SEI/CMU Efforts on Assured Systems

Similar documents
ARINC653 AADL Annex Update

Cyber Hygiene: A Baseline Set of Practices

The CERT Top 10 List for Winning the Battle Against Insider Threats

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

Software Assurance Education Overview

Analyzing 24 Years of CVD

Inference of Memory Bounds

OSATE Analysis Support

Investigating APT1. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Deana Shick and Angela Horneman

Passive Detection of Misbehaving Name Servers

Encounter Complexes For Clustering Network Flow

Software, Security, and Resiliency. Paul Nielsen SEI Director and CEO

Information Security Is a Business

Roles and Responsibilities on DevOps Adoption

Panel: Future of Cloud Computing

Causal Modeling of Observational Cost Data: A Ground-Breaking use of Directed Acyclic Graphs

Be Like Water: Applying Analytical Adaptability to Cyber Intelligence

Modeling the Implementation of Stated-Based System Architectures

Julia Allen Principal Researcher, CERT Division

Denial of Service Attacks

Advancing Cyber Intelligence Practices Through the SEI s Consortium

Cyber Threat Prioritization

Researching New Ways to Build a Cybersecurity Workforce

Design Pattern Recovery from Malware Binaries

Prioritizing Alerts from Static Analysis with Classification Models

Defining Computer Security Incident Response Teams

Model-Driven Verifying Compilation of Synchronous Distributed Applications

Situational Awareness Metrics from Flow and Other Data Sources

Engineering High- Assurance Software for Distributed Adaptive Real- Time Systems

Goal-Based Assessment for the Cybersecurity of Critical Infrastructure

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Verifying Periodic Programs with Priority Inheritance Locks

Flow Analysis for Network Situational Awareness. Tim Shimeall January Carnegie Mellon University

Static Analysis Alert Audits Lexicon And Rules David Svoboda, CERT Lori Flynn, CERT Presenter: Will Snavely, CERT

Automated Provisioning of Cloud and Cloudlet Applications

Components and Considerations in Building an Insider Threat Program

Effecting Large-Scale Adaptive Swarms Through Intelligent Collaboration (ELASTIC)

Current Threat Environment

Fall 2014 SEI Research Review Verifying Evolving Software

2013 US State of Cybercrime Survey

The Insider Threat Center: Thwarting the Evil Insider

Providing Information Superiority to Small Tactical Units

10 Years of FloCon. Prepared for FloCon George Warnagiris - CERT/CC #GeoWarnagiris Carnegie Mellon University

Modeling, Verifying, and Generating Software for Distributed Cyber- Physical Systems using DMPL and AADL

Foundations for Summarizing and Learning Latent Structure in Video

Using DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps

Collaborative Autonomy with Group Autonomy for Mobile Systems (GAMS)

Smart Grid Maturity Model

Engineering Improvement in Software Assurance: A Landscape Framework

Dr. Kenneth E. Nidiffer Director of Strategic Plans for Government Programs

COTS Multicore Processors in Avionics Systems: Challenges and Solutions

Report Writer and Security Requirements Finder: User and Admin Manuals

Measuring the Software Security Requirements Engineering Process

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Integrating the Risk Management Framework (RMF) with DevOps

The Need for Operational and Cyber Resilience in Transportation Systems

The CERT Survivability and Information Assurance Curriculum Building Enterprise Networks on a Firm Educational Foundation

Using CERT-RMM in a Software and System Assurance Context

Bridging The Gap Between Industry And Academia

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

Integrating Software Assurance Knowledge into Conventional Curricula

Model-Driven Verifying Compilation of Synchronous Distributed Applications

Pharos Static Analysis Framework

The Priority Ceiling Protocol: A Method for Minimizing the Blocking of High-Priority Ada Tasks

An Incident Management Ontology

Secure Coding Initiative

TUNISIA CSIRT CASE STUDY

Five Keys to Agile Test Automation for Government Programs

Semantic Importance Sampling for Statistical Model Checking

Technical Advisory Board (TAB) Terms of Reference

GraphBLAS: A Programming Specification for Graph Analysis

NISPOM Change 2: Considerations for Building an Effective Insider Threat Program

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

Automated Code Generation for High-Performance, Future-Compatible Graph Libraries

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

NO WARRANTY. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder.

Open Systems: What s Old Is New Again

Improving Software Assurance 1

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

Cybersecurity 2016 Survey Summary Report of Survey Results

Flow Latency Analysis with the Architecture Analysis and Design Language (AADL)

The Confluence of Physical and Cyber Security Management

Architectural Implications of Cloud Computing

TSP and Security. PSP/TSP Community of Practice Breakout Group. December 14-15, 2016

SAME Standard Package Installation Guide

Fall 2014 SEI Research Review FY14-03 Software Assurance Engineering

Struggles at the Frontiers: Persistent Pursuit of Software Assurance in the Development and Sustainment of Defense Systems Dr. Kenneth E.

