SEI Year in Review 2008

8/14/2019 SEI Year in Review 2008

1/48


2/48

The Software Engineering Institute (SEI) is a federally funded

research and development center (FFRDC) sponsored by the U.S.

Department of Defense and operated by Carnegie Mellon University.

The SEI mission is to advance software engineering and related

disciplines to ensure systems with predictable and improved quality,

cost, and schedule.


3/482008 YEAR IN REVIEW | www.sei.cmu.edu | 1

Contents

A Message rom the Director 3

Strategy and Areas o Work 4

News Bries 6

Growing Architecture Competence 6

Program Merger Enhances Capabilities in System Structure and Behavior 7

SEI Joins Multicore Association 7

Sharing with Educators 8

SOA Research 9

ULS Systems Research Is Redening Sotware Engineering 9

New Webinars Bring SEI to the Desktop 10

CERT-DC3 Collaboration Aims or Better DIB Network Deense 11

New UML Prole Maps to AADL 11

CERT Podcast Series 11

VTE Helps DoD Meet Remote Training Requirements and Cut Costs 12

Mexican TSP Initiative Shows Early Results 15

Army Commitment to Strategic Sotware Improvement Grows 17

SMART Evolves as Needs Emerge 18

Cyber Storm Simulates Network Attack 21

The I in Integration 23

CERT Forensics Team Helps Law Enorcement Agencies Fight Cyber Crime 24

The CERT Secure Coding Initiative 27

CMD Adds in Bandwidth Allocation 28

AVSI Chooses AADL or Next Gen Design 31

Securing Web Services in an SOA Environment or the Army SOA Initiative 33

Transition Activities 34

Leadership, Management, & Sta 37

Key Publications 40

Opportunities 44


4/482 | www.sei.cmu.edu | YEAR IN REVIEW 2008



The impact o sotware in our lives continues to grow.

The men and women o the SEI have a deep knowledge

and understanding o todays sotware problems and

opportunities. They play a crucial role in advancing thestate o the practice in ways that have a positive impact,

certainly or our customers, but also or the industries

they participate in and the world at large.

The SEIs women and men perorm innovative research

and interact with the global sotware community to

nd best practices and important new research, but

most importantly, work hard to eectively transition

technology, techniques, and methods to our clients and

stakeholders. We teach individuals about architecture,

security, interoperability, the integration o systems, and

process improvement across the entire development lie

cycle. We conduct workshops or sotware educators,and through our Virtual Training Environment (VTE),

we enable customers to have anywhere, anytime access

to some o the best sotware training. Through our SEI

Webinar and CERT Podcast series, we are engaging

in Web 2.0 technologies to reach new audiences. And

through direct support o government and industry

clients, we improve the acquisition and development o

sotware-intensive systems.

A Message rom the DirectorSotware is Essential, Everywhere, and Expanding

This Year in Review highlights a ew ways the SEI cre-

ates customer solutions across a spectrum o challenges

in areas ranging rom digital orensics and process

management to acquisition and architecture. Current

examples highlighted in this issue include:

CollaborationswiththeArmyStrategicSoftware

Improvement Program (ASSIP) to establish a stron-

ger, more ecient, and more capable sotware com-

munity within the Army

Creationofacomprehensivenewsetoftoolsand

methods in computer orensics to help law enorce-

ment capture crucial digital evidence or somehigh-prole cases

AdoptionofSEIsTeamSoftwareProcess(TSP)

methodology by the Mexican government in its work

to build a national reputation as a provider o IT

products and services

RecognitionbytheAerospaceVehicleSystems

Institute (AVSI) o the SEI-developed Architecture

Analysis and Design Language (AADL) as the ideal

tool to help plan and build next-generation aerospace

systems

I am proud to share some o our 2008 accomplishments

and uture research endeavors. These achievements are

the result o an outstanding and dedicated sta work-

ing with a set o world-class customers. The United

States has made a strong and committed investment in

the development o technology, and the SEI is proud to

serve as a global leader in the creation o knowledge

and promotion o sotware engineering.

Paul D. Nielsen, Director and CEO



CreateThe SEI addresses signicant and

pervasive sotware engineering

problems by motivating research

innovating new technologies

identiying and adding valueto emerging or underused

technologies

improving and adapting existingsolutions

The SEI achieves its goals through technology innovationand transition. The SEI creates usable technologies,applies them to real problems, and amplies theirimpact by accelerating broad adoption.

ApplyThe SEI applies and validates new

and improved technologies and

solutions in real-world government

and commercial contexts. Applicationand validation are required to

prove eectiveness, applicability,and transition potential. Solutions

and technologies are rened and

extended as an intrinsic part o theapplication activities.

Government and commercialorganizations directly benet rom

these engagements. In addition, the

experience gained by the SEI inorms the Create activities about real-world

problems and urther adjustments,

technologies, and solutions that are

needed

the Ampliy activities about needed

transition artiacts and strategies

The SEI works with early adopters to

implement the Apply activities.

SEI technologies and solutions are

suitable or application and transition to

the sotware engineering communityand to organizations that commission,build, use, or evolve systems that are

dependent on sotware.

The SEI partners with innovators

and researchers to implement these

activities.

AmpliyThe SEI works through the

sotware engineering communityand organizations dependent on

sotware to encourage and supportthe widespread adoption o new and

improved technologies and solutions

through

advocacy

books and publications

certications

courses

leadership in proessional

organizations

Strategy

licenses or use and delivery

Web-based communication anddissemination

The SEI accelerates the adoption and impacto sotware engineering improvements.

The SEI engages directly with the

community and through its partners toampliy its work.



Areas o Work

Quality sotware that is produced on schedule

and within budget is a critical component to

U.S. deense systems, which is why the U.S.Department o Deense (DoD) established the

SEI in 1984. Since then, the SEI has advanced

sotware and systems engineering principlesand practices, while serving as a national and

international resource or the sotware and

systems engineering communities. As an

applied research and development center, theSEI brings immediate benets to its research

partners and long-term benets to the

sotware industry as a whole.

Operated by Carnegie Mellon University

a global research university recognizedworldwide or its world-class arts and

technology programsthe SEI operates atthe leading edge o technical innovation. TheSEIs core purpose is to help organizations

improve their capabilities and to develop or

acquire the right sotware, deect ree, on

time, and on budget, every time.

The SEI technical programcreated and carried out by world-recognizedleaders in sotware engineering, security, and process managementconsists o our technical ocus areas. The SEI also conducts new researchinto emerging topics in sotware and systems engineering.

* cooperative research anddevelopment agreementan agreement with an industryor academic collaborator

** unding provided by the Oceo the Under Secretaryo Deense or Acquisition,Technology, & Logistics

the SEIs primary DoDsponsorto execute the SEItechnical program

*** course ees, conerence ees,and other recovered costs

U.S. Army7.18%

U.S. Navy

1.91%

U.S. Air Force

8.02%

U.S. Joint Military10.52%

Civil Agencies

20.60%

Industry (CRADA*

& Other Research

Agreements)

15.37%

SEI Line**

16.92%

Other***19.48%

The SEI oers solutions to customers in theareas o:

AcquisitionProcessManagement

Risk

Security

SoftwareDevelopment

SystemDesign

The SEIs technical ocus areas, together

with its outreach activities, are aimed atmeeting the dened sotware engineering

needs o the DoD. Within these areas o

work, the SEI collaborates with deense,government, industry, and academic

institutions to continuously improve

sotware-intensive systems. The SEIs

body o work in technical and managementpractices is ocused on developing sotware

right the rst time, which results not onlyin higher quality, but also predictable and

improved schedule and cost.

