of the 2007 Air Force Inaugural Sustainability Report Lt Col Wade Weisman SAF/IEE 703-693-9544 wade.weisman@pentagon.af.mil Ms. Krista Goodale Booz Allen Hamilton 757-466-3251
More informationFall 2014 SEI Research Review Verifying Evolving Software
Fall 2014 SEI Research Review Verifying Evolving Software Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Arie Gurfinkel October 28, 2014 Report Documentation Page Form Approved
More informationSoftware, Security, and Resiliency. Paul Nielsen SEI Director and CEO
Software, Security, and Resiliency Paul Nielsen SEI Director and CEO Dr. Paul D. Nielsen is the Director and CEO of Carnegie Mellon University's Software Engineering Institute. Under Dr. Nielsen s leadership,
More informationCurrent Threat Environment
Current Threat Environment Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213, PhD Technical Director, CERT mssherman@sei.cmu.edu 29-Aug-2014 Report Documentation Page Form
More informationArchitectural Implications of Cloud Computing
Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,
More informationCOTS Multicore Processors in Avionics Systems: Challenges and Solutions
COTS Multicore Processors in Avionics Systems: Challenges and Solutions Dionisio de Niz Bjorn Andersson and Lutz Wrage dionisio@sei.cmu.edu, baandersson@sei.cmu.edu, lwrage@sei.cmu.edu Report Documentation
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationArchitecting for Resiliency Army s Common Operating Environment (COE) SERC
Architecting for Resiliency Army s Common Operating Environment (COE) SERC 5 October 2011 Mr. Terry Edwards Director, ASA(ALT) Office of the Chief Systems Engineer (OCSE) (703) 614-4540 terry.edwards@us.army.mil
More informationJulia Allen Principal Researcher, CERT Division
Improving the Security and Resilience of U.S. Postal Service Mail Products and Services Using CERT -RMM (Case Study) Julia Allen Principal Researcher, CERT Division Julia Allen is a principal researcher
More information75th Air Base Wing. Effective Data Stewarding Measures in Support of EESOH-MIS
75th Air Base Wing Effective Data Stewarding Measures in Support of EESOH-MIS Steve Rasmussen Hill Air Force Base (AFB) Air Quality Program Manager 75 CEG/CEVC (801) 777-0359 Steve.Rasmussen@hill.af.mil
More informationKathleen Fisher Program Manager, Information Innovation Office
Kathleen Fisher Program Manager, Information Innovation Office High Assurance Systems DARPA Cyber Colloquium Arlington, VA November 7, 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public
More informationConcept of Operations Discussion Summary
TSPG Common Dataset Standard Concept of Operations Discussion Summary Tony DalSasso 677 AESG/EN 15 May 2007 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationTechnological Advances In Emergency Management
Technological Advances In Emergency Management Closing the gap between Preparation and Recovery Will Fontan, P.E. Regional Director, ONRG Americas Office Report Documentation Page Form Approved OMB No.
More informationCOMPUTATIONAL FLUID DYNAMICS (CFD) ANALYSIS AND DEVELOPMENT OF HALON- REPLACEMENT FIRE EXTINGUISHING SYSTEMS (PHASE II)
AL/EQ-TR-1997-3104 COMPUTATIONAL FLUID DYNAMICS (CFD) ANALYSIS AND DEVELOPMENT OF HALON- REPLACEMENT FIRE EXTINGUISHING SYSTEMS (PHASE II) D. Nickolaus CFD Research Corporation 215 Wynn Drive Huntsville,
More informationAnalyzing and Specifying Reusable Security Requirements
Analyzing and Specifying Reusable Security Requirements Donald G. Firesmith Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 +1 412 268-6874 dgf@sei.cmu.edu ABSTRACT
More informationCloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative
Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative SEI Webinar November 12, 2009 Report Documentation Page Form Approved OMB No. 0704-0188
More informationCOUNTERING IMPROVISED EXPLOSIVE DEVICES
COUNTERING IMPROVISED EXPLOSIVE DEVICES FEBRUARY 26, 2013 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour
More informationBy Derrick H. Karimi Member of the Technical Staff Emerging Technology Center. Open Architectures in the Defense Intelligence Community
Open Architectures in the Defense Intelligence Community By Derrick H. Karimi Member of the Technical Staff Emerging Technology Center This blog post is co-authored by Eric Werner. In an era of sequestration