Proposed Revisions to ebxml Technical Architecture Specification v ebxml Business Process Project Team

! CSMIC SMI Tool. User s Guide. !!! July 30, 2014!!!!!!!!!!!!!!! CSMIC Carnegie Mellon University Silicon Valley Moffett Field, CA USA

Scheduling Sporadic and Aperiodic Events in a Hard Real-Time System

Introduction to AADL analysis and modeling with FACE Units of Conformance

FloCon Sponsorship Opportunities. January 11 14, 2016 Daytona Beach, FL

Information to Insight

October Network News Transfer Protocol (NNTP) Extension for Streaming Feeds

Leveraging Data Provenance to Enhance Cyber Resilience

Recommendations for LXI systems containing devices supporting different versions of IEEE 1588

Shaping the Department of Defense Engineering Workforce

TACIT Security Institutionalizing Cyber Protection for Critical Assets

Time-Bounded Analysis of Real- Time Systems

SSC-WG4 Certification Process

Transcription:

Unclassified//For Official Use Only SEI/CMU Efforts on Assured Systems 15 November 2018 *** Greg Shannon CERT Division Chief Scientist Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Derived from Stempfley, Cunningham et. al., Towards a Consolidated AI Strategy for the SEI, Oct. 2018. DISTRIBUTION STATEMENT A Distribution Statement A 1

Diligent Lawyers Copyright 2018 Carnegie Mellon University. All Rights Reserved. This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. References herein to any specific commercial product, process, or service by trade name, trade mark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non- US Government use and distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. Carnegie Mellon is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM18-1319 2

DoD Federally Funded Research & Development Center Doing what others can t or won t do for DoD priorities (authorization from Congress see FAR language) 3

Topics AADL Global Imperative for Formal Methods 4

Architecture Analysis & Design Language (AADL) Standard Targets Embedded Software Systems AS 5506 Standard Suite Standards provide long-term industry-wide solutions to support multi-organization model-based engineering In 2008 Aerospace industry initiative chose AADL over SysML and other notations as it specifically addresses embedded software systems AADL captures mission and safety critical embedded software system architectures in virtually integrated analyzable models to discover system level problems early and construct implementations from verified models 5

Core AADL language standard [V1 2004, V2 2012, V2.2 2017] Focused on embedded software system modeling, analysis, and generation Strongly typed language with well-defined semantics for execution of threads, processes on partitions and processor, sampled/queued communication, modes, end to end flows Textual and graphical notation AADL Standard Suite (AS-5506 series) Revision V3 in progress: interface composition, system configuration, binding, type system unification Standardized AADL Annex Extensions Error Model language for safety, reliability, security analysis [2006, 2015] ARINC653 extension for partitioned architectures [2011, 2015] Behavior Specification Language for modes and interaction behavior [2011, 2017] Data Modeling extension for interfacing with data models (UML, ASN.1, ) [2011] AADL Runtime System & Code Generation [2006, 2015] AADL Annexes in Progress Network Specification Annex Cyber Security Annex FACE Annex Requirements Definition and Assurance Annex Synchronous System Specification Annex 6

Need for (Cyber) Security Protection U.S. National Defense Strategy (2018) In the first sentence...protect the security of our nation... U.S. National Cyber Strategy (2018) Starts with the words Protecting America s national security U.N. Internet Governance Forum (2018) Only a secure and reliable cyber space can generate and preserve trust in the Internet. 7

A Yearning for Assurance Assurance of networked capabilities Internet Weapons systems Critical Infrastructure Assurance of artificial intelligence Machine learning Autonomy Algorithms 8

What s Really Needed Ensurance Neither assurance nor insurance is good enough in contested environments Adversaries are too persistent for us to rely on assurances Formal-methods provide Ensurance modulo assumptions, etc. Blending with cryptology-based protocols and mechanisms is very powerful Exceptionally hard for adversaries to compromise Provides the highest-levels of ensurance 9

What Is Missing? Ironically, making security mechanisms INVISIBLE INVISIBLE INVISIBLE INVISIBLE INVISIBLE! 10

The Pinnacle of Formal Methods? Practices for Attacks Proofs for Classes Types(!!) for Properties 11

How Do We Get There? Provide input to update the Federal Cyber Security R&D Strategic Plan https://www.federalregister.gov/documents/2018/11/13/2018-24668/request-for-information-on-update-to-the-2016- federal-cybersecurity-research-and-development Due JANUARY 15 2018 Let policymakers know that we (the R&D community) still don t have the invisible answers yet Goal: Effective, Efficient, Invisible Cybersecurity 12

We Need Scalable Capability for HW/SW Formal Reasoning What Is Missing? We need meaningfully trustworthy hardware on which to build much more trustworthy operating systems, more trustworthy networks, and sensible applications that take suitable advantage of such hardware and its supporting technology. We need much greater attention to software development in theory and practice, including realistic methodologies for applying formal methods, and proactive designs for trustworthiness. We need ubiquitous attention to advanced computer literacy, including K-12, college, graduate school, and ongoing training. Slide from P.Neumann sel4 Summit Nov. 2018 4 13

Let s Be Epistemologically Realistic Please Principle of least privilege Slide from P.Neumann sel4 Summit Nov. 2018 Every program and every privileged user of the system should operate using the least amount of privilege with finest granularity necessary for the given purpose. Saltzer 1974 - CACM 17(7) Saltzer and Schroeder 1975 - Proc. IEEE 63(9) Needham 1972 - AFIPS 41(1) 16 14

Discussion 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback