Draft for SEI Review SEI Workshop on IS 393 December 7 th 2005
SEI Year in Review 2008
-
Upload
software-engineering-institute-publications -
Category
Documents
-
view
221 -
download
0
Transcript of SEI Year in Review 2008
-
8/14/2019 SEI Year in Review 2008
1/48
-
8/14/2019 SEI Year in Review 2008
2/48
The Software Engineering Institute (SEI) is a federally funded
research and development center (FFRDC) sponsored by the U.S.
Department of Defense and operated by Carnegie Mellon University.
The SEI mission is to advance software engineering and related
disciplines to ensure systems with predictable and improved quality,
cost, and schedule.
-
8/14/2019 SEI Year in Review 2008
3/482008 YEAR IN REVIEW | www.sei.cmu.edu | 1
Contents
A Message rom the Director 3
Strategy and Areas o Work 4
News Bries 6
Growing Architecture Competence 6
Program Merger Enhances Capabilities in System Structure and Behavior 7
SEI Joins Multicore Association 7
Sharing with Educators 8
SOA Research 9
ULS Systems Research Is Redening Sotware Engineering 9
New Webinars Bring SEI to the Desktop 10
CERT-DC3 Collaboration Aims or Better DIB Network Deense 11
New UML Prole Maps to AADL 11
CERT Podcast Series 11
VTE Helps DoD Meet Remote Training Requirements and Cut Costs 12
Mexican TSP Initiative Shows Early Results 15
Army Commitment to Strategic Sotware Improvement Grows 17
SMART Evolves as Needs Emerge 18
Cyber Storm Simulates Network Attack 21
The I in Integration 23
CERT Forensics Team Helps Law Enorcement Agencies Fight Cyber Crime 24
The CERT Secure Coding Initiative 27
CMD Adds in Bandwidth Allocation 28
AVSI Chooses AADL or Next Gen Design 31
Securing Web Services in an SOA Environment or the Army SOA Initiative 33
Transition Activities 34
Leadership, Management, & Sta 37
Key Publications 40
Opportunities 44
-
8/14/2019 SEI Year in Review 2008
4/482 | www.sei.cmu.edu | YEAR IN REVIEW 2008
-
8/14/2019 SEI Year in Review 2008
5/482008 YEAR IN REVIEW | www.sei.cmu.edu | 3
The impact o sotware in our lives continues to grow.
The men and women o the SEI have a deep knowledge
and understanding o todays sotware problems and
opportunities. They play a crucial role in advancing thestate o the practice in ways that have a positive impact,
certainly or our customers, but also or the industries
they participate in and the world at large.
The SEIs women and men perorm innovative research
and interact with the global sotware community to
nd best practices and important new research, but
most importantly, work hard to eectively transition
technology, techniques, and methods to our clients and
stakeholders. We teach individuals about architecture,
security, interoperability, the integration o systems, and
process improvement across the entire development lie
cycle. We conduct workshops or sotware educators,and through our Virtual Training Environment (VTE),
we enable customers to have anywhere, anytime access
to some o the best sotware training. Through our SEI
Webinar and CERT Podcast series, we are engaging
in Web 2.0 technologies to reach new audiences. And
through direct support o government and industry
clients, we improve the acquisition and development o
sotware-intensive systems.
A Message rom the DirectorSotware is Essential, Everywhere, and Expanding
This Year in Review highlights a ew ways the SEI cre-
ates customer solutions across a spectrum o challenges
in areas ranging rom digital orensics and process
management to acquisition and architecture. Current
examples highlighted in this issue include:
CollaborationswiththeArmyStrategicSoftware
Improvement Program (ASSIP) to establish a stron-
ger, more ecient, and more capable sotware com-
munity within the Army
Creationofacomprehensivenewsetoftoolsand
methods in computer orensics to help law enorce-
ment capture crucial digital evidence or somehigh-prole cases
AdoptionofSEIsTeamSoftwareProcess(TSP)
methodology by the Mexican government in its work
to build a national reputation as a provider o IT
products and services
RecognitionbytheAerospaceVehicleSystems
Institute (AVSI) o the SEI-developed Architecture
Analysis and Design Language (AADL) as the ideal
tool to help plan and build next-generation aerospace
systems
I am proud to share some o our 2008 accomplishments
and uture research endeavors. These achievements are
the result o an outstanding and dedicated sta work-
ing with a set o world-class customers. The United
States has made a strong and committed investment in
the development o technology, and the SEI is proud to
serve as a global leader in the creation o knowledge
and promotion o sotware engineering.
Paul D. Nielsen, Director and CEO
-
8/14/2019 SEI Year in Review 2008
6/484 | www.sei.cmu.edu | YEAR IN REVIEW 2008
CreateThe SEI addresses signicant and
pervasive sotware engineering
problems by motivating research
innovating new technologies
identiying and adding valueto emerging or underused
technologies
improving and adapting existingsolutions
The SEI achieves its goals through technology innovationand transition. The SEI creates usable technologies,applies them to real problems, and amplies theirimpact by accelerating broad adoption.
ApplyThe SEI applies and validates new
and improved technologies and
solutions in real-world government
and commercial contexts. Applicationand validation are required to
prove eectiveness, applicability,and transition potential. Solutions
and technologies are rened and
extended as an intrinsic part o theapplication activities.
Government and commercialorganizations directly benet rom
these engagements. In addition, the
experience gained by the SEI inorms the Create activities about real-world
problems and urther adjustments,
technologies, and solutions that are
needed
the Ampliy activities about needed
transition artiacts and strategies
The SEI works with early adopters to
implement the Apply activities.
SEI technologies and solutions are
suitable or application and transition to
the sotware engineering communityand to organizations that commission,build, use, or evolve systems that are
dependent on sotware.
The SEI partners with innovators
and researchers to implement these
activities.
AmpliyThe SEI works through the
sotware engineering communityand organizations dependent on
sotware to encourage and supportthe widespread adoption o new and
improved technologies and solutions
through
advocacy
books and publications
certications
courses
leadership in proessional
organizations
Strategy
licenses or use and delivery
Web-based communication anddissemination
The SEI accelerates the adoption and impacto sotware engineering improvements.
The SEI engages directly with the
community and through its partners toampliy its work.
-
8/14/2019 SEI Year in Review 2008
7/482008 YEAR IN REVIEW | www.sei.cmu.edu | 5
Areas o Work
Quality sotware that is produced on schedule
and within budget is a critical component to
U.S. deense systems, which is why the U.S.Department o Deense (DoD) established the
SEI in 1984. Since then, the SEI has advanced
sotware and systems engineering principlesand practices, while serving as a national and
international resource or the sotware and
systems engineering communities. As an
applied research and development center, theSEI brings immediate benets to its research
partners and long-term benets to the
sotware industry as a whole.
Operated by Carnegie Mellon University
a global research university recognizedworldwide or its world-class arts and
technology programsthe SEI operates atthe leading edge o technical innovation. TheSEIs core purpose is to help organizations
improve their capabilities and to develop or
acquire the right sotware, deect ree, on
time, and on budget, every time.
The SEI technical programcreated and carried out by world-recognizedleaders in sotware engineering, security, and process managementconsists o our technical ocus areas. The SEI also conducts new researchinto emerging topics in sotware and systems engineering.
* cooperative research anddevelopment agreementan agreement with an industryor academic collaborator
** unding provided by the Oceo the Under Secretaryo Deense or Acquisition,Technology, & Logistics
the SEIs primary DoDsponsorto execute the SEItechnical program
*** course ees, conerence ees,and other recovered costs
U.S. Army7.18%
U.S. Navy
1.91%
U.S. Air Force
8.02%
U.S. Joint Military10.52%
Civil Agencies
20.60%
Industry (CRADA*
& Other Research
Agreements)
15.37%
SEI Line**
16.92%
Other***19.48%
The SEI oers solutions to customers in theareas o:
AcquisitionProcessManagement
Risk
Security
SoftwareDevelopment
SystemDesign
The SEIs technical ocus areas, together
with its outreach activities, are aimed atmeeting the dened sotware engineering
needs o the DoD. Within these areas o
work, the SEI collaborates with deense,government, industry, and academic
institutions to continuously improve
sotware-intensive systems. The SEIs
body o work in technical and managementpractices is ocused on developing sotware
right the rst time, which results not onlyin higher quality, but also predictable and
improved schedule and cost.
Areas o Work
Quality sotware that is produced on schedule
and within budget is a critical component to
U.S. deense systems, which is why the U.S.Department o Deense (DoD) established the
SEI in 1984. Since then, the SEI has advanced
sotware and systems engineering principles
and practices, while serving as a national andinternational resource or the sotware and
systems engineering communities. As an
applied research and development center, theSEI brings immediate benets to its research
partners and long-term benets to the
sotware industry as a whole.
Operated by Carnegie Mellon University
a global research university recognizedworldwide or its world-class arts and
technology programsthe SEI operates atthe leading edge o technical innovation. The
SEIs core purpose is to help organizationsimprove their capabilities and to develop or
acquire the right sotware, deect ree, on
time, and on budget, every time.
The SEI technical programcreated and carried out by world-recognizedleaders in sotware engineering, security, and process managementconsists o our technical ocus areas. The SEI also conducts new researchinto emerging topics in sotware and systems engineering.
* cooperative research anddevelopment agreementan agreement with an industryor academic collaborator
** unding provided by the Oceo the Under Secretaryo Deense or Acquisition,Technology, & Logistics
the SEIs primary DoDsponsorto execute the SEItechnical program
*** course ees, conerence ees,and other recovered costs
U.S. Army7.18%
U.S. Navy
1.91%
U.S. Air Force
8.02%
U.S. Joint Military10.52%
Civil Agencies
20.60%
Industry (CRADA*
& Other Research
Agreements)
15.37%
SEI Line**
16.92%
Other***19.48%
The SEI oers solutions to customers in theareas o:
Acquisition Process Management
Risk
Security
Sotware Development
System Design
The SEIs technical ocus areas, together
with its outreach activities, are aimed atmeeting the dened sotware engineering
needs o the DoD. Within these areas o
work, the SEI collaborates with deense,government, industry, and academic
institutions to continuously improve
sotware-intensive systems. The SEIs
body o work in technical and managementpractices is ocused on developing sotware
right the rst time, which results not only
in higher quality, but also predictable andimproved schedule and cost.
-
8/14/2019 SEI Year in Review 2008
8/486 | www.sei.cmu.edu | YEAR IN REVIEW 2008
2008 Independent Research and
Development Awards
The SEI annually undertakes several independent research
and development (IRAD) projects, which are chosenbased on their potential to mature or transition sotware
engineering practices and set new directions or SEI work.
The ollowing IRAD projects were completed in FY2008:
Assurance Cases or Medical Devices
Mechanism Design
Understanding the Relationship o Cost,Benet, and Architecture
A Sotware System Engineering Approach or Fault
Containment
Modeling Stakeholder Requirements or Integrated Use
in Both Process Improvement and Product Development
While researchers have thoroughly examined the tech-
nical aspects o eective sotware architecture, the
qualities necessary to make an eective architect have
remained relatively unstudied. Members o the SEI
Sotware Architecture Technology (SAT) team elt
that by studying architecture competence they could
learn how to promote it. Their goals were to identiy
the measurable actors that contribute to architecture
competence in individuals and organizations and to
develop an instrument or evaluating these actors.
They described their research in the technical report
Models for Evaluating and Improving ArchitectureCompetence, presenting basic concepts and our
models or explaining, measuring, and improving
the architecture competence o an individual or a
sotware-producing organization. The authors
explained how they could apply the our models
to create an evaluation instrument to measure an
organizations architecture competence. Such an
evaluation would benet organizations that acquire,
service, or develop sotware systems.
Also emerging rom the SAT teams work was the
Architecture Competence Workshop conducted at the
SEI in June 2008, where accomplished practitionersrom government, academia, and industry discussed
key issues in assessing and improving architectural
competence. Through the workshop, the team hoped
to understand what leading organizations were doing
in the area o architecture competence.
Opening speakers described their organizations
approaches or promoting architecture competence.
Raytheon, or example, has an organization-wide
competence improvement project that includes gov-
ernance by an Architecture Review Board, a ormally
dened Raytheon Certied Architect Program, and
the standards-based Raytheon Enterprise ArchitectureProcess. Boeing is improving its architecture compe-
tence by introducing key practices such as architecture
evaluation and architect certication. Boeing issues
Sotware Architect Certicates in specic domains
and holds an annual conerence, where sotware archi-
tects network and share ideas. Raytheon and Boeing
both engage SEI technology, such as the Architecture
Tradeo Analysis Method and the Quality Attribute
Workshop, to promote best architecture practices.
Through the workshop, the SAT team also hoped to
get eedback on their in-progress assessment instru-
ment. This questionnaire is based on the architecture
competence ramework developed earlier by the team
and ocuses on what an organization should do i it
is serious about incorporating architecture practices.
The workshop ormed working groups that provided
positive input and suggestions or questions and
improvement.
The SAT researchers work has reinorced the notion
that while much remains to be done to dene andmeasure architecture competence, the time or pursu-
ing it has denitely arrived.
Growing ArchitectureCompetence
To read the report, visit www.sei.cmu.edu/publications/documents/08.reports/08tr025.pd
-
8/14/2019 SEI Year in Review 2008
9/48
A multicore processor combines two or more inde-
pendent cores (normally a CPU) into a single package
composed o a single integrated circuit. The increasing
availability o processors with many computing cores
requires better approaches to developing and deploy-
ing concurrent sotware. As members o the Multicore
Association (MCA), members o the technical sta
at the SEI are participating in the MCAs Multicore
Programming Practices (MPP) working group. This
working group is developing a multicore-sotware pro-
gramming guide or industry. Participation in the work-
ing group will allow the SEI to represent the needs andinterests o its stakeholders in the U.S. Department o
Deense, government, and industry and communicate
the working groups ndings to those stakeholders.
SEI researchers are exploring concurrent-programming
challenges as they apply to sotware engineering.
They are investigating analytical methods or reason-
ing about the response time and processor utilization
o multicore systems through ecient scheduling,
allocation, and synchronization in embedded, real-time,
multicore systems.
In summer 2008, the SEI Product Line Systems and
Dynamic Systems programs merged to create the new
Research, Technology, and System Solutions (RTSS)
Program. RTSS positions the SEI to provide more
complete capabilities or predicting and bounding the
structure and behavior o sotware-reliant systems.
By combining these two groups, we bring together a
strong team o innovative and productive researchers,
said Paul Nielsen, SEI Director and CEO. We will
have a stronger concentration o both talent and und-
ing to address the needs we see in architecture, largeand ultra-large systems, model-based engineering,
sotware assurance, product lines, and more.
For example, three initiatives came together to orm
the Architecture-Centric Engineering (ACE) unit. The
separate initiatives, Sotware Architecture Technology
(SAT), Predictable Assembly rom Certiable Code
(PACC), and Perormance-Critical Systems (PCS),
shared a common ocus on architecture and quality
attributes, yet had their own unique emphasis.
SAT ocused on architecture-centric methods, busi-
ness goals, stakeholder involvement, inormal analy-
ses, economics, and widespread transition. PACC used
ormal architecture and code analyses to understand
design space restrictions to allow or predictability.
PCS analyzed architecture representations to calcu-
late the dependability and perormance o sotware
systems.
By leveraging the commonality and exploiting each
groups emphasis, ACE will allow the SEI to ocus
holistically on using architecture coupled with ap-
propriate analyses and practices to build high-quality,
predictable systems.
YEAR IN REVIEW | www.sei.cmu.edu | 7
Program Merger EnhancesCapabilities in System
Structure and Behavior
SEI Joins MulticoreAssociation
-
8/14/2019 SEI Year in Review 2008
10/48
Sharing with Educators
8 | www.sei.cmu.edu | YEAR IN REVIEW
When concepts or eective sotware engineering are
included in college curricula, they are disseminated
on a undamental level with ar-reaching ramica-
tions. To promote such inclusion o proven methods
and practices, two SEI teams have conducted work-
shops or instructors in computer science and sotware
engineering.
The rst Predictable Assembly rom Certiable Code
(PACC) Workshop or Educators was held at the
SEI in August. PACC technology promotes accurate
predictability. For example, it enables engineers topredict that robots will meet their strict perormance
deadlines or that medical devices will comply with
saety requirements. Predicting the observable execut-
ing system behavior o assemblies o sotware compo-
nentsrom the properties o those componentsis
achieved through techniques that the PACC team
develops. Such prediction requires that the properties
o the components are rigorously dened and trusted
and can be certied by independent third parties.
The workshop ocused on a closely related concept,
predictability by construction (PBC), which purports
that i a system can be constructed, it will have pre-dictable runtime behavior. The breakthrough o PBC
concepts into the classroom is signicant. Through
the use o available technologies and theories, PBC
can be practically achieved or a variety o system-
level properties, such as security, saety, and peror-
mance. A tutorial on PBC was held on the rst day o
the workshop, introducing principles that were then
demonstrated through concrete working examples. On
the second day attendees discussed how to integrate
topics covered in the tutorial into computer science
and sotware engineering curricula.
For ve years the SEI has also conducted its an-
nual Sotware Architecture Workshop or Educators.
Participants rom across the globe have come to
discuss architecture concepts crucial to successul
sotware and system development and their delivery
into college classrooms. In its early years, the work-
shop oered introductory coursework and discus-sion ocused on raising awareness regarding good
architecture.
In August 2008 the workshop oered the advanced
two-day course Sotware Architecture Design and
Analysis, which provides in-depth coverage o the
concepts needed to make eective design decisions
and to successully analyze a sotware architecture
relative to desired system qualities. As in previous
years, the third day involved sharing ideas on how
attendees might incorporate course topics and other
architecture-centric design principles into their cur-
ricula. Conductors o this years workshop noted howits infuence had deepened and expanded. All par-
ticipants reported the incorporation o architecture-
centric concepts into their curricula; repeat attendees
shared thoughts on how previous workshop topics had
been applied in their programs; and discussions were
much more in depth and sophisticated than when the
workshop began.
-
8/14/2019 SEI Year in Review 2008
11/482008 YEAR IN REVIEW | www.sei.cmu.edu | 9
In 2008, the SEI inspired work to urther the
investigation o several key issues identied in its
service oriented architecture (SOA) research agenda.
Led by the SEI, a team o internationally known
SOA researchers developed a research agenda in
2007. The SEI arranged the agenda in a taxonomy
that includes our top-level categories: business,
engineering, operations, and cross-cutting concerns.
Those categories contain issue areas such as
strategy, architecture, monitoring, and governance.
In all, more than 50 issues are included.
More than 110 people rom government, industry,
and academia attended a 2008 workshop on hard
problems in SOA hosted by the SEI in association
with IBM and Carnegie Mellon University.
SEI researchers began working with Frederic Wenzel
rom University o Karlsruhe, who is developing a
thesis on Transaction Management in Federated
Workfows at Carnegie Mellon.
The SEI and others organized the Second
International Workshop on Systems Development
in SOA Environments (SDSOA 2008), which wasco-located with the 30th International Conerence
on Sotware Engineering (ICSE 2008). This
workshop brought together experts to ocus on three
o the agendas signicant issues: dynamic service
composition, design or system qualities, and
runtime monitoring and adaptation.
In all, eight workshops have been conducted, and
more than 25 papers in conerence proceedings have
been published on SOA research agenda topics.
Two years ater publishing the ground-breaking
report titledUltra-Large-Scale Systems: The Software
Challenge of the Future, the SEI-led research team
can see the adoption o its views on the horizon. A
lot o the ideas in the ULS systems report are already
here, and people are working on them, but theyre not
everywhere, Richard P. Gabriel, IBM distinguished
engineer and a coauthor o the report, recently told
IEEE Software. I think there will be a coalescing o
those ideas, and it will be inevitable.
The SEIs work on ULS systems began ater the U.S.Army posed the question, Given the issues with
todays sotware engineering, how can we build the
systems o the uture that are likely to have billions o
lines o code?
The research team determined that the number o
lines o code is only one o several ways in which the
scale o systems is growing larger and more complex.
The report describes how this increasing scale will
orce changes to the basic principles and assumptions
o sotware engineering. It recommends research in
the areas o human interaction; computational emer-
gence; design; computational engineering; adaptivesystem inrastructure; adaptable and predictable sys-
tem quality; and policy, acquisition, and management.
The community response has been positive; the report
has motivated research projects around the globe.
Linda Northrop, director o the SEIs Research,
Technology, and System Solutions Program and lead
author o the report, sums up the impact o the ULS
systems research this way: People consistently tell
me that the report accurately portrays the challenges
that they are seeing. They agree that the inherent char-
acteristics o the ULS systems dey successul use o
todays approaches to system development.
For more inormation, visit
www.sei.cmu.edu/uls/
SOA Research ULS Systems ResearchIs Redefning Sotware
Engineering
-
8/14/2019 SEI Year in Review 2008
12/4810 | www.sei.cmu.edu | YEAR IN REVIEW 2008
Part o the SEIs mission is to distribute the knowl-
edge that is created, captured, and applied
to the global sotware and systems engineering
community. Technology and the internet allow this
inormation to be presented in more accommodating
and interactive ways.
Between my demanding work schedule and travel
and expense cutbacks, its challenging to get the
training I need to eectively do my job, said Joanne
Mack, statistician and team lead or quality com-
ponents at the Center or Medicare and Medicaid
Services. Even though the government is reducing
spending, they still want a highly trained and compe-
tent work sta.
Thats precisely why we launched the SEI Webinar
Series, explained Shane McGraw, who coordinates
the SEI Sotware Process Improvement Network
(SPIN) groups. Its a convenient way or the SEI
to communicate our sotware engineering best prac-
tices directly to practitioners. Its ree, and easy to
attendyou dont even need to leave your oce.
Launched in July, the webinar series is proving to
be extremely popular. To date, almost 2,000 people
have registered to attend a webinar. Octobers CMMI
or Services presentation attracted nearly 500
participants.
Jeannine Siviy, part o the team that presented the rst
SEI webinar, Process Improvement in Multi-Model
Environments, says that the platorm is benecial to
both the community and the SEIs research sta. Not
only do the webinars allow us to reach people who
may not be able to attend the conerences where we are
presenting, but the question and answer portion letsus know immediately how our inormation resonates,
said Siviy. Its eedback that we will use to make our
materials even stronger and more relevant.
Mack, who attended the CMMI on the Web webinar,
was thrilled with what she learned and the webinar
ormat. Im new to the webinar world as well as to the
SEI and its coursework, she said. But the presenta-
tion was easy to use, very inormative, and applicable
to my job. It helped me look at things I never thought o
beore.
The schedule o upcoming webinarsas well as the
archive o previous webinarsis posted on the SEI
website: www.sei.cmu.edu/collaborating/spins
Its a convenient way or the
SEI to communicate our sot-
ware engineering best practices
directly to practitioners. Its ree,
and easy to attendyou dont
even need to leave your oce.
For more inormation, visit
www.sei.cmu.edu/spins?
New Webinars Bring SEIto the Desktop
-
8/14/2019 SEI Year in Review 2008
13/482008 YEAR IN REVIEW | www.sei.cmu.edu | 11
The CERT Podcast Series
Two years ago, Julia Allen started the CERT Podcast Series
as a way to provide business leaders with the securityinormation they need. Now, new podcasts are uploaded
every two weeks to the CERT website and iTunes. The series
has become increasingly popular with more than 80,000monthly downloads and over 60 titles.
The Deense Industrial Base (DIB) comprises
8,700 companies critical to the operations o the
U.S. Department o Deense (DoD). Unclassied
DIB networks ace a range o internet threats
capable o evading commercial security tools
and deeating security best practices. It is critical
or those in charge o these networks to develop
and implement a robust and adaptable deense
capability.
To meet this challenge, the Oce o the
Assistant Secretary o Deense or Networks andInormation Integration, the Deense Cyber Crime
Center (DC3), and the SEI have partnered to better
deend this critical national inrastructure. In 2008,
the SEI CERT Program began a commitment to
research, develop, and implement eective inor-
mation sharing processes or the DIB community;
apply and implement an incident management
capability or the DoD and DIB; and, ultimately,
transition this capability to the DoD and DIB.
The Object Management Group (OMG), an interna-
tional not-or-prot computer industry consortium,
in June 2008 released a beta version o a Unied
Modeling Language (UML) prole or modeling
and analysis o real-time and embedded systems
(MARTE). The MARTE extension provides support
or specication, design, verication, and validation
o real-time and embedded systems. An appendix to
MARTE allows mapping to the SAE International
Architecture Analysis and Design Language (AADL)
and is heavily infuenced by the SEIs work on AADL
and model-based development.
The OMG MARTE group invited Peter Feiler o the
SEI to join in the development o the prole. Feiler
is the author o the AADL standardan industry-
established standard or modeling system sotware
architectures that provides a precise, non-ambiguous
representation or modeling real-time embedded
systems. He says the development o MARTE is an
exciting opportunity: Now there will be a systematic
and ecient way to exchange inormation through the
OMG MARTE prole and AADL and vice versa. I
you are building an architecture model in AADL, then
it can be used in UML MARTE tools. Organizationscurrently using UML are now oered an additional
possibility to use AADL and benet rom the precise
modeling and validation o architectural designs that
AADL provides.
CERT-DC3 CollaborationAims or Better DIB
Network Deense
The podcasts are a very easy transition method, says
Allen. Typically 20 to 30 minutes long, the discussions
capture valuable security principles and tactics.
Topics include governing or enterprise security, privacy,
insider threat, and risk management and resilience.Podcasts oten eature leading industry and government
security experts alongside CERT researchers.
Weve also discovered that the podcasts are a great
way or us to draw in practitioners, says Allen. Once
they hear the inormation, they want to read more, take
training, and become urther engaged with the topics.
New UML ProfleMaps to AADL
-
8/14/2019 SEI Year in Review 2008
14/4812 | www.sei.cmu.edu | YEAR IN REVIEW 2008
Since the approval o DoD Directive 8570.01 in
December 2005, DoD organizations have had to
scramble to identiy new and better avenues or
training. The directive requires the training and
certication o all inormation assurance technicians
and managers to meet DoD baseline requirements
related to their jobs. This means roughly 100,000 DoD
personnel require training and certication.
Unortunately, many DoD personnel, particularly
members o the armed orces, nd themselves in
orward-operating bases and other situations where
traditional, classroom-based training is dicult i notimpossible. In increasing numbers, DoD organizations
are turning to CERTs Virtual Training Environment
(VTE) to bridge this training gap. VTE provides rich
media instruction and hands-on training labs to remote
students over the internet. It enables students to access
high-quality training on security, computer orensics,
and incident response anywhere in the world, with
only a web browser and an internet connection.
The power o the VTE distribution model is that it
can reach students in places other training delivery
methods cant, notes VTE team lead Jim Wrubel.
Armed orces personnel have accessed VTE rom
orward-deployed bases in Iraq and Aghanistan,
and theyve even accessed VTE rom ship-side
deployments. Wrubel adds that VTEs 15-minute
modules have been designed specically to help
students adapt their training to meet unpredictable
schedules. Whats more, VTE training has no
expiration datestudents can access all training
modules as oten as they want and or as long as they
want ater completing training. Because students
can keep coming back to the modules and the test
network, notes Wrubel, VTE helps close the gap
between learning a concept and using that concept.
The result is more eective inormation security
practice in the eld.
VTE Helps DoD Meet Remote TrainingRequirements and Cut Costs
-
8/14/2019 SEI Year in Review 2008
15/482008 YEAR IN REVIEW | www.sei.cmu.edu | 13
VTEs hands-on scenario networks have been
a particular hit with DoD students. Accessible
directly rom the students computer, the networks
enable the student to experiment, learn new skills,
and practice network security and management
techniques without putting live networks at risk.
Imagine, Wrubel observes, an Air Force rewall
administrator who cant practice his or her skills
on the live network. VTE enables the administrator
to practice rewall conguration and management
on the scenario network, as many times as desired,
right rom his or her desktop.
For more inormation, visit
www.cert.org/training/vte_description.html
VTE has been well received by the DoD, and its
use is growing. In the past year, VTE delivered
approximately 120,000 hours o training. And not only
is VTE lling the training need or DoD personnel
in ar fung locations, its doing so at considerable
savings to the DoD: VTE-based training saves the
DoD 84 percent per student served compared to
traditional classroom delivery. Even better or the
DoD, this savings comes at no cost to eectiveness.
Certication rates or students accessing VTE
or training are equal to those o students taking
classroom training.
-
8/14/2019 SEI Year in Review 2008
16/4814 | www.sei.cmu.edu | YEAR IN REVIEW 2008
-
8/14/2019 SEI Year in Review 2008
17/482008 YEAR IN REVIEW | www.sei.cmu.edu | 15
Two years ater the Mexican government launched its
unprecedented program to build a national reputation
as a provider o IT products and services using the
SEI Team Sotware ProcessSM (TSPSM) methodology,
early results rom pilot projects show an increase in
high-quality, low-deect sotware developed on sched-
ule and with improved team productivity.
These improvements are the result o a strategic
alliance orged in 2006 between the SEI and Mexicos
leading private university, Instituto Tecnolgico
de Estudios Superiores de Monterrey (Tec de
Monterrey), and enthusiastically supported by theMexican national government, to advance the state
o sotware engineering practice. The goal o the
alliance is to position the Mexican sotware indus-
try as an international competitor in the global IT
outsourcing market by introducing TSP as a compo-
nent o Mexicos Program or the Development o the
Sotware Industry (PROSOFT).
While industry statistics show that over hal o all
sotware projects are more than 100 percent late or are
cancelled, in these TSP pilot projects, teams delivered
their products on average 2 percent later than they had
planned, with some as much as 27 percent earlier. Keyto schedule success in the pilot TSP teams was overall
high product quality; several TSP projects had no
deects in system or acceptance test.
Sottek, a global provider o IT and business process
services, participated in the pilot TSP projects and had
a deect rate o 0.038 per thousand lines o code.
TSP has also helped to motivate development sta
and management. Developers said they preer the
work environment o a TSP team. Management appre-
ciated the depth o the data and the reliability o status
reports. Low worker attrition, a relative strength oMexico, was not only maintained, but enhanced. One
company survey o employees ound the TSP pilot
team to have the highest job satisaction in the plant.
Initially developed at the SEI by Watts Humphrey,
TSP is a process technology that guides teams in
reducing time to market, increasing productivity, im-
proving cost, schedule perormance, and product qual-
ity, accelerating process improvement, and reducing
proessional sta shortages.
A TSP team has an error rate in deadlines to deliver
projects o -10 percent to 5 percent, whereas those
without TSP/PSP have an error rate o 140 percent.
TSP works in conjunction with the Personal Sotware
ProcessSM (PSPSM), through which individual engi-
neers can measure and enhance their perormance.
Both were created as a way to bring CMMI principles
to teams and individuals.
You need to dierentiate yoursel to compete.
Mexico plans to dierentiate itsel through its largest
competitive advantagethe TSP, said Ivette Garcia,
the Director o Mexicos Digital Economy. Thecompetitive advantage will come through reduced
development time, superior quality, real-time interac-
tion, lower attrition rate, and trust in Mexicos high-
perormance knowledge workers and teams.
As one o the next steps in the national initiative,
Tec de Monterrey is piloting not only an accelerated
process improvement method using TSP to imple-
ment CMMI called TSP-Based CMMI Accelerated
Improvement Method (TC-AIM) but also a TSP
organizational evaluation and certication (TSP-
OEC). TC-AIM will make CMMI process improve-
ment accessible to small- and medium-size enterprises(SMEs). Organizational certication will provide
objective insight into the perormance o an organiza-
tions products and projects. Taken together, TC-AIM
and TSP-OEC will make process improvement and
CMMI recognition cost eective or the SMEs.
Mexican TSP Initiative Shows Early Results
For more inormation, visit
www.sei.cmu.edu/tsp/
-
8/14/2019 SEI Year in Review 2008
18/4816 | www.sei.cmu.edu | YEAR IN REVIEW 2008
ASSIPThe Army Strategic SotwareImprovement Program (ASSIP) is apartnership between the U.S. Army andthe SEI aimed at promoting an integratedsotware and systems engineeringapproach to the Armys acquisition osotware. Several Program ExecutiveOce and Program Managers Ocesta members with experience in ASSIPeorts oered their views o the impacto ASSIP.
The ASSIP eort provided uscondence that we were requestingthe right inormation rom our vendors.ASSIP also expanded the value o thevendor inormation and metrics that werequest.
Steve WaldropSotware Branch Chie
Program Managers Oce
Heavy Brigade Combat Team
At PEO Aviation we are seeing practicalapplication o the knowledge gainedthrough the ASSIP eorts as our peopleare continuously seeking ways toimprove the cost, schedule and quality otheir respective programs.
Terry Carlson, PhDChie, Aviation Commonality &
Interoperability Branch
Program Executive Oce, Aviation
The ASSIP is providing timely, relevant,and value-added sotware engineering
expertise to the PEO-GCS communityto enhance our sotware acquisitionprocesses or the warghter.
Peter HaniakChie System Engineer
Program Executive Oce
Ground Combat Systems
-
8/14/2019 SEI Year in Review 2008
19/482008 YEAR IN REVIEW | www.sei.cmu.edu | 17
2008 saw continued growth in communication, knowl-
edge sharing, and the trading o sotware engineer-
ing and acquisition lessons learned, Albert said, with
meetings every other month o the ASSIP Action Group
(AAG). AAG, a group that plans and monitors execu-
tion or ASSIP, comprises 11 Army program executive
oces (PEOs), our Army sotware engineering centers,
the Armys chie inormation ocer, and the Army Test
and Evaluation Center. The SEI acts as both subject
matter experts and acilitators or the sessions.
We know [ASSIP] is having a positive eect on the
Armys sotware program, said Schwenk, because thePEOs are telling us so. Theyre saying this is a worth-
while eort. For PEOs carrying ever-growing work-
loads to seek out and attend the regular AAG meetings
and other ASSIP activities speaks strongly to the value
ASSIP provides.
The year also saw a scaling up o the Armys interest in
learning and applying the SEIs sotware architecture
knowledge through ASSIP. A concerted eort con-
ducted through the SEI helped the Army grow its ranks
o sotware experts trained in the SEI Architecture
Tradeo Analysis Method (ATAM). Army personnel
have taken part in about a dozen ATAM evaluations todate. The Army has also seen an added, immediate ben-
et rom the architecture training: The PEOs have used
them to reveal sotware risks early in projects lietimes.