More informationData to Decisions Terminate, Tolerate, Transfer, or Treat
I N S T I T U T E F O R D E F E N S E A N A L Y S E S Data to Decisions Terminate, Tolerate, Transfer, or Treat Laura A. Odell 25 July 2016 Approved for public release; distribution is unlimited. IDA Non-Standard
More informationCorrosion Prevention and Control Database. Bob Barbin 07 February 2011 ASETSDefense 2011
Corrosion Prevention and Control Database Bob Barbin 07 February 2011 ASETSDefense 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information
More informationUsing Templates to Support Crisis Action Mission Planning
Using Templates to Support Crisis Action Mission Planning Alice Mulvehill 10 Moulton Rd Cambridge, MA 02138 USA 617-873-2228 Fax: 617-873-4328 amm@bbn.com Michael Callaghan 695 Wanaao Rd Kailua, HI 96734
More informationDoD Common Access Card Information Brief. Smart Card Project Managers Group
DoD Common Access Card Information Brief Smart Card Project Managers Group 12 July, 2001 REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burder for this collection of information
More information2011 NNI Environment, Health, and Safety Research Strategy
2011 NNI Environment, Health, and Safety Research Strategy Sally S. Tinkle, Ph.D. Deputy Director National Nanotechnology Coordination Office Coordinator for NNI EHS stinkle@nnco.nano.gov 1 Report Documentation
More informationThe CERT Top 10 List for Winning the Battle Against Insider Threats
The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:
More informationEngineering Safety- and Security-Related Requirements for Software-Intensive Systems
Engineering Safety- and Security-Related for Software-Intensive Systems One-Day Tutorial 32 nd International Conference on Software Engineering 4 May 2010 Donald G. Firesmith Software Engineering Institute
More informationInformation, Decision, & Complex Networks AFOSR/RTC Overview
Information, Decision, & Complex Networks AFOSR/RTC Overview 06 MAR 2013 Integrity Service Excellence Robert J. Bonneau, Ph.D. Division Chief AFOSR/RTC Air Force Research Laboratory Report Documentation
More informationCENTER FOR ADVANCED ENERGY SYSTEM Rutgers University. Field Management for Industrial Assessment Centers Appointed By USDOE
Field Management for Industrial Assessment Centers Appointed By USDOE Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to
More informationVision Protection Army Technology Objective (ATO) Overview for GVSET VIP Day. Sensors from Laser Weapons Date: 17 Jul 09 UNCLASSIFIED
Vision Protection Army Technology Objective (ATO) Overview for GVSET VIP Day DISTRIBUTION STATEMENT A. Approved for public release. Vision POC: Rob Protection Goedert, ATO: TARDEC Protection ATO manager
More informationFUDSChem. Brian Jordan With the assistance of Deb Walker. Formerly Used Defense Site Chemistry Database. USACE-Albuquerque District.
FUDSChem Formerly Used Defense Site Chemistry Database Brian Jordan With the assistance of Deb Walker USACE-Albuquerque District 31 March 2011 1 Report Documentation Page Form Approved OMB No. 0704-0188
More informationFall 2014 SEI Research Review FY14-03 Software Assurance Engineering
Fall 2014 SEI Research Review FY14-03 Software Assurance Engineering Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Carol Woody, Ph.D. October 28, 2014 Report Documentation
More informationSituational Awareness Metrics from Flow and Other Data Sources
Situational Awareness Metrics from Flow and Other Data Sources SEI CERT NetSA 2011 Carnegie Mellon University NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE
More information4. Lessons Learned in Introducing MBSE: 2009 to 2012
4. Lessons Learned in Introducing MBSE: 2009 to 2012 Abstract A. Peter Campbell University of South Australia An overview of the lessons that are emerging from recent efforts to employ MBSE in the development
More informationMulti-Modal Communication
Multi-Modal Communication 14 November 2011 Victor S. Finomore, Jr., Ph.D. Research Psychologist Battlespace Acoustic Branch Air Force Research Laboratory DISTRIBUTION STATEMENT D. Distribution authorized
More informationSpace and Missile Systems Center