Areas o Work

Quality sotware that is produced on schedule

and within budget is a critical component to

U.S. deense systems, which is why the U.S.Department o Deense (DoD) established the

SEI in 1984. Since then, the SEI has advanced

sotware and systems engineering principles

and practices, while serving as a national andinternational resource or the sotware and

systems engineering communities. As an

applied research and development center, theSEI brings immediate benets to its research

partners and long-term benets to the

sotware industry as a whole.

Operated by Carnegie Mellon University

a global research university recognizedworldwide or its world-class arts and

technology programsthe SEI operates atthe leading edge o technical innovation. The

SEIs core purpose is to help organizationsimprove their capabilities and to develop or

acquire the right sotware, deect ree, on

time, and on budget, every time.

The SEI technical programcreated and carried out by world-recognizedleaders in sotware engineering, security, and process managementconsists o our technical ocus areas. The SEI also conducts new researchinto emerging topics in sotware and systems engineering.

* cooperative research anddevelopment agreementan agreement with an industryor academic collaborator

** unding provided by the Oceo the Under Secretaryo Deense or Acquisition,Technology, & Logistics

the SEIs primary DoDsponsorto execute the SEItechnical program

*** course ees, conerence ees,and other recovered costs

U.S. Army7.18%

U.S. Navy

1.91%

U.S. Air Force

8.02%

U.S. Joint Military10.52%

Civil Agencies

20.60%

Industry (CRADA*

& Other Research

Agreements)

15.37%

SEI Line**

16.92%

Other***19.48%

The SEI oers solutions to customers in theareas o:

Acquisition Process Management

Risk

Security

Sotware Development

System Design

The SEIs technical ocus areas, together

with its outreach activities, are aimed atmeeting the dened sotware engineering

needs o the DoD. Within these areas o

work, the SEI collaborates with deense,government, industry, and academic

institutions to continuously improve

sotware-intensive systems. The SEIs

body o work in technical and managementpractices is ocused on developing sotware

right the rst time, which results not only

in higher quality, but also predictable andimproved schedule and cost.



2008 Independent Research and

Development Awards

The SEI annually undertakes several independent research

and development (IRAD) projects, which are chosenbased on their potential to mature or transition sotware

engineering practices and set new directions or SEI work.

The ollowing IRAD projects were completed in FY2008:

Assurance Cases or Medical Devices

Mechanism Design

Understanding the Relationship o Cost,Benet, and Architecture

A Sotware System Engineering Approach or Fault

Containment

Modeling Stakeholder Requirements or Integrated Use

in Both Process Improvement and Product Development

While researchers have thoroughly examined the tech-

nical aspects o eective sotware architecture, the

qualities necessary to make an eective architect have

remained relatively unstudied. Members o the SEI

Sotware Architecture Technology (SAT) team elt

that by studying architecture competence they could

learn how to promote it. Their goals were to identiy

the measurable actors that contribute to architecture

competence in individuals and organizations and to

develop an instrument or evaluating these actors.

They described their research in the technical report

Models for Evaluating and Improving ArchitectureCompetence, presenting basic concepts and our

models or explaining, measuring, and improving

the architecture competence o an individual or a

sotware-producing organization. The authors

explained how they could apply the our models

to create an evaluation instrument to measure an

organizations architecture competence. Such an

evaluation would benet organizations that acquire,

service, or develop sotware systems.

Also emerging rom the SAT teams work was the

Architecture Competence Workshop conducted at the

SEI in June 2008, where accomplished practitionersrom government, academia, and industry discussed

key issues in assessing and improving architectural

competence. Through the workshop, the team hoped

to understand what leading organizations were doing

in the area o architecture competence.

Opening speakers described their organizations

approaches or promoting architecture competence.

Raytheon, or example, has an organization-wide

competence improvement project that includes gov-

ernance by an Architecture Review Board, a ormally

dened Raytheon Certied Architect Program, and

the standards-based Raytheon Enterprise ArchitectureProcess. Boeing is improving its architecture compe-

tence by introducing key practices such as architecture

evaluation and architect certication. Boeing issues

Sotware Architect Certicates in specic domains

and holds an annual conerence, where sotware archi-

tects network and share ideas. Raytheon and Boeing

both engage SEI technology, such as the Architecture

Tradeo Analysis Method and the Quality Attribute

Workshop, to promote best architecture practices.

Through the workshop, the SAT team also hoped to

get eedback on their in-progress assessment instru-

ment. This questionnaire is based on the architecture

competence ramework developed earlier by the team

and ocuses on what an organization should do i it

is serious about incorporating architecture practices.

The workshop ormed working groups that provided

positive input and suggestions or questions and

improvement.

The SAT researchers work has reinorced the notion

that while much remains to be done to dene andmeasure architecture competence, the time or pursu-

ing it has denitely arrived.

Growing ArchitectureCompetence

To read the report, visit www.sei.cmu.edu/publications/documents/08.reports/08tr025.pd


9/48

A multicore processor combines two or more inde-

pendent cores (normally a CPU) into a single package

composed o a single integrated circuit. The increasing

availability o processors with many computing cores

requires better approaches to developing and deploy-

ing concurrent sotware. As members o the Multicore

Association (MCA), members o the technical sta

at the SEI are participating in the MCAs Multicore

Programming Practices (MPP) working group. This

working group is developing a multicore-sotware pro-

gramming guide or industry. Participation in the work-

ing group will allow the SEI to represent the needs andinterests o its stakeholders in the U.S. Department o

Deense, government, and industry and communicate

the working groups ndings to those stakeholders.

SEI researchers are exploring concurrent-programming

challenges as they apply to sotware engineering.

They are investigating analytical methods or reason-

ing about the response time and processor utilization

o multicore systems through ecient scheduling,

allocation, and synchronization in embedded, real-time,

multicore systems.

In summer 2008, the SEI Product Line Systems and

Dynamic Systems programs merged to create the new

Research, Technology, and System Solutions (RTSS)

Program. RTSS positions the SEI to provide more

complete capabilities or predicting and bounding the

structure and behavior o sotware-reliant systems.

By combining these two groups, we bring together a

strong team o innovative and productive researchers,

said Paul Nielsen, SEI Director and CEO. We will

have a stronger concentration o both talent and und-

ing to address the needs we see in architecture, largeand ultra-large systems, model-based engineering,

sotware assurance, product lines, and more.

For example, three initiatives came together to orm

the Architecture-Centric Engineering (ACE) unit. The

separate initiatives, Sotware Architecture Technology

(SAT), Predictable Assembly rom Certiable Code

(PACC), and Perormance-Critical Systems (PCS),

shared a common ocus on architecture and quality

attributes, yet had their own unique emphasis.