All o this, Albert notes, is ullling the our-old intent
o ASSIP: oster migration to model-based system and
sotware acquisition process improvement; institution-
alize broad-based oversight, management, and technical
expertise; apply an integrated system- and sotware-
engineering approach to Army acquisition; and system-
atically incorporate lessons learned, best practices, and
new technology into policies, practices and processes.
It is exciting to see the increasing visibility sotware is
getting across the Army through its strong commitment
to ASSIP, Albert said.
Just by looking at the 2008 numbers or ASSIPthe SEIs
partnership with the U.S. Army aimed at improving Army
sotwareyou can tell 2008 was a good year or the ve-
year-old program.
Indeed, at six Army sites more than 300 Army personnel
attended 26 SEI courses related to sotware architecture,
acquisition, and other skills during the year. Also, the SEI
hosted three exclusive educational conerences or Army
leadership on current sotware issues and developments;
about two dozen Army executives attended each, including
general ocers and civilian members o the Armys Senior
Executive Service.
But the numbers arent the real story o the Army Strategic
Sotware Improvement Programs successes.
In 2008 we really began to see awareness [o ASSIP]
grow, said Cecilia Albert, who heads up Army programs
in the SEIs Acquisition Support Program. Thats what
was most impressive. ASSIP, with its mission o in-
graining an integrated system and sotware engineering
approach to the Armys acquisition o the sotware in its
systems, is taking root in the Armys acquisition establish-
ment, Albert said.
Robert Schwenk, the Armys senior sotware acquisition
manager, agrees.
Its not the numbers, Schwenk said. Its what they
signiyASSIP is succeeding at providing a orum or
Army experts to interact with each other, network, and
synergize at a leadership level. That is vitally important
to the Armys acquisition community, Schwenk noted,
because as sotware grows in complexityand consistent
acquisition processes grow in necessityit is only through
sustained interaction among Army sotware experts that
the orce will be able to assure that it obtains high-quality
and eective sotware products.
In short, the Armys sotware is improvingbecause
ASSIP is helping establish a stronger, more ecient, and
more capable sotware community within the Army itsel.
That community o proessionals is an organic capability
that is beginning to deliver on the Armys strategic needs.
Army Commitment to Strategic
Sotware Improvement Grows
For more inormation, visit
www.sei.cmu.edu/programs/acquisition-support/
-
8/14/2019 SEI Year in Review 2008
20/4818 | www.sei.cmu.edu | YEAR IN REVIEW 2008
SMART Evolves as Needs Emerge
We dont invent processes that no one uses. We,
in act, look at real needs and respond to those
needs, explained Grace Lewis, technical lead or
SEI SMART and system-o-systems engineering
research. This pragmatic approach is one reason that
many organizational leadersater migrating a single
system or implementing a single pilotthen adopt
SMART principles across the board.
Earlier this year, a team o engineers rom the SEI
worked with a division o the U.S. Army to help
migrate a legacy command and control system to a
service-oriented architecture (SOA) environment.The SEI team soon realized that the system in
question had multiple componentsthey were
responsible or implementing services, establishing
the inrastructure, and building applications to act as
service consumersand Army personnel would need
constant support in all these aspects.
The story o the Service Migration and Reuse Technique
(SMART) and the amily o techniques that developed
rom it is one that illustrates what the SEI does best
engaging with a customer, identiying a need, developing
a tailored solution, and subsequently generalizing the
solution.
The story begins with the original SMART technique
and charts its continuous evolution, all in response to an
organizational need to reuse code rom legacy systems
and transorm it into services useul to an organization.
Migrated legacy systems have plenty o potential as
services that can be reused throughout an organizationcustomer lookup, account lookup, and credit card
validation are some examples.
-
8/14/2019 SEI Year in Review 2008
21/482008 YEAR IN REVIEW | www.sei.cmu.edu | 19
This led the SEI team to revisit its standard approach
to service migration that ocuses on the service
providerSMARTand rene it to one that would
encompass a ull service-oriented system. From that
need, SMART-SYS was born.
Another member o the SMART amily o tools
developed this year also saw its impetus in work that
the SEI did in helping a government organization
migrate a legacy system.
The system was bureaucratic. It was big. It had rules
and regulations and requirements to move through it.
The organization had to understand that environment
in much greater detail, explained Patrick Place, a
senior researcher at the SEI. To meet those needs, the
SEI team again altered its approach and developed
SMART-ENV (environment), which ocuses on
helping an organization understand the target SOA and
identiy associated costs and risks beore migrating.
SMART was developed three years ago to help
organizations address important issues beore
migrating a system to an SOA environmentnamelywhether it is realistic to migrate these systems to
services. And, i so, what services would make the
most sense or that organization and what resources
are needed. In all this year, the SEI developed
ve spin-os or amily members rom its original
SMART tool: SMART-MP (migration pilot),
SMART-SMF (service migration easibility),
SMART-ENV (environment), SMART-ESP
(enterprise service portolio) and SMART-SYS
(system). All were in response to customers with
individualized needs, but a common goal: migrating
legacy systems to service-oriented architecture
environments.
The Electronic Systems Center (ESC) o the U.S.
Air Force is at the oreront o adopting the SMART
approach based on experiences migrating a human
resources system that managed such tasks as awards,
decrees, and temporary duty leave.
Tim Rudolph, ESC chie technology ocer, said
his sta members have condence in the SMART
approach because not only did they benet rom it,
but they continue to help shape it as it matures.
A lot o these steps [in the SMART process] are lesstechnical and more about behavior and processes. To
do that SOA migration properly, it takes some work
to institutionalize those competencies, explained
Rudolph. SMART is an important part o our overall
enterprise systems engineering process.
-
8/14/2019 SEI Year in Review 2008
22/4820 | www.sei.cmu.edu | YEAR IN REVIEW 2008
-
8/14/2019 SEI Year in Review 2008
23/482008 YEAR IN REVIEW | www.sei.cmu.edu | 21
For a handul o days in March 2008, chaos reigned.Customer support centers at government and com-
mercial organizations were inundated with phone calls
reporting problems: a new piece o malicious code that
was stealing user names and passwords or a power out-
age that shut down subway systems.
I let unchecked or mishandled, these incidents could
snowball into the types o problemsloss o internet
connection, network breaches, transportation system
meltdownsthat bring organizations and countries to
a standstill. And to almost everyone involved, except
or a select group o insiders who monitored every
email and phone call, these scenarios were real. Theinsiders tracked whether, i laws were broken, the
company enlisted an outside agency such as the FBI
to begin an investigation, and they documented any
security measures that were implemented.
This pseudo-cyber attack known as Cyber Storm is
conducted every two years and is coordinated by the
U.S. Department o Homeland Securitys National
Cyber Security Division with support rom the
Sotware Engineering Institutes CERT Coordination
Center (CERT/CC) and others. It tests government and
organizational readiness or real events.
Cyber Storm is a concerted eort by an adversary
to cause harm and measure how government entities
and organizations respond to it, explained Marty
Lindner o the CERT/CC, who serves as both architect
and one o the behind-the-scenes controllers o Cyber
Storm during the exercise. This year, the exercise
spanned ve countries; 18 ederal cabinet-level
agencies, including the Department o Deense and the
Department o Justice; nine states; and 40 private-
sector companies. Lindner said that he and others
create the scenarios rom a compendium o real-lie
scenarios designed to exploit a gap in policy or a
misstep in the chain o response.
These tests are necessary in the current global climate.
In 2007, ederal agencies reported more than 5,600
cases o computer attacks, intrusions, probes, and
plantings o malicious code.
Microsot helped plan and participated in both Cyber
Storm exercises.
We typically get involved at the very early stages
o exercise planning. Our products and technology
touch a lot o dierent sectors and dierent systems,
explained Jerry Cochran, principal security strategist atMicrosot.
The companys involvement was twoold this year. First
and oremost, Microsots Security Response Center
(MSRC) played a key role as an exercise player
responding to security incidents 24/7 as they would in
the real world. Cochran also served with Lindner behind
the scenes as both an exercise planner and a controller.
As a designated controller, he monitored the exercise,
elded rerouted callstaking any steps to make the
exercise appear as real as possible. A controller lls in
the gaps. Sometimes you might be playing the role o a
consultant or mimicking representatives rom IT sectorsthat arent in the game, Cochran explained.
As Cochran sees it, each time that Microsot partici-
pates, lessons are learned and the company is better
prepared. And the expansive global involvement this
year allowed Microsot to measure incident response
rom an international perspective. One lesson Microsot
believes all participants learn by participating in the
exercise is that to manage major incidents, it is essen-
tial to have established relationships. In some cases,
those partnerships are with competitors in the industry,
Cochran said. From a security-response standpoint,
your competitors might be the best partners. In cyberincident response we are all working together or the
same causeour customers and the resiliency o the
inormation inrastructure.