Space and Missile Systems Center M-Code Benefits and Availability Capt Travis Mills, SMC/GPEP 29 Apr 15 UNCLASSIFIED/APPROVED FOR PUBLIC RELEASE Report Documentation Page Form Approved OMB No. 0704-0188
More informationENVIRONMENTAL MANAGEMENT SYSTEM WEB SITE (EMSWeb)
2010 ENGINEERING SERVICE CENTER ENVIRONMENTAL MANAGEMENT SYSTEM WEB SITE (EMSWeb) Eugene Wang NFESC -- Code 423 (805) 982-4291 eugene.wang@navy.mil Report Documentation Page Form Approved OMB No. 0704-0188
More informationDirected Energy Using High-Power Microwave Technology
Directed Energy High-Power Microwave Directed Energy Using High-Power By Jacob Walker and Matthew McQuage 78 The Directed Energy Warfare Office (DEWO) and Directed Energy Division at the Naval Surface
More informationC2-Simulation Interoperability in NATO
C2-Simulation Interoperability in NATO Dr Hans Jense Chief, Capability Planning, Exercises and Training NATO UNCLASSIFIED 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More information73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation
CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation 712CD For office use only 41205 21-23 June 2005, at US Military Academy, West Point, NY Please complete this form 712CD as your cover page to
More informationMoving Secure Software Assurance into Higher Education: A Roadmap for Change. Linda Laird, Nancy Mead, Dan Shoemaker
Moving Secure Software Assurance into Higher Education: A Roadmap for Change Linda Laird, Nancy Mead, Dan Shoemaker 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for
More informationEngineering Improvement in Software Assurance: A Landscape Framework
Engineering Improvement in Software Assurance: A Landscape Framework Lisa Brownsword (presenter) Carol C. Woody, PhD Christopher J. Alberts Andrew P. Moore Agenda Terminology and Problem Scope Modeling
More informationM&S Strategic Initiatives to Support Test & Evaluation
DMSC 2008 March 11, 2008 M&S Strategic Initiatives to Support Test & Evaluation Mr. Richard Lockhart Principal Deputy Director Test Resource Management Center (TRMC) OUSD(AT&L) March 11, 2008 Report Documentation
More informationBe Like Water: Applying Analytical Adaptability to Cyber Intelligence
SESSION ID: HUM-W01 Be Like Water: Applying Analytical Adaptability to Cyber Intelligence Jay McAllister Senior Analyst Software Engineering Institute Carnegie Mellon University @sei_etc Scuttlebutt Communications
More informationAnnual Report on the Status of the Information Security Program
October 2, 2014 San Bernardino County Employees Retirement Association 348 W. Hospitality Lane, Third Floor San Bernardino, CA 92415-0014 1 Table of Contents I. Executive Summary... 3 A. Overview... 3
More informationDr. Kenneth E. Nidiffer Director of Strategic Plans for Government Programs
War Fighting Technologies: Enhance Advance - Modernize: -Technological/Acquisition Advances Enabling a More Responsive 24th Anniversary - Systems & Software Technology Conference April 23-26, 2012 Salt
More informationHeadquarters U.S. Air Force. EMS Play-by-Play: Using Air Force Playbooks to Standardize EMS
Headquarters U.S. Air Force EMS Play-by-Play: Using Air Force Playbooks to Standardize EMS Mr. Kerry Settle HQ AMC/A7AN Ms. Krista Goodale Booz Allen Hamilton 1 Report Documentation Page Form Approved
More informationUsing Model-Theoretic Invariants for Semantic Integration. Michael Gruninger NIST / Institute for Systems Research University of Maryland
Using Model-Theoretic Invariants for Semantic Integration Michael Gruninger NIST / Institute for Systems Research University of Maryland Report Documentation Page Form Approved OMB No. 0704-0188 Public
More informationCyber Warfare. Maj Mark Reith, Ph.D. Software Professional Development Program Air Force Institute of Technology
s c h o o l o f S Y S T E M S a n d L O G I S T I C S education service research Software Acquisition in the Age of Cyber Warfare Maj Mark Reith, Ph.D. Software Professional Development Program Air Force
More informationFlow Analysis for Network Situational Awareness. Tim Shimeall January Carnegie Mellon University
Flow Analysis for Network Situational Awareness Tim Shimeall January 2010 NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN AS-IS" BASIS.