SAT ocused on architecture-centric methods, busi-

ness goals, stakeholder involvement, inormal analy-

ses, economics, and widespread transition. PACC used

ormal architecture and code analyses to understand

design space restrictions to allow or predictability.

PCS analyzed architecture representations to calcu-

late the dependability and perormance o sotware

systems.

By leveraging the commonality and exploiting each

groups emphasis, ACE will allow the SEI to ocus

holistically on using architecture coupled with ap-

propriate analyses and practices to build high-quality,

predictable systems.

YEAR IN REVIEW | www.sei.cmu.edu | 7

Program Merger EnhancesCapabilities in System

Structure and Behavior

SEI Joins MulticoreAssociation


10/48

Sharing with Educators

8 | www.sei.cmu.edu | YEAR IN REVIEW

When concepts or eective sotware engineering are

included in college curricula, they are disseminated

on a undamental level with ar-reaching ramica-

tions. To promote such inclusion o proven methods

and practices, two SEI teams have conducted work-

shops or instructors in computer science and sotware

engineering.

The rst Predictable Assembly rom Certiable Code

(PACC) Workshop or Educators was held at the

SEI in August. PACC technology promotes accurate

predictability. For example, it enables engineers topredict that robots will meet their strict perormance

deadlines or that medical devices will comply with

saety requirements. Predicting the observable execut-

ing system behavior o assemblies o sotware compo-

nentsrom the properties o those componentsis

achieved through techniques that the PACC team

develops. Such prediction requires that the properties

o the components are rigorously dened and trusted

and can be certied by independent third parties.

The workshop ocused on a closely related concept,

predictability by construction (PBC), which purports

that i a system can be constructed, it will have pre-dictable runtime behavior. The breakthrough o PBC

concepts into the classroom is signicant. Through

the use o available technologies and theories, PBC

can be practically achieved or a variety o system-

level properties, such as security, saety, and peror-

mance. A tutorial on PBC was held on the rst day o

the workshop, introducing principles that were then

demonstrated through concrete working examples. On

the second day attendees discussed how to integrate

topics covered in the tutorial into computer science

and sotware engineering curricula.

For ve years the SEI has also conducted its an-

nual Sotware Architecture Workshop or Educators.

Participants rom across the globe have come to

discuss architecture concepts crucial to successul

sotware and system development and their delivery

into college classrooms. In its early years, the work-

shop oered introductory coursework and discus-sion ocused on raising awareness regarding good

architecture.

In August 2008 the workshop oered the advanced

two-day course Sotware Architecture Design and

Analysis, which provides in-depth coverage o the

concepts needed to make eective design decisions

and to successully analyze a sotware architecture

relative to desired system qualities. As in previous

years, the third day involved sharing ideas on how

attendees might incorporate course topics and other

architecture-centric design principles into their cur-

ricula. Conductors o this years workshop noted howits infuence had deepened and expanded. All par-

ticipants reported the incorporation o architecture-

centric concepts into their curricula; repeat attendees

shared thoughts on how previous workshop topics had

been applied in their programs; and discussions were

much more in depth and sophisticated than when the

workshop began.



In 2008, the SEI inspired work to urther the

investigation o several key issues identied in its

service oriented architecture (SOA) research agenda.

Led by the SEI, a team o internationally known

SOA researchers developed a research agenda in

2007. The SEI arranged the agenda in a taxonomy

that includes our top-level categories: business,

engineering, operations, and cross-cutting concerns.

Those categories contain issue areas such as

strategy, architecture, monitoring, and governance.

In all, more than 50 issues are included.

More than 110 people rom government, industry,

and academia attended a 2008 workshop on hard

problems in SOA hosted by the SEI in association

with IBM and Carnegie Mellon University.

SEI researchers began working with Frederic Wenzel

rom University o Karlsruhe, who is developing a

thesis on Transaction Management in Federated

Workfows at Carnegie Mellon.

The SEI and others organized the Second

International Workshop on Systems Development

in SOA Environments (SDSOA 2008), which wasco-located with the 30th International Conerence

on Sotware Engineering (ICSE 2008). This

workshop brought together experts to ocus on three

o the agendas signicant issues: dynamic service

composition, design or system qualities, and

runtime monitoring and adaptation.

In all, eight workshops have been conducted, and

more than 25 papers in conerence proceedings have

been published on SOA research agenda topics.

Two years ater publishing the ground-breaking

report titledUltra-Large-Scale Systems: The Software

Challenge of the Future, the SEI-led research team

can see the adoption o its views on the horizon. A

lot o the ideas in the ULS systems report are already

here, and people are working on them, but theyre not

everywhere, Richard P. Gabriel, IBM distinguished

engineer and a coauthor o the report, recently told

IEEE Software. I think there will be a coalescing o

those ideas, and it will be inevitable.

The SEIs work on ULS systems began ater the U.S.Army posed the question, Given the issues with

todays sotware engineering, how can we build the

systems o the uture that are likely to have billions o

lines o code?

The research team determined that the number o

lines o code is only one o several ways in which the

scale o systems is growing larger and more complex.

The report describes how this increasing scale will

orce changes to the basic principles and assumptions

o sotware engineering. It recommends research in

the areas o human interaction; computational emer-

gence; design; computational engineering; adaptivesystem inrastructure; adaptable and predictable sys-

tem quality; and policy, acquisition, and management.

The community response has been positive; the report

has motivated research projects around the globe.

Linda Northrop, director o the SEIs Research,

Technology, and System Solutions Program and lead

author o the report, sums up the impact o the ULS

systems research this way: People consistently tell

me that the report accurately portrays the challenges

that they are seeing. They agree that the inherent char-

acteristics o the ULS systems dey successul use o

todays approaches to system development.

For more inormation, visit

www.sei.cmu.edu/uls/

SOA Research ULS Systems ResearchIs Redefning Sotware

Engineering



Part o the SEIs mission is to distribute the knowl-

edge that is created, captured, and applied

to the global sotware and systems engineering

community. Technology and the internet allow this

inormation to be presented in more accommodating

and interactive ways.

Between my demanding work schedule and travel

and expense cutbacks, its challenging to get the

training I need to eectively do my job, said Joanne

Mack, statistician and team lead or quality com-

ponents at the Center or Medicare and Medicaid

Services. Even though the government is reducing

spending, they still want a highly trained and compe-

tent work sta.

Thats precisely why we launched the SEI Webinar

Series, explained Shane McGraw, who coordinates

the SEI Sotware Process Improvement Network

(SPIN) groups. Its a convenient way or the SEI

to communicate our sotware engineering best prac-

tices directly to practitioners. Its ree, and easy to

attendyou dont even need to leave your oce.

Launched in July, the webinar series is proving to

be extremely popular. To date, almost 2,000 people

have registered to attend a webinar. Octobers CMMI

or Services presentation attracted nearly 500

participants.

Jeannine Siviy, part o the team that presented the rst

SEI webinar, Process Improvement in Multi-Model

Environments, says that the platorm is benecial to

both the community and the SEIs research sta. Not

only do the webinars allow us to reach people who

may not be able to attend the conerences where we are

presenting, but the question and answer portion letsus know immediately how our inormation resonates,

said Siviy. Its eedback that we will use to make our

materials even stronger and more relevant.