Although similar exercises had been conducted previ-
ously, the rst Cyber Storm was held in 2006, and it
tested government and industry responses to a range o
would-be catastrophes. Lindner, who also coordinated
that exercise, said that it included hundreds o passen-
gers at airline ticket counters whose names suddenly
appeared on no-fy lists, ailed railway switches, and
a power outage at the Port Authority o New York and
New Jersey.
For that exercise, the CERT/CC coordinated eorts with
more than 100 public and private organizations in ve
dierent countries. The ederal agencies investigating
the threat traced it back to Lindner, who served as prime
perpetrator. In Cyber Storm I, they arrested me. The
Secret Service wanted to handcu me, Lindner said.
Fortunately, it was just an exercise.
Cyber Storm Simulates Network Attack
For more inormation, visit
www.cert.org
-
8/14/2019 SEI Year in Review 2008
24/4822 | www.sei.cmu.edu | YEAR IN REVIEW 2008
-
8/14/2019 SEI Year in Review 2008
25/482008 YEAR IN REVIEW | www.sei.cmu.edu | 23
Beginning in 2008, the Capability Maturity Model
Integration (CMMI) served as a oundation or
increased eorts ocused on truly integrating sot-
ware development, sotware acquisition, and services
delivery. We leveraged the I in integration this year,
said Bill Peterson, SEI Sotware Engineering Process
Management program director. The ull CMMI
Product Suite weaves together the core principles
o CMMI or Development to extend to CMMI or
Acquisition and in 2009 to services delivery. With this
product suite, we are able to maximize the synergies
among the CMMI models.
CMMI or ServicesReleasing in 2009
The SEI has seen a growing demand or process
improvement in the services sector, which makes up
more than 80 percent o the U.S. and global economy.
Service organizationsin such areas as healthcare,
IT, education, nance, or transportationhave needs
and interests that are dierent rom those o develop-
ment organizations, yet the CMMI model has a track
record o eective techniques to improve process
capability. CMMI or Services (CMMI-SVC) was
designed to provide guidance specically or orga-
nizations providing services. The best practices in
CMMI-SVC cover a wide variety o services and are
fexible enough to complement models designed or a
specic service, such as IT.
CMMI-SVC shares some best practices with CMMI
or Development (CMMI-DEV), which provides help
to development organizations. Such shared content
enables organizations that both develop products and
deliver services to use complementary models to
improve their capabilities.
Based on pilots with SEI Partners since October 2006,
CMMI-SVC is proving valuable or service organiza-
tions in improving processes. This in turn can leadto lower costs and better satisaction or customers
and end users. The SEI will release the CMMI-SVC
model at SEPG North America 2009 and on the SEI
website in March 2009.
CMMI and Six Sigma: Partners in Process
Over the years, the SEI has witnessed organizations
struggling with the implementation o process im-
provement. In some instances, organizations viewed
CMMI and Six Sigma as competing approaches rather
than a synergistic combination that can yield superior
perormance. Indeed, some abandoned one approach
or another, creating a churn yielding no improvement,
delayed production schedules, increased costs, and
unhappy employees.
To leverage the best impacts o combining approaches,
the SEI began development o a CMMI-Six Sigma
Certication. The SEI program will be able to help
organizations achieve increased return on investment,
better sotware quality, and development o highly
skilled leaders who will be trained to eectively guide
their organizations to improved perormance using theunique body o knowledge and skills encompassed by
the certication program.
During 2009, the community will be asked to take
part in the development and review o the CMMI-Six
Sigma Body o Knowledge. The ocus will be on how
to merge the strategic CMMI ramework with the Six
Sigma tactical toolset (including DMAIC, Lean, and
Design or Six Sigma) or perormance improvement.
The program will be based on leading best practices in
measurement and analysis, Six Sigma, and CMMI.
Signicant synergies and energies come rom puttingCMMI and Six Sigma together, says the SEIs David
Zubrow, technical lead or CMMI-Six Sigma initia-
tives. Indeed, we have seen substantial benecial im-
pact on the implementation o high-maturity practices,
especially or process perormance modeling, through
the use o Six Sigma techniques. Thats where the SEI
comes in. The certication program will provide oppor-
tunities or individual instruction, model training, team
training, and Six Sigma training to build the workorce.
Jeerson Welch, manager o the certication program
at the SEI, emphasizes that the SEI is not trying to rep-
licate Six Sigma certication. What we have createdis a powerul combination o the two. With a certica-
tion in place, there are benets to the organization in
terms o transorming, enhancing, and improving the
quality o work rom the individual perspective.
The I in Integration
SERVICE
INDUSTRY
The SEI has seen a growing demand orprocess improvement in the services sector,which makes up more than 80 percent othe U.S. and global economy.
-
8/14/2019 SEI Year in Review 2008
26/4824 | www.sei.cmu.edu | YEAR IN REVIEW 2008
and validating account numbers and eliminating
duplicate numbers. It also maintains a pedigree that
shows all the locations in which each number was
ound. The pedigree reveals how stolen numbers were
traded (ater an initial thet, nancial account numbers
are oten shufed, split into chunks, and sold) and can
aid in tracing the source o the original thet. CCFinder
also handles the problem o the sheer size o recent
nancial crimes, which had overwhelmed existing
tools. CCFinder was a big deal when we were working
with 3 million account numbers, said team member
Matthew Geiger. Then we quickly went rom there to
45 million in the TJX case.
The TJX case was the investigation o 11 people who
were charged in August 2008 with the thet o more
than 40 million credit and debit card numbers rom T.J.
Maxx, Marshalls, Barnes & Noble, OceMax, and
other major retailers. The orensics team participated in
an electronic crimes task orce along with USSS agents
and state and local law enorcement. It was an eye-
opening experience participating in a law-enorcement
action o that scale, with well-organized simultaneous
searches, said Geiger.
U.S. Representatives John Murtha, Mike Doyle, andJason Altmire recognized the teams eorts on TJX dur-
ing a visit to Carnegie Mellon University in September
2008. CERTs role in this landmark case underscores
its importance in computer security over the past 20
years, said Murtha.
Forensics team members Nolan, Geiger, Cal Waits,
Kristopher Rush, and Larry Rogers have multiplied
their eectiveness by training the USSS, the FBI, the
Department o Deense cyber crime lab, and other
law enorcement groups in their tools and techniques.
The training is done live on site at the SEI and also via
CERTs Virtual Training Environment (VTE), a securedsel-paced, web-based training lab. Authorized mem-
bers o law enorcement groups can access a number o
orensics tools developed by the team on VTE.
Our primary work is research, but the application
o it in real-world cases is whats really gratiying,
said Nolan. A white paper is nice, but locking people
up is better.
CERT Forensics Team Helps Law EnorcementAgencies Fight Cyber Crime
It all began with the Iceman case. A ormer computer
security consultant, Max Ray Butler (also known
as Iceman), was allegedly attacking computers
at nancial institutions and credit card processing
centers, stealing account inormation, and selling the
data to others. The U.S. Secret Service (USSS), which
was leading the investigation into Butlers activities,
knew o the CERT orensics teams expertise in
cracking sophisticated techniques used by cyber
criminals, such as encrypting data to hide evidence.
The team assisted the USSS in acquiring and
decrypting the Icemans data, thus providing critical
evidence or the governments case.
Through word o mouth and presentations the
team gives to law enorcement groups, demand or
the teams skills and tools spread to state police
departments and other law enorcement agencies rom
coast to coast. We are providing operational support
to the United States Secret Service, to high-prole
intrusion and identity thet investigations, and to
investigations o other general computer crimes, said
team leader Rich Nolan, a ormer Drug Enorcement
Administration agent. This support work enables the
team to see problems in the eld rst hand and then
rene their tools or develop new tools and techniques
to solve those problems.
One tool that was developed or a specic case is
CCFinder. In cases in which investigators were trying
to discover compromised credit card and nancial
account numbers, the existing tools produced many
alse positives. CCFinder does a better job o nding
Cal Waits takes questions rom the media
on CERTs role in credit card raud evidence
gathering.
-
8/14/2019 SEI Year in Review 2008
27/482008 YEAR IN REVIEW | www.sei.cmu.edu | 25
Survey Seeks to Shape the Future
o Computer Forensics Education
Proper handling o digital evidence isessential to the successul prosecutiono computer-related crimes. Thediscipline o computer orensics,however, is still in its inancy. Acoherent, standardized approach tocomputer orensics education remainson the horizon.
As a rst step toward standardization,CERT orensics team members Cal
Waits and Larry Rogers undertook a2008 survey o the current state othe practice. The idea grew out oour engagement with members o theederal law enorcement and privatesector communities, says Waits.These communities had access toorensics training, but, Waits notes,they ound it to be piecemeal andvocational in nature.