More informationModel-Driven Verifying Compilation of Synchronous Distributed Applications
Model-Driven Verifying Compilation of Synchronous Distributed Applications Sagar Chaki, James Edmondson October 1, 2014 MODELS 14, Valencia, Spain Report Documentation Page Form Approved OMB No. 0704-0188
More informationEnergy Security: A Global Challenge
A presentation from the 2009 Topical Symposium: Energy Security: A Global Challenge Hosted by: The Institute for National Strategic Studies of The National Defense University 29-30 September 2009 By SCOTT
More informationAFRL-ML-WP-TM
AFRL-ML-WP-TM-2004-4157 NONDESTRUCTIVE EVALUATION (NDE) TECHNOLOGY INITIATIVES PROGRAM (NTIP) Delivery Order 0043: Upgrade of Computed Tomography Facility By: S. Trent Neel Advanced Research and Applications
More informationGoal-Based Assessment for the Cybersecurity of Critical Infrastructure
Goal-Based Assessment for the Cybersecurity of Critical Infrastructure IEEE HST 2010 November 10, 2010 NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS
More informationGuide to Windows 2000 Kerberos Settings
Report Number: C4-018R-01 Guide to Windows 2000 Kerberos Settings Architectures and Applications Division of the Systems and Network Attack Center (SNAC) Author: David Opitz Updated: June 27, 2001 Version
More informationRunning CyberCIEGE on Linux without Windows
Running CyberCIEGE on Linux without Windows May, 0 Report Documentation Page Form Approved OMB No. 070-0 Public reporting burden for the collection of information is estimated to average hour per response,
More informationSEI Webinar Series. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA January 27, Carnegie Mellon University
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated
More informationSpace and Missile Systems Center
Space and Missile Systems Center GPS Control Segment Improvements Mr. Tim McIntyre GPS Product Support Manager GPS Ops Support and Sustainment Division Peterson AFB CO 2015 04 29 _GPS Control Segment Improvements
More informationEngineering Safety- and Security-Related Requirements for Software- Intensive Systems
Engineering Safety- and Security-Related for Software- Intensive Systems ICCBSS 2007 Conference Tutorial Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Donald Firesmith
More informationEngineering Safety- and Security-Related Requirements for Software- Intensive Systems
Engineering Safety- and Security-Related for Software- Intensive Systems ICCBSS 2007 Conference Tutorial Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Donald Firesmith
More informationDana Sinno MIT Lincoln Laboratory 244 Wood Street Lexington, MA phone:
Self-Organizing Networks (SONets) with Application to Target Tracking Dana Sinno 244 Wood Street Lexington, MA 02420-9108 phone: 781-981-4526 email: @ll.mit.edu Abstract The growing interest in large arrays
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationDATA COLLECTION AND TESTING TOOL: SAUDAS
CETN-VI-21 3/88 DATA COLLECTION AND TESTING TOOL: SAUDAS PURPOSE: The availability of electronic instrumentation to measure wave height, nearshore currents, and other phenomena has generated a concurrent
More informationU.S. Army Research, Development and Engineering Command (IDAS) Briefer: Jason Morse ARMED Team Leader Ground System Survivability, TARDEC
U.S. Army Research, Development and Engineering Command Integrated Defensive Aid Suites (IDAS) Briefer: Jason Morse ARMED Team Leader Ground System Survivability, TARDEC Report Documentation Page Form
More informationQuanTM Architecture for Web Services
QuanTM Architecture for Web Services Insup Lee Computer and Information Science University of Pennsylvania ONR MURI N00014-07-1-0907 Review Meeting June 10, 2010 Report Documentation Page Form Approved
More informationModeling the Implementation of Stated-Based System Architectures
Modeling the Implementation of Stated-Based System Architectures Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Peter H Feiler June 2009 Are Everywhere What is a state-based
More informationSecure FAST: Security Enhancement in the NATO Time Sensitive Targeting Tool
in the NATO Time Sensitive Targeting Tool Dr Orhan Cetinkaya, Dr Yakup Yildirim and Mr Michel Fortier NATO C3 Agency Oude Waalsdorperweg 61, 2597 AK The Hague NETHERLANDS {orhan.cetinkaya, yakup.yildirim,
More informationATCCIS Replication Mechanism (ARM)
ATCCIS Replication Mechanism (ARM) Fundamental Concepts Presented by Peter Angel, P.Eng. Advanced Systems Management Group 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden
More informationVICTORY VALIDATION AN INTRODUCTION AND TECHNICAL OVERVIEW
2012 NDIA GROUND VEHICLE SYSTEMS ENGINEERING AND TECHNOLOGY SYMPOSIUM VEHICLE ELECTRONICS AND ARCHITECTURE (VEA) MINI-SYMPOSIUM AUGUST 14-16 TROY, MICHIGAN VICTORY VALIDATION AN INTRODUCTION AND TECHNICAL
More informationUse of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme
NIST Special Publication 800-51 Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme Recommendations of the National Institute of Standards and Technology Peter Mell Tim Grance
More informationTopology Control from Bottom to Top
Topology Control from Bottom to Top M. Steenstrup Stow Research L.L.C. Clemson University steenie@rcn.com This work was funded in part by DARPA and by ONR MURI. Report Documentation Page Form Approved
More informationDr. Stuart Dickinson Dr. Donald H. Steinbrecher Naval Undersea Warfare Center, Newport, RI May 10, 2011
Environment, Energy Security & Sustainability Symposium & Exhibition Dr. Stuart Dickinson Dr. Donald H. Steinbrecher Naval Undersea Warfare Center, Newport, RI Stuart.dickinson@navy.mil May 10, 2011 Approved
More informationInformation Security Is a Business
Information Security Is a Business Continuity Issue: Are You Ready? Dr. Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie Mellon University
More informationHigh-Assurance Security/Safety on HPEC Systems: an Oxymoron?