Mack, who attended the CMMI on the Web webinar,

was thrilled with what she learned and the webinar

ormat. Im new to the webinar world as well as to the

SEI and its coursework, she said. But the presenta-

tion was easy to use, very inormative, and applicable

to my job. It helped me look at things I never thought o

beore.

The schedule o upcoming webinarsas well as the

archive o previous webinarsis posted on the SEI

website: www.sei.cmu.edu/collaborating/spins

Its a convenient way or the

SEI to communicate our sot-

ware engineering best practices

directly to practitioners. Its ree,

and easy to attendyou dont

even need to leave your oce.


www.sei.cmu.edu/spins?

New Webinars Bring SEIto the Desktop



The CERT Podcast Series

Two years ago, Julia Allen started the CERT Podcast Series

as a way to provide business leaders with the securityinormation they need. Now, new podcasts are uploaded

every two weeks to the CERT website and iTunes. The series

has become increasingly popular with more than 80,000monthly downloads and over 60 titles.

The Deense Industrial Base (DIB) comprises

8,700 companies critical to the operations o the

U.S. Department o Deense (DoD). Unclassied

DIB networks ace a range o internet threats

capable o evading commercial security tools

and deeating security best practices. It is critical

or those in charge o these networks to develop

and implement a robust and adaptable deense

capability.

To meet this challenge, the Oce o the

Assistant Secretary o Deense or Networks andInormation Integration, the Deense Cyber Crime

Center (DC3), and the SEI have partnered to better

deend this critical national inrastructure. In 2008,

the SEI CERT Program began a commitment to

research, develop, and implement eective inor-

mation sharing processes or the DIB community;

apply and implement an incident management

capability or the DoD and DIB; and, ultimately,

transition this capability to the DoD and DIB.

The Object Management Group (OMG), an interna-

tional not-or-prot computer industry consortium,

in June 2008 released a beta version o a Unied

Modeling Language (UML) prole or modeling

and analysis o real-time and embedded systems

(MARTE). The MARTE extension provides support

or specication, design, verication, and validation

o real-time and embedded systems. An appendix to

MARTE allows mapping to the SAE International

Architecture Analysis and Design Language (AADL)

and is heavily infuenced by the SEIs work on AADL

and model-based development.

The OMG MARTE group invited Peter Feiler o the

SEI to join in the development o the prole. Feiler

is the author o the AADL standardan industry-

established standard or modeling system sotware

architectures that provides a precise, non-ambiguous

representation or modeling real-time embedded

systems. He says the development o MARTE is an

exciting opportunity: Now there will be a systematic

and ecient way to exchange inormation through the

OMG MARTE prole and AADL and vice versa. I

you are building an architecture model in AADL, then

it can be used in UML MARTE tools. Organizationscurrently using UML are now oered an additional

possibility to use AADL and benet rom the precise

modeling and validation o architectural designs that

AADL provides.

CERT-DC3 CollaborationAims or Better DIB

Network Deense

The podcasts are a very easy transition method, says

Allen. Typically 20 to 30 minutes long, the discussions

capture valuable security principles and tactics.

Topics include governing or enterprise security, privacy,

insider threat, and risk management and resilience.Podcasts oten eature leading industry and government

security experts alongside CERT researchers.

Weve also discovered that the podcasts are a great

way or us to draw in practitioners, says Allen. Once

they hear the inormation, they want to read more, take

training, and become urther engaged with the topics.

New UML ProfleMaps to AADL



Since the approval o DoD Directive 8570.01 in

December 2005, DoD organizations have had to

scramble to identiy new and better avenues or

training. The directive requires the training and

certication o all inormation assurance technicians

and managers to meet DoD baseline requirements

related to their jobs. This means roughly 100,000 DoD

personnel require training and certication.

Unortunately, many DoD personnel, particularly

members o the armed orces, nd themselves in

orward-operating bases and other situations where

traditional, classroom-based training is dicult i notimpossible. In increasing numbers, DoD organizations

are turning to CERTs Virtual Training Environment

(VTE) to bridge this training gap. VTE provides rich

media instruction and hands-on training labs to remote

students over the internet. It enables students to access

high-quality training on security, computer orensics,

and incident response anywhere in the world, with

only a web browser and an internet connection.

The power o the VTE distribution model is that it

can reach students in places other training delivery

methods cant, notes VTE team lead Jim Wrubel.

Armed orces personnel have accessed VTE rom

orward-deployed bases in Iraq and Aghanistan,

and theyve even accessed VTE rom ship-side

deployments. Wrubel adds that VTEs 15-minute

modules have been designed specically to help

students adapt their training to meet unpredictable

schedules. Whats more, VTE training has no

expiration datestudents can access all training

modules as oten as they want and or as long as they

want ater completing training. Because students

can keep coming back to the modules and the test

network, notes Wrubel, VTE helps close the gap

between learning a concept and using that concept.

The result is more eective inormation security

practice in the eld.

VTE Helps DoD Meet Remote TrainingRequirements and Cut Costs



VTEs hands-on scenario networks have been

a particular hit with DoD students. Accessible

directly rom the students computer, the networks

enable the student to experiment, learn new skills,

and practice network security and management

techniques without putting live networks at risk.

Imagine, Wrubel observes, an Air Force rewall

administrator who cant practice his or her skills

on the live network. VTE enables the administrator

to practice rewall conguration and management

on the scenario network, as many times as desired,

right rom his or her desktop.


www.cert.org/training/vte_description.html

VTE has been well received by the DoD, and its

use is growing. In the past year, VTE delivered

approximately 120,000 hours o training. And not only

is VTE lling the training need or DoD personnel

in ar fung locations, its doing so at considerable

savings to the DoD: VTE-based training saves the

DoD 84 percent per student served compared to

traditional classroom delivery. Even better or the

DoD, this savings comes at no cost to eectiveness.

Certication rates or students accessing VTE

or training are equal to those o students taking

classroom training.



Two years ater the Mexican government launched its

unprecedented program to build a national reputation

as a provider o IT products and services using the

SEI Team Sotware ProcessSM (TSPSM) methodology,

early results rom pilot projects show an increase in

high-quality, low-deect sotware developed on sched-

ule and with improved team productivity.

These improvements are the result o a strategic

alliance orged in 2006 between the SEI and Mexicos

leading private university, Instituto Tecnolgico

de Estudios Superiores de Monterrey (Tec de

Monterrey), and enthusiastically supported by theMexican national government, to advance the state

o sotware engineering practice. The goal o the

alliance is to position the Mexican sotware indus-

try as an international competitor in the global IT

outsourcing market by introducing TSP as a compo-

nent o Mexicos Program or the Development o the

Sotware Industry (PROSOFT).

While industry statistics show that over hal o all

sotware projects are more than 100 percent late or are

cancelled, in these TSP pilot projects, teams delivered

their products on average 2 percent later than they had

planned, with some as much as 27 percent earlier. Keyto schedule success in the pilot TSP teams was overall

high product quality; several TSP projects had no

deects in system or acceptance test.

Sottek, a global provider o IT and business process

services, participated in the pilot TSP projects and had

a deect rate o 0.038 per thousand lines o code.