Waits surveyed the ederal lawenorcement and private sectorcommunities, including the nancialsector, to identiy needed roles in theorensics eld and catalog the skillsrequired to perorm these roles. Thenext step will be to work with theInormation Networking Institute atCarnegie Mellon University to plan anddevelop a model curriculum, basedon Waits ndings, suitable or use atdegree-granting institutions. Waitsand Rogers work will be detailed in aorthcoming SEI technical report.
For more inormation, visit
www.cert.org/orensics/
-
8/14/2019 SEI Year in Review 2008
28/4826 | www.sei.cmu.edu | YEAR IN REVIEW 2008
-
8/14/2019 SEI Year in Review 2008
29/482008 YEAR IN REVIEW | www.sei.cmu.edu | 27
As sotware becomes more complex and sotware se-
curity moves closer to the oreront o organizational
plans, a means o dening what constitutes a secure
system and assuring achievement o this standard
is required. Attacks aimed at networked sotware
systems are directed at governments, corporations,
educational institutions, and individuals; and they can
result in nancial loss, the loss and compromise o
sensitive data, system damage, and lost productivity
all enabled by simple sotware vulnerabilities. One
way to combat this growing problem is through secure
code. But what makes code secure?
The CERT Secure Coding Initiative, spearheaded by
Robert Seacord, a senior member o the SEI techni-
cal sta, is building a comprehensive approach to
secure sotware development in the C, C++, and Java
programming languages. The cornerstone o this ap-
proach is the development o secure coding standards
or each language. Seacord asserts that security must
be understood or organizations to embrace itsecure
coding standards promote adoption by providing a
precise and measurable denition. CERT coordinates
development o secure coding standards by security
researchers, language experts, and sotware develop-
ers using a wiki-based community process. The CERT
C Secure Coding Standard, or example, was pub-
lished in October 2008 as an Addison-Wesley book.
Once completed, these standards will be submitted to
open-standards bodies or consideration and possible
publication.
Developers and sotware designers can apply these
coding standards to their code to create secure sys-
tems, or analyze existing code against these standards.
In September 2005, the team publishedSecure Coding
in C and C++, and since then they have created and
licensed courses, published books and papers, col-
laborated with government and private organizations,
and presented at conerences to promote standards
that will help improve the quality o sotware released
today and in the uture.
One example o collaborative work is The CERT
Sun Microsystems Secure Coding Standard for Java.
Currently being developed with Sun Microsystems,
this standard provides guidance or secure pro-
gramming in the Java Platorm, Standard Edition
6 environment. Programmers who adopt the Java
standard can avoid vulnerabilities in their Java-based
applications. This coding standard is applicable to the
wide range o products coded in Java such as PCs,
game players, mobile phones, home appliances, and
automotive electronics.
However, secure coding standards alone are inad-
equate to ensure secure sotware development because
they may not be consistently and correctly applied. To
solve this problem, CERT is developing an applica-
tion certication process that can be used to veriy the
conormance o a sotware product with secure coding
standards. Because this process depends on the appli-cation o source code analysis tools, CERT is work-
ing with industry partners such as LDRA and Fortiy
Sotware, and research partners such as JPCERT and
Lawrence Livermore National Laboratory to enhance
existing source code analysis tools to veriy compli-
ance with CERT guidelines.
The CERT Secure Coding Initiative
For more inormation, visit
www.cert.org/orensics/
-
8/14/2019 SEI Year in Review 2008
30/4828 | www.sei.cmu.edu | YEAR IN REVIEW 2008
Today on the battleeld, many types o militarypersonnelsuch as operators o unmanned-air
and all-terrain vehicles, intelligence operators, and
commandersmust communicate on a moment-
to-moment basis as conditions on the eld change.
This critical communication occurs over tactical
data networks (TDNs)series o gateways, servers,
unmanned vehicles, and operation centers, connected
via mobile, wireless, and ad-hoc mesh networks.
TDNs have nite resources such as limited network
bandwidth that all network users and components
compete or when exchanging inormation. Allocating
bandwidth eectively has always been a challengingproblem, but as TDNs become increasingly complex
and more closely coupled with moment-to-moment,
rational (or sel-interested) human decision making,
these challenges become daunting. Researchers
around the world are investigating the use o market
mechanisms to allocate scarce computational
resources: Could these ideas be useul in TDNs?
To nd out, researchers at the SEI have been
developing auction mechanisms or bandwidth
allocation in TDNs. In 2006, the SEI showed how
auctions can be used to improve the common
operating picture in a prototype TDN based onthe Navys LINK-11. In 2007, the SEI joined with
Harvard University and the Naval Post-Graduate
School (NPS) to demonstrate auction mechanisms
or bandwidth allocation in a more complex and
demanding TDN testbed developed by the NPS,
called the Tactical Network Topology (TNT).
TNT links equipment in three locations across the
United States and manages all communications
among them. The NPS is using TNT to pioneer
adaptive tactical networks based on the concepts o
8th Layer, which enables adaptive networking by
giving every critical node bandwidth adaptation and
small-scale network operation capability. The 8thLayer-enabled hyper-nodes adapt their behavior by
exchanging services in accordance with the Valued
Inormation at the Right Time (VIRT) concept.
CMD Aids in Bandwidth Allocation
Alex Bordetsky, the principal investigator and oundero the NPSs TNT testbed, says, The SEIs work in
mechanism design is helping our orces to cross what
we call the last tactical mile. It runs rom command
headquarters to tactical units in remote locations
and has inormation gaps along the waythats
where 8th Layer adaptation comes in. It helps us
bridge those gapssomething that becomes more
and more important as systems grow more dynamic,
perormance becomes more critical, and resources
dwindle.
Applying auction mechanisms this way is cutting
edge, says Kurt Wallnau, one o the SEI researchersinvestigating computational mechanism design
(CMD). According to Wallnau, the TNT arena gave
-
8/14/2019 SEI Year in Review 2008
31/48
-
8/14/2019 SEI Year in Review 2008
32/4830 | www.sei.cmu.edu | YEAR IN REVIEW 2008
-
8/14/2019 SEI Year in Review 2008
33/482008 YEAR IN REVIEW | www.sei.cmu.edu | 31
Researchers at the Aerospace Vehicle Systems
Institute (AVSI) oresaw a problem with building
the next generation o complex, sotware-intensive,
saety-critical aircrat systems; as the complexity o
the avionics systems continues to increase, they have
identied a need or a undamental change in develop-
ing the sotware and systems or the next generation
system aircrat. Through Georgia Tech, AVSI conduct-
ed a pre-study o existing technologies that could help
with sotware-intensive systems construction, and the
Georgia Tech study recommended adoption o the
Architecture Analysis and Design Language (AADL),
which was developed at the SEI as a means to conduct
model-based development.
The AVSI project Systems Architecture Virtual
Integration (SAVI) ocuses on establishing a new way
o speciying and integrating increasingly complex
aerospace systems. This would reduce the cost and
schedule o new airplane development while improv-
ing quality, saety, and perormance, says Jrgen
Hansson o the SEI. Traditionally, subcontractors
responsible or a part o the system would indepen-
dently develop code or pieces o the system. When the
pieces are brought together, the system has already
gone ar into development, but when you try to inte-
grate all the pieces rom the dierent subcontractors,
the integration problems appear.
So the question they are asking, says Hansson, is
whether there is a way to conduct integration earlier
using a model-based approach beore the system is
being built. This is where AADL comes in. Using
AADL, individual subcontractors can model their
pieces o the system with large amounts o imple-
mentation detail. Now I can take that model together
with everyone elses models and integrate them and
make sure I get the system behavior I want or areas I
determine to be critical, says Hansson.
This process will allow AVSI to capture many integra-
tion aults as early in the development process as pos-
sible. The cost o xing a ault escalates dramatically
the later it is uncovered in the development process.
Studies have shown that 60 percent to 75 percent o
all system deects are introduced in the system-lie-
cycle development phases preceding the code devel-
opmentrequirements engineering, system architec-
ture design, and component designs. Yet only a small
raction o these deects, about 3 percent to 8 percent,
are detected beore code development and system
realization; the majority o deects are detected at the
time o system integration or later phases.
Correcting late-detected deects incurs signicant
costs. For example, the costs o correcting deects in
the system-integration phase or ater the system has
been deployed into operation, are 15 to 30 times, and
30 to 110 times higher respectively compared to the
cost o the removing the deects earlyin the phase in
which they were introduced.
The goal, says Hansson, is to do more up-ront
modeling o the system to mitigate risks and integra-
tion problems, save money and time, and possibly
allow construction o even larger, more complex
systems with this technique.