High-Assurance Security/Safety on HPEC Systems: an Oxymoron? Bill Beckwith Objective Interface Systems, Inc. Phone: 703-295-6519 Email Address: bill.beckwith@ois.com W. Mark Vanfleet National Security
More informationASSESSMENT OF A BAYESIAN MODEL AND TEST VALIDATION METHOD
ASSESSMENT OF A BAYESIAN MODEL AND TEST VALIDATION METHOD Yogita Pai, Michael Kokkolaras, Greg Hulbert, Panos Papalambros, Univ. of Michigan Michael K. Pozolo, US Army RDECOM-TARDEC Yan Fu, Ren-Jye Yang,
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationExploring the Query Expansion Methods for Concept Based Representation
Exploring the Query Expansion Methods for Concept Based Representation Yue Wang and Hui Fang Department of Electrical and Computer Engineering University of Delaware 140 Evans Hall, Newark, Delaware, 19716,
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationDEFINITIONS AND REFERENCES
DEFINITIONS AND REFERENCES Definitions: Insider. Cleared contractor personnel with authorized access to any Government or contractor resource, including personnel, facilities, information, equipment, networks,
More informationAir Virtual At Sea (VAST) Platform Stimulation Analysis
Air Virtual At Sea (VAST) Platform Stimulation Analysis Final Report Concept for Support of ONR/JFCOM Contract N00014-04-M-0074 CLIN 0001AC January 2005 1 Report Documentation Page Form Approved OMB No.
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationCenter for Infrastructure Assurance and Security (CIAS) Joe Sanchez AIA Liaison to CIAS
Center for Infrastructure Assurance and Security (CIAS) Joe Sanchez AIA Liaison to CIAS 1 REPORT DOCUMENTATION PAGE Form Approved OMB No. 074-0188 Public reporting burden for this collection of information
More informationAdvancing Cyber Intelligence Practices Through the SEI s Consortium
Advancing Cyber Intelligence Practices Through the SEI s Consortium SEI Emerging Technology Center Jay McAllister Melissa Kasan Ludwick Copyright 2015 Carnegie Mellon University This material is based
More informationDefense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024
Report No. DODIG-2013-056 March 15, 2013 Defense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024 Report Documentation
More informationTHE NATIONAL SHIPBUILDING RESEARCH PROGRAM
SHIP PRODUCTION COMMITTEE FACILITIES AND ENVIRONMENTAL EFFECTS SURFACE PREPARATION AND COATINGS DESIGN/PRODUCTION INTEGRATION HUMAN RESOURCE INNOVATION MARINE INDUSTRY STANDARDS WELDING INDUSTRIAL ENGINEERING
More informationUS Army Industry Day Conference Boeing SBIR/STTR Program Overview
US Army Industry Day Conference Boeing SBIR/STTR Program Overview Larry Pionke, DSc Associate Technical Fellow Product Standards - Technology & Services Boeing Research & Technology Ft. Leonard Wood (FLW)
More informationSCICEX Data Stewardship: FY2012 Report
DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited. SCICEX Data Stewardship: FY2012 Report Florence Fetterer 449 UCB University of Colorado Boulder, CO 80309-0449 USA phone:
More informationThe State of Standardization Efforts to support Data Exchange in the Security Domain
The State of Standardization Efforts to support Data Exchange in the Security Domain Roman Danyliw FloCon 2004: Standards Talk Network Group Software Engineering Institute Carnegie Mellon
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationSystem-wide Security Assessment for MetroLink
System-wide Security Assessment for MetroLink June 21, 2018 Presented by: PROJECT OVERVIEW Perform a comprehensive security assessment of the St. Louis MetroLink System, resulting in recommendations to
More informationA Distributed Parallel Processing System for Command and Control Imagery
A Distributed Parallel Processing System for Command and Control Imagery Dr. Scott E. Spetka[1][2], Dr. George O. Ramseyer[3], Dennis Fitzgerald[1] and Dr. Richard E. Linderman[3] [1] ITT Industries Advanced
More informationComputer Aided Munitions Storage Planning
Computer Aided Munitions Storage Planning Robert F. Littlefield and Edward M. Jacobs Integrated Systems Analysts, Inc. (904) 862-7321 Mr. Joseph Jenus, Jr. Manager, Air Force Explosives Hazard Reduction
More information73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation
CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation 712CD For office use only 41205 21-23 June 2005, at US Military Academy, West Point, NY Please complete this form 712CD as your cover page to
More information