TSP has also helped to motivate development sta

and management. Developers said they preer the

work environment o a TSP team. Management appre-

ciated the depth o the data and the reliability o status

reports. Low worker attrition, a relative strength oMexico, was not only maintained, but enhanced. One

company survey o employees ound the TSP pilot

team to have the highest job satisaction in the plant.

Initially developed at the SEI by Watts Humphrey,

TSP is a process technology that guides teams in

reducing time to market, increasing productivity, im-

proving cost, schedule perormance, and product qual-

ity, accelerating process improvement, and reducing

proessional sta shortages.

A TSP team has an error rate in deadlines to deliver

projects o -10 percent to 5 percent, whereas those

without TSP/PSP have an error rate o 140 percent.

TSP works in conjunction with the Personal Sotware

ProcessSM (PSPSM), through which individual engi-

neers can measure and enhance their perormance.

Both were created as a way to bring CMMI principles

to teams and individuals.

You need to dierentiate yoursel to compete.

Mexico plans to dierentiate itsel through its largest

competitive advantagethe TSP, said Ivette Garcia,

the Director o Mexicos Digital Economy. Thecompetitive advantage will come through reduced

development time, superior quality, real-time interac-

tion, lower attrition rate, and trust in Mexicos high-

perormance knowledge workers and teams.

As one o the next steps in the national initiative,

Tec de Monterrey is piloting not only an accelerated

process improvement method using TSP to imple-

ment CMMI called TSP-Based CMMI Accelerated

Improvement Method (TC-AIM) but also a TSP

organizational evaluation and certication (TSP-

OEC). TC-AIM will make CMMI process improve-

ment accessible to small- and medium-size enterprises(SMEs). Organizational certication will provide

objective insight into the perormance o an organiza-

tions products and projects. Taken together, TC-AIM

and TSP-OEC will make process improvement and

CMMI recognition cost eective or the SMEs.

Mexican TSP Initiative Shows Early Results


www.sei.cmu.edu/tsp/



ASSIPThe Army Strategic SotwareImprovement Program (ASSIP) is apartnership between the U.S. Army andthe SEI aimed at promoting an integratedsotware and systems engineeringapproach to the Armys acquisition osotware. Several Program ExecutiveOce and Program Managers Ocesta members with experience in ASSIPeorts oered their views o the impacto ASSIP.

The ASSIP eort provided uscondence that we were requestingthe right inormation rom our vendors.ASSIP also expanded the value o thevendor inormation and metrics that werequest.

Steve WaldropSotware Branch Chie

Program Managers Oce

Heavy Brigade Combat Team

At PEO Aviation we are seeing practicalapplication o the knowledge gainedthrough the ASSIP eorts as our peopleare continuously seeking ways toimprove the cost, schedule and quality otheir respective programs.

Terry Carlson, PhDChie, Aviation Commonality &

Interoperability Branch

Program Executive Oce, Aviation

The ASSIP is providing timely, relevant,and value-added sotware engineering

expertise to the PEO-GCS communityto enhance our sotware acquisitionprocesses or the warghter.

Peter HaniakChie System Engineer

Program Executive Oce

Ground Combat Systems



2008 saw continued growth in communication, knowl-

edge sharing, and the trading o sotware engineer-

ing and acquisition lessons learned, Albert said, with

meetings every other month o the ASSIP Action Group

(AAG). AAG, a group that plans and monitors execu-

tion or ASSIP, comprises 11 Army program executive

oces (PEOs), our Army sotware engineering centers,

the Armys chie inormation ocer, and the Army Test

and Evaluation Center. The SEI acts as both subject

matter experts and acilitators or the sessions.

We know [ASSIP] is having a positive eect on the

Armys sotware program, said Schwenk, because thePEOs are telling us so. Theyre saying this is a worth-

while eort. For PEOs carrying ever-growing work-

loads to seek out and attend the regular AAG meetings

and other ASSIP activities speaks strongly to the value

ASSIP provides.

The year also saw a scaling up o the Armys interest in

learning and applying the SEIs sotware architecture

knowledge through ASSIP. A concerted eort con-

ducted through the SEI helped the Army grow its ranks

o sotware experts trained in the SEI Architecture

Tradeo Analysis Method (ATAM). Army personnel

have taken part in about a dozen ATAM evaluations todate. The Army has also seen an added, immediate ben-

et rom the architecture training: The PEOs have used

them to reveal sotware risks early in projects lietimes.

All o this, Albert notes, is ullling the our-old intent

o ASSIP: oster migration to model-based system and

sotware acquisition process improvement; institution-

alize broad-based oversight, management, and technical

expertise; apply an integrated system- and sotware-

engineering approach to Army acquisition; and system-

atically incorporate lessons learned, best practices, and

new technology into policies, practices and processes.

It is exciting to see the increasing visibility sotware is

getting across the Army through its strong commitment

to ASSIP, Albert said.

Just by looking at the 2008 numbers or ASSIPthe SEIs

partnership with the U.S. Army aimed at improving Army

sotwareyou can tell 2008 was a good year or the ve-

year-old program.

Indeed, at six Army sites more than 300 Army personnel

attended 26 SEI courses related to sotware architecture,

acquisition, and other skills during the year. Also, the SEI

hosted three exclusive educational conerences or Army

leadership on current sotware issues and developments;

about two dozen Army executives attended each, including

general ocers and civilian members o the Armys Senior

Executive Service.

But the numbers arent the real story o the Army Strategic

Sotware Improvement Programs successes.

In 2008 we really began to see awareness [o ASSIP]

grow, said Cecilia Albert, who heads up Army programs

in the SEIs Acquisition Support Program. Thats what

was most impressive. ASSIP, with its mission o in-

graining an integrated system and sotware engineering

approach to the Armys acquisition o the sotware in its

systems, is taking root in the Armys acquisition establish-

ment, Albert said.

Robert Schwenk, the Armys senior sotware acquisition

manager, agrees.

Its not the numbers, Schwenk said. Its what they

signiyASSIP is succeeding at providing a orum or

Army experts to interact with each other, network, and

synergize at a leadership level. That is vitally important

to the Armys acquisition community, Schwenk noted,

because as sotware grows in complexityand consistent

acquisition processes grow in necessityit is only through

sustained interaction among Army sotware experts that

the orce will be able to assure that it obtains high-quality

and eective sotware products.

In short, the Armys sotware is improvingbecause

ASSIP is helping establish a stronger, more ecient, and

more capable sotware community within the Army itsel.

That community o proessionals is an organic capability

that is beginning to deliver on the Armys strategic needs.

Army Commitment to Strategic

Sotware Improvement Grows


www.sei.cmu.edu/programs/acquisition-support/



SMART Evolves as Needs Emerge

We dont invent processes that no one uses. We,

in act, look at real needs and respond to those

needs, explained Grace Lewis, technical lead or

SEI SMART and system-o-systems engineering

research. This pragmatic approach is one reason that

many organizational leadersater migrating a single

system or implementing a single pilotthen adopt

SMART principles across the board.