AVSI
The Aerospace Vehicle Systems Institute (AVSI)is a consortium comprising aerospace companiesincluding Boeing, Lockheed Martin, Rockwell Collins,and othersthe Department o Deense, and theFederal Aviation Administration. AVSI works toimprove the integration o complex subsystemsin aircrat.
Costs o correcting deects
in the system-integration
phase or ater the systemhas been deployed into
operation are 15 to 30
times, and 30 to 110times higher, respectively,
compared to the cost o
removing the deects early.
AVSI Chooses AADL or Next Gen Design
-
8/14/2019 SEI Year in Review 2008
34/4832 | www.sei.cmu.edu | YEAR IN REVIEW 2008
-
8/14/2019 SEI Year in Review 2008
35/482008 YEAR IN REVIEW | www.sei.cmu.edu | 33
In 2008, the SEI created a web service certica-
tion process or the U.S. Armys Chie Inormation
Oce/G-6 (CIO/G-6) organization to address security
and provisioning concerns the Army oresees in its
development o service-oriented architecture (SOA)
environments. The CIO/G-6 organization is responsible
or the inormation management unction o the Army.
SOA, according to a denition by IBM, is the archi-
tectural style that supports loosely coupled services
to enable business fexibility in an interoperable,
technology-agnostic manner. For the Army, and other
Service branches in the U.S. Department o Deense,SOA promises a means to realize a vision in which
warghters have a Deense-enterprise-wide capability
through which they can choose and assemble services
quickly in order to adapt and change to conditions on
the battleeld.
Key concerns or the Army in moving toward SOA
are inormation assurance, interoperability, and
networthiness, according to Sriram Bala, a member
o the SEI team working with the Army CIO/G-6.
The central question is this: I we are to eld SOA
on DoD networks, how do we assure that it is sae to
use, Bala says.
The need or inormation assurance poses the question
o how to protect inormation and services by ensuring
condentiality, integrity, authentication, availability,
and non-repudiation, according to Bala. This level o
protection is needed while the inormation is in stor-
age, processing, or transit and whether it is threatened
by malice or accident.
Web service interoperability aims to provide seamless
and automatic connections rom one sotware applica-
tion to another. The networthiness o a web service
in an SOA context depends on determining networkimpact o the web service, developing port and proto-
col white listpolicies or web service use, conducting
network security scans to ensure that web services are
not compromising networks, and other actors. White
list policies dene what a service is allowed to do, ac-
cording to Ed Morris, another SEI team member.
In 2008, the SEI team created a certication and ac-
creditation process or the Army CIO/G-6 that homes
in on these concerns. The intent o our process is
to certiy services in order to assure that they are
not malicious to the SOA inrastructure that they are
deployed on or interacting with, Bala explains.
We have devised a process that can be executed
rapidly to certiy and accredit web servicesto
accomplish these steps in days rather than months,
Morris explains. An Army SOA is expected to be
dynamic, and it does no good to be able to assemble
services rapidly i those services cannot be certiedin a timely way.
This process is robust so that it can deal with ser-
vices or which source code is not available, Bala
says. And it is fexible so that it can be modied and
institutionalized by other service branches and com-
mercial organizations eventually, he notes.
In addition, the SEI process is heavily tool-centric,
Morris says. It draws on applicable commercial and
open-source technologies. Even so, the SEI has ound
that existing testing tools are inadequate or the job;
as a result, the SEI process includes manual reviewby sophisticated users to interpret what the tools are
telling them, Morris adds.
Now that the process has been created, the SEI
team is working with the Army CIO/G-6 to make it
operational.
Our next steps include developing a strategy or
testing end-to-end mission threads to integrate
certied services to perorm the tasks in a mission,
Morris says.
Securing Web Services in an SOAEnvironment or the Army SOA Initiative
-
8/14/2019 SEI Year in Review 2008
36/4834 | www.sei.cmu.edu | YEAR IN REVIEW 2008
SEI Partner Network
The SEI Partner Network is an elite
group o SEI-trained organizations on theleading edge o sotware engineering
processes and technologies. SEI Part-
ners are licensed to deliver SEI services.
SEI Partners provide the ollowing:
CMMI v1.2 Product Suite Services
People CMM Product Suite
Services
SCAMPI Appraisal Services
CERT Inormation Security Courses
Implementing Goal-Driven
Measurement Course
Improving Process Perormance Using
Six Sigma Course Designing Products and Processes
Using Six Sigma Course
Sotware Architecture: Principles
and Practices Course
Team Sotware Process Services
By delivering services worldwide, the
SEI partners provide a critical distribution
channel or accomplishing the SEI
mission.
In FY 2008, the SEI Partner Network
consisted o 387 partner organizations.
For more inormation about the
SEI Partner Network, visit
www.sei.cmu.edu/partners/
SEI Afliate Program
Through the SEI Aliate Program,
sponsoring organizations contributetechnical sta members to the SEIs
ongoing eort to dene superior sot-
ware and systems engineering best
practices. Aliates lend their techni-
cal knowledge and experience to SEI
teams investigating specic technology
domains.
Aliates are immersed in the inquiry
and exploration o new tools and meth-
ods that promise to increase productiv-
ity, make schedules predictable, reduce
deects, and decrease costs.
For more inormation about the
SEI Afliate Program, visit
www.sei.cmu.edu/collaborating/afliates
SEI Conerences & Events
As part o its strategy to apply the lat-
est research, the SEI oers conerenc-es, workshops, and user-group meet-
ings. These events represent technical
work and research perormed by the
SEI and its collaborators in the areas
o process improvement, sotware
architecture and product lines, security,
acquisition, and interoperability.
Individuals rom around the
world attend SEI conerences
and events to
connect with industry leaders
share best practices
network with peers
nd potential solutions
gather the latest research and trends
in sotware and systems engineering
Some o the events that the SEI spon-
sored and co-sponsored are
Army Senior Leadership Education
Program
FloCON
SATURN 2008
SEPG Conerence Series
SMART ULS Workshop
TSP Symposium
For more inormation about
SEI conerences and events, visit
www.sei.cmu.edu/events/
-
8/14/2019 SEI Year in Review 2008
37/482008 YEAR IN REVIEW | www.sei.cmu.edu | 35
SEI Proessional
Development Center
The SEI has ormed a new Proessional
Development Center incorporatingeducation, training, and credentialing,
all o which enable individuals to benet
rom the SEIs research in multiple
disciplines.
The center provides continuing
education or engineering and sotware
proessionals in government, industry,
and academia. The SEI addresses
proessional development needs by:
designing and developing training
that is accessible and eective with
classroom, blended, and distancelearning
encouraging and recognizing individual
accomplishments in various disciplines
through certicate programs
enhancing individual career
opportunities through SEI Certication
In FY2008, the SEI delivered 352
courses, trained 5,990 individuals, and
awarded 515 certications.
For more inormation about SEI training, visitwww.sei.cmu.edu/products/courses/
For more inormation about SEI Certifcation,
visit www.sei.cmu.edu/certifcation/
SEI Membership
SEI Membership is a business and
knowledge network that connectsthe SEI with sotware and systems
engineering leaders in government,
industry, and academia throughout the
world. SEI Membership is designed
or sotware and systems engineering
proessionals who are interested in
priority access to SEI technologies
and events. Individuals use the SEI
Membership program as a means o
networking with other proessionals to
discuss adoption and implementation
o sotware-engineering best practices
and challenges o sotware andsystems engineering.
SEI Members include small-business
owners, sotware and systems
developers, CEOs, directors, and
managers rom business, industry, and
prominent government organizations in
36 countries around the globe.
The SEI is the only one o 37 ederally
unded research and development
centers that oers membership to the
public.
For more inormation about SEI Membership,
visit www.sei.cmu.edu/membership/
100Projects on which the SEI collaborated
with Carnegie Mellon University
27Academic customers and collaborators
76Government customers and
collaborators
60Government acquisition programsreceiving on-site support rom the SEI
31Industry customers and collaborators
88Army leaders attending the Senior
Leadership Education Program at theSEI
15,000Registered attendance at CMMIcourses this year
120,000Hours o training delivered by the
CERT Virtual Training Environment
859Publications & books (respectively)
published by the SEI to date.
Did you know....
-
8/14/2019 SEI Year in Review 2008
38/4836 | www.sei.cmu.edu | YEAR IN REVIEW 2008
Paul D. NielsenDirector
Chie Executive Ocer
Clyde G. ChittisterChie Operating Ocer
-
8/14/2019 SEI Year in Review 2008
39/482008 YEAR IN REVIEW | www.sei.cmu.edu | 37
SEI Sta
The SEI attracts top talent to imple-
ment its expanding objectives, increas-
ing its sta by a third over the past our
years. Sta members are permanent,
ull-time employees; visiting scientists
are temporary SEI employees rom
government, industry, and academia;
aliates are proess