Software Engineering Institute Applied Research
Abstract
Research projects at the SEI FFRDC will be awarded under this PE on a competitive basis across the SEI. Funding levels in each thrust area may vary from year to year. Research will address the goal of assisting the DoD in retaining a long-term differential advantage over potential adversaries in the area of software-intensive systems and cybersecurity by enhancing assurance, exploiting automation, and understanding human-computer interaction. The four main thrust areas are: 1) Modern software tools, integrated development environments, and software engineering processes have captured large data sets about development activities and performance. This thrust seeks to study the metrics, measurement methodologies, and data analytics required to better understand cost, schedule, security, and performance drivers of software projects based on real-world observation and experimentation for the purposes of assessing fragility and technical debt, improving resiliency and scalability, and supporting cost/performance tradeoffs. 2) Model-based engineering for the design, verification, and validation of software-intensive cyber-physical systems (e.g., DoD platforms, Internet of Things (IoT)). This thrust brings automated tools to the problems of requirements engineering, architectural design, and testing. The intention is to dramatically improve assurance and confidence in software-reliant systems through techniques and tools such as model checking and constraint solvers. These tools build upon evidence produced at each step of the acquisition and development lifecycles and which may be applied to running systems in support of mission assurance objectives. 3) Software production and code analysis techniques that improve the ability to predict how complex software systems will behave. Software systems today are assembled from components supplied from around the world, often with unknown provenance. Consequently, analysis techniques that indicate the past and potential behavior of code artifacts (e.g., binaries) are important to make assurance claims. This thrust aims to develop techniques to build more secure software given knowledge of risky design patterns and forensics, and to combine this with code analysis techniques (developed in concert with malware analysis) to predict the behavior of software systems comprised of components acquired through a risky or unknown supply chain. 4) Successful use of software-reliant systems involves a human element. This thrust addresses issues including insider threat behavior, user security; trust in automated systems, and cybersecurity threat intelligence. Its aim is to acquire insights into how humans interact with technology (including computers) to understand if functionality provided can be used efficiently in missions, including circumstances where users may be under stress and/or must contemplate cooperation with robotic assistants.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2017
- Source ID
- 15ae24b428e6262fe433f0cd30978e64