Earlier this year, a team o engineers rom the SEI

worked with a division o the U.S. Army to help

migrate a legacy command and control system to a

service-oriented architecture (SOA) environment.The SEI team soon realized that the system in

question had multiple componentsthey were

responsible or implementing services, establishing

the inrastructure, and building applications to act as

service consumersand Army personnel would need

constant support in all these aspects.

The story o the Service Migration and Reuse Technique

(SMART) and the amily o techniques that developed

rom it is one that illustrates what the SEI does best

engaging with a customer, identiying a need, developing

a tailored solution, and subsequently generalizing the

solution.

The story begins with the original SMART technique

and charts its continuous evolution, all in response to an

organizational need to reuse code rom legacy systems

and transorm it into services useul to an organization.

Migrated legacy systems have plenty o potential as

services that can be reused throughout an organizationcustomer lookup, account lookup, and credit card

validation are some examples.



This led the SEI team to revisit its standard approach

to service migration that ocuses on the service

providerSMARTand rene it to one that would

encompass a ull service-oriented system. From that

need, SMART-SYS was born.

Another member o the SMART amily o tools

developed this year also saw its impetus in work that

the SEI did in helping a government organization

migrate a legacy system.

The system was bureaucratic. It was big. It had rules

and regulations and requirements to move through it.

The organization had to understand that environment

in much greater detail, explained Patrick Place, a

senior researcher at the SEI. To meet those needs, the

SEI team again altered its approach and developed

SMART-ENV (environment), which ocuses on

helping an organization understand the target SOA and

identiy associated costs and risks beore migrating.

SMART was developed three years ago to help

organizations address important issues beore

migrating a system to an SOA environmentnamelywhether it is realistic to migrate these systems to

services. And, i so, what services would make the

most sense or that organization and what resources

are needed. In all this year, the SEI developed

ve spin-os or amily members rom its original

SMART tool: SMART-MP (migration pilot),

SMART-SMF (service migration easibility),

SMART-ENV (environment), SMART-ESP

(enterprise service portolio) and SMART-SYS

(system). All were in response to customers with

individualized needs, but a common goal: migrating

legacy systems to service-oriented architecture

environments.

The Electronic Systems Center (ESC) o the U.S.

Air Force is at the oreront o adopting the SMART

approach based on experiences migrating a human

resources system that managed such tasks as awards,

decrees, and temporary duty leave.

Tim Rudolph, ESC chie technology ocer, said

his sta members have condence in the SMART

approach because not only did they benet rom it,

but they continue to help shape it as it matures.

A lot o these steps [in the SMART process] are lesstechnical and more about behavior and processes. To

do that SOA migration properly, it takes some work

to institutionalize those competencies, explained

Rudolph. SMART is an important part o our overall

enterprise systems engineering process.



For a handul o days in March 2008, chaos reigned.Customer support centers at government and com-

mercial organizations were inundated with phone calls

reporting problems: a new piece o malicious code that

was stealing user names and passwords or a power out-

age that shut down subway systems.

I let unchecked or mishandled, these incidents could

snowball into the types o problemsloss o internet

connection, network breaches, transportation system

meltdownsthat bring organizations and countries to

a standstill. And to almost everyone involved, except

or a select group o insiders who monitored every

email and phone call, these scenarios were real. Theinsiders tracked whether, i laws were broken, the

company enlisted an outside agency such as the FBI

to begin an investigation, and they documented any

security measures that were implemented.

This pseudo-cyber attack known as Cyber Storm is

conducted every two years and is coordinated by the

U.S. Department o Homeland Securitys National

Cyber Security Division with support rom the

Sotware Engineering Institutes CERT Coordination

Center (CERT/CC) and others. It tests government and

organizational readiness or real events.

Cyber Storm is a concerted eort by an adversary

to cause harm and measure how government entities

and organizations respond to it, explained Marty

Lindner o the CERT/CC, who serves as both architect

and one o the behind-the-scenes controllers o Cyber

Storm during the exercise. This year, the exercise

spanned ve countries; 18 ederal cabinet-level

agencies, including the Department o Deense and the

Department o Justice; nine states; and 40 private-

sector companies. Lindner said that he and others

create the scenarios rom a compendium o real-lie

scenarios designed to exploit a gap in policy or a

misstep in the chain o response.

These tests are necessary in the current global climate.

In 2007, ederal agencies reported more than 5,600

cases o computer attacks, intrusions, probes, and

plantings o malicious code.

Microsot helped plan and participated in both Cyber

Storm exercises.

We typically get involved at the very early stages

o exercise planning. Our products and technology

touch a lot o dierent sectors and dierent systems,

explained Jerry Cochran, principal security strategist atMicrosot.

The companys involvement was twoold this year. First

and oremost, Microsots Security Response Center

(MSRC) played a key role as an exercise player

responding to security incidents 24/7 as they would in

the real world. Cochran also served with Lindner behind

the scenes as both an exercise planner and a controller.

As a designated controller, he monitored the exercise,

elded rerouted callstaking any steps to make the

exercise appear as real as possible. A controller lls in

the gaps. Sometimes you might be playing the role o a

consultant or mimicking representatives rom IT sectorsthat arent in the game, Cochran explained.

As Cochran sees it, each time that Microsot partici-

pates, lessons are learned and the company is better

prepared. And the expansive global involvement this

year allowed Microsot to measure incident response

rom an international perspective. One lesson Microsot

believes all participants learn by participating in the

exercise is that to manage major incidents, it is essen-

tial to have established relationships. In some cases,

those partnerships are with competitors in the industry,

Cochran said. From a security-response standpoint,

your competitors might be the best partners. In cyberincident response we are all working together or the

same causeour customers and the resiliency o the

inormation inrastructure.

Although similar exercises had been conducted previ-

ously, the rst Cyber Storm was held in 2006, and it

tested government and industry responses to a range o

would-be catastrophes. Lindner, who also coordinated

that exercise, said that it included hundreds o passen-

gers at airline ticket counters whose names suddenly

appeared on no-fy lists, ailed railway switches, and

a power outage at the Port Authority o New York and

New Jersey.

For that exercise, the CERT/CC coordinated eorts with

more than 100 public and private organizations in ve

dierent countries. The ederal agencies investigating

the threat traced it back to Lindner, who served as prime

perpetrator. In Cyber Storm I, they arrested me. The

Secret Service wanted to handcu me, Lindner said.

Fortunately, it was just an exercise.

Cyber Storm Simulates Network Attack


www.cert.org



Beginning in 2008, the Capability Maturity Model

Integration (CMMI) served as a oundation or

increased eorts ocused on truly integrating sot-

ware development, sotware acquisition, and services

delivery. We leveraged the I in integration this year,

said Bill Peterson, SEI Sotware Engineering Process

Management program director. The ull CMMI

Product Suite weaves together the core principles

o CMMI or Development to extend to CMMI or

Acquisition and in 2009 to services delivery. With this

product suite, we are able to maximize the synergies

among the CMMI models.

CMMI or ServicesReleasing in 2009

The SEI has seen a growing demand or process

improvement in the services sector, which makes up

more than 80 percent o the U.S. and global economy.

Service organizationsin such areas as healthcare,

IT, education, nance, or transportationhave needs

and interests that are dierent rom those o develop-

ment organizations, yet the CMMI model has a track

record o eective techniques to improve process

capability. CMMI or Services (CMMI-SVC) was

designed to provide guidance specically or orga-

nizations providing services. The best practices in

CMMI-SVC cover a wide variety o services and are

fexible enough to complement models designed or a

specic service, such as IT.

CMMI-SVC shares some best practices with CMMI

or Development (CMMI-DEV), which provides help

to development organizations. Such shared content

enables organizations that both develop products and

deliver services to use complementary models to

improve their capabilities.

Based on pilots with SEI Partners since October 2006,

CMMI-SVC is proving valuable or service organiza-

tions in improving processes. This in turn can leadto lower costs and better satisaction or customers

and end users. The SEI will release the CMMI-SVC

model at SEPG North America 2009 and on the SEI

website in March 2009.

CMMI and Six Sigma: Partners in Process

Over the years, the SEI has witnessed organizations

struggling with the implementation o process im-

provement. In some instances, organizations viewed

CMMI and Six Sigma as competing approaches rather

than a synergistic combination that can yield superior

perormance. Indeed, some abandoned one approach

or another, creating a churn yielding no improvement,

delayed production schedules, increased costs, and

unhappy employees.

To leverage the best impacts o combining approaches,

the SEI began development o a CMMI-Six Sigma

Certication. The SEI program will be able to help

organizations achieve increased return on investment,

better sotware quality, and development o highly

skilled leaders who will be trained to eectively guide

their organizations to improved perormance using theunique body o knowledge and skills encompassed by

the certication program.

During 2009, the community will be asked to take

part in the development and review o the CMMI-Six

Sigma Body o Knowledge. The ocus will be on how

to merge the strategic CMMI ramework with the Six

Sigma tactical toolset (including DMAIC, Lean, and

Design or Six Sigma) or perormance improvement.

The program will be based on leading best practices in

measurement and analysis, Six Sigma, and CMMI.

Signicant synergies and energies come rom puttingCMMI and Six Sigma together, says the SEIs David

Zubrow, technical lead or CMMI-Six Sigma initia-

tives. Indeed, we have seen substantial benecial im-

pact on the implementation o high-maturity practices,

especially or process perormance modeling, through

the use o Six Sigma techniques. Thats where the SEI

comes in. The certication program will provide oppor-

tunities or individual instruction, model training, team

training, and Six Sigma training to build the workorce.

Jeerson Welch, manager o the certication program

at the SEI, emphasizes that the SEI is not trying to rep-

licate Six Sigma certication. What we have createdis a powerul combination o the two. With a certica-

tion in place, there are benets to the organization in

terms o transorming, enhancing, and improving the

quality o work rom the individual perspective.

The I in Integration

SERVICE

INDUSTRY

The SEI has seen a growing demand orprocess improvement in the services sector,which makes up more than 80 percent othe U.S. and global economy.



and validating account numbers and eliminating

duplicate numbers. It also maintains a pedigree that

shows all the locations in which each number was

ound. The pedigree reveals how stolen numbers were

traded (ater an initial thet, nancial account numbers

are oten shufed, split into chunks, and sold) and can

aid in tracing the source o the original thet. CCFinder

also handles the problem o the sheer size o recent

nancial crimes, which had overwhelmed existing

tools. CCFinder was a big deal when we were working

with 3 million account numbers, said team member

Matthew Geiger. Then we quickly went rom there to

45 million in the TJX case.

The TJX case was the investigation o 11 people who

were charged in August 2008 with the thet o more

than 40 million credit and debit card numbers rom T.J.

Maxx, Marshalls, Barnes & Noble, OceMax, and

other major retailers. The orensics team participated in

an electronic crimes task orce along with USSS agents

and state and local law enorcement. It was an eye-

opening experience participating in a law-enorcement

action o that scale, with well-organized simultaneous

searches, said Geiger.

U.S. Representatives John Murtha, Mike Doyle, andJason Altmire recognized the teams eorts on TJX dur-

ing a visit to Carnegie Mellon University in September

2008. CERTs role in this landmark case underscores

its importance in computer security over the past 20

years, said Murtha.

Forensics team members Nolan, Geiger, Cal Waits,

Kristopher Rush, and Larry Rogers have multiplied

their eectiveness by training the USSS, the FBI, the

Department o Deense cyber crime lab, and other

law enorcement groups in their tools and techniques.

The training is done live on site at the SEI and also via

CERTs Virtual Training Environment (VTE), a securedsel-paced, web-based training lab. Authorized mem-

bers o law enorcement groups can access a number o

orensics tools developed by the team on VTE.

Our primary work is research, but the application

o it in real-world cases is whats really gratiying,

said Nolan. A white paper is nice, but locking people

up is better.

CERT Forensics Team Helps Law EnorcementAgencies Fight Cyber Crime

It all began with the Iceman case. A ormer computer

security consultant, Max Ray Butler (also known

as Iceman), was allegedly attacking computers

at nancial institutions and credit card processing

centers, stealing account inormation, and selling the

data to others. The U.S. Secret Service (USSS), which

was leading the investigation into Butlers activities,

knew o the CERT orensics teams expertise in

cracking sophisticated techniques used by cyber

criminals, such as encrypting data to hide evidence.

The team assisted the USSS in acquiring and

decrypting the Icemans data, thus providing critical

evidence or the governments case.

Through word o mouth and presentations the

team gives to law enorcement groups, demand or

the teams skills and tools spread to state police

departments and other law enorcement agencies rom

coast to coast. We are providing operational support

to the United States Secret Service, to high-prole

intrusion and identity thet investigations, and to

investigations o other general computer crimes, said

team leader Rich Nolan, a ormer Drug Enorcement

Administration agent. This support work enables the

team to see problems in the eld rst hand and then

rene their tools or develop new tools and techniques

to solve those problems.

One tool that was developed or a specic case is

CCFinder. In cases in which investigators were trying

to discover compromised credit card and nancial

account numbers, the existing tools produced many

alse positives. CCFinder does a better job o nding

Cal Waits takes questions rom the media

on CERTs role in credit card raud evidence

gathering.



Survey Seeks to Shape the Future

o Computer Forensics Education

Proper handling o digital evidence isessential to the successul prosecutiono computer-related crimes. Thediscipline o computer orensics,however, is still in its inancy. Acoherent, standardized approach tocomputer orensics education remainson the horizon.

As a rst step toward standardization,CERT orensics team members Cal

Waits and Larry Rogers undertook a2008 survey o the current state othe practice. The idea grew out oour engagement with members o theederal law enorcement and privatesector communities, says Waits.These communities had access toorensics training, but, Waits notes,they ound it to be piecemeal andvocational in nature.

Waits surveyed the ederal lawenorcement and private sectorcommunities, including the nancialsector, to identiy needed roles in theorensics eld and catalog the skillsrequired to perorm these roles. Thenext step will be to work with theInormation Networking Institute atCarnegie Mellon University to plan anddevelop a model curriculum, basedon Waits ndings, suitable or use atdegree-granting institutions. Waitsand Rogers work will be detailed in aorthcoming SEI technical report.


www.cert.org/orensics/



As sotware becomes more complex and sotware se-

curity moves closer to the oreront o organizational

plans, a means o dening what constitutes a secure

system and assuring achievement o this standard

is required. Attacks aimed at networked sotware

systems are directed at governments, corporations,

educational institutions, and individuals; and they can

result in nancial loss, the loss and compromise o

sensitive data, system damage, and lost productivity

all enabled by simple sotware vulnerabilities. One

way to combat this growing problem is through secure

code. But what makes code secure?

The CERT Secure Coding Initiative, spearheaded by

Robert Seacord, a senior member o the SEI techni-

cal sta, is building a comprehensive approach to

secure sotware development in the C, C++, and Java

programming languages. The cornerstone o this ap-

proach is the development o secure coding standards

or each language. Seacord asserts that security must

be understood or organizations to embrace itsecure

coding standards promote adoption by providing a

precise and measurable denition. CERT coordinates

development o secure coding standards by security

researchers, language experts, and sotware develop-

ers using a wiki-based community process. The CERT

C Secure Coding Standard, or example, was pub-

lished in October 2008 as an Addison-Wesley book.

Once completed, these standards will be submitted to

open-standards bodies or consideration and possible

publication.

Developers and sotware designers can apply these

coding standards to their code to create secure sys-

tems, or analyze existing code against these standards.

In September 2005, the team publishedSecure Coding

in C and C++, and since then they have created and

licensed courses, published books and papers, col-

laborated with government and private organizations,

and presented at conerences to promote standards

that will help improve the quality o sotware released

today and in the uture.

One example o collaborative work is The CERT

Sun Microsystems Secure Coding Standard for Java.

Currently being developed with Sun Microsystems,

this standard provides guidance or secure pro-

gramming in the Java Platorm, Standard Edition

6 environment. Programmers who adopt the Java

standard can avoid vulnerabilities in their Java-based

applications. This coding standard is applicable to the

wide range o products coded in Java such as PCs,

game players, mobile phones, home appliances, and

automotive electronics.

However, secure coding standards alone are inad-

equate to ensure secure sotware development because

they may not be consistently and correctly applied. To

solve this problem, CERT is developing an applica-

tion certication process that can be used to veriy the

conormance o a sotware product with secure coding

standards. Because this process depends on the appli-cation o source code analysis tools, CERT is work-

ing with industry partners such as LDRA and Fortiy

Sotware, and research partners such as JPCERT and

Lawrence Livermore National Laboratory to enhance

existing source code analysis tools to veriy compli-

ance with CERT guidelines.

The CERT Secure Coding Initiative


www.cert.org/orensics/



Today on the battleeld, many types o militarypersonnelsuch as operators o unmanned-air

and all-terrain vehicles, intelligence operators, and

commandersmust communicate on a moment-

to-moment basis as conditions on the eld change.

This critical communication occurs over tactical

data networks (TDNs)series o gateways, servers,

unmanned vehicles, and operation centers, connected

via mobile, wireless, and ad-hoc mesh networks.

TDNs have nite resources such as limited network

bandwidth that all network users and components

compete or when exchanging inormation. Allocating

bandwidth eectively has always been a challengingproblem, but as TDNs become increasingly complex

and more closely coupled with moment-to-moment,

rational (or sel-interested) human decision making,

these challenges become daunting. Researchers

around the world are investigating the use o market

mechanisms to allocate scarce computational

resources: Could these ideas be useul in TDNs?

To nd out, researchers at the SEI have been

developing auction mechanisms or bandwidth

allocation in TDNs. In 2006, the SEI showed how

auctions can be used to improve the common

operating picture in a prototype TDN based onthe Navys LINK-11. In 2007, the SEI joined with

Harvard University and the Naval Post-Graduate

School (NPS) to demonstrate auction mechanisms

or bandwidth allocation in a more complex and

demanding TDN testbed developed by the NPS,

called the Tactical Network Topology (TNT).

TNT links equipment in three locations across the

United States and manages all communications

among them. The NPS is using TNT to pioneer

adaptive tactical networks based on the concepts o

8th Layer, which enables adaptive networking by

giving every critical node bandwidth adaptation and

small-scale network operation capability. The 8thLayer-enabled hyper-nodes adapt their behavior by

exchanging services in accordance with the Valued

Inormation at the Right Time (VIRT) concept.

CMD Aids in Bandwidth Allocation

Alex Bordetsky, the principal investigator and oundero the NPSs TNT testbed, says, The SEIs work in

mechanism design is helping our orces to cross what

we call the last tactical mile. It runs rom command

headquarters to tactical units in remote locations

and has inormation gaps along the waythats

where 8th Layer adaptation comes in. It helps us

bridge those gapssomething that becomes more

and more important as systems grow more dynamic,

perormance becomes more critical, and resources

dwindle.

Applying auction mechanisms this way is cutting

edge, says Kurt Wallnau, one o the SEI researchersinvestigating computational mechanism design

(CMD). According to Wallnau, the TNT arena gave


31/48



Researchers at the Aerospace Vehicle Systems

Institute (AVSI) oresaw a problem with building

the next generation o complex, sotware-intensive,

saety-critical aircrat systems; as the complexity o

the avionics systems continues to increase, they have

identied a need or a undamental change in develop-

ing the sotware and systems or the next generation

system aircrat. Through Georgia Tech, AVSI conduct-

ed a pre-study o existing technologies that could help

with sotware-intensive systems construction, and the

Georgia Tech study recommended adoption o the

Architecture Analysis and Design Language (AADL),

which was developed at the SEI as a means to conduct

model-based development.

The AVSI project Systems Architecture Virtual

Integration (SAVI) ocuses on establishing a new way

o speciying and integrating increasingly complex

aerospace systems. This would reduce the cost and

schedule o new airplane development while improv-

ing quality, saety, and perormance, says Jrgen

Hansson o the SEI. Traditionally, subcontractors

responsible or a part o the system would indepen-

dently develop code or pieces o the system. When the

pieces are brought together, the system has already

gone ar into development, but when you try to inte-

grate all the pieces rom the dierent subcontractors,

the integration problems appear.

So the question they are asking, says Hansson, is

whether there is a way to conduct integration earlier

using a model-based approach beore the system is

being built. This is where AADL comes in. Using

AADL, individual subcontractors can model their

pieces o the system with large amounts o imple-

mentation detail. Now I can take that model together

with everyone elses models and integrate them and

make sure I get the system behavior I want or areas I

determine to be critical, says Hansson.

This process will allow AVSI to capture many integra-

tion aults as early in the development process as pos-

sible. The cost o xing a ault escalates dramatically

the later it is uncovered in the development process.

Studies have shown that 60 percent to 75 percent o

all system deects are introduced in the system-lie-

cycle development phases preceding the code devel-

opmentrequirements engineering, system architec-

ture design, and component designs. Yet only a small

raction o these deects, about 3 percent to 8 percent,

are detected beore code development and system

realization; the majority o deects are detected at the

time o system integration or later phases.

Correcting late-detected deects incurs signicant

costs. For example, the costs o correcting deects in

the system-integration phase or ater the system has

been deployed into operation, are 15 to 30 times, and

30 to 110 times higher respectively compared to the

cost o the removing the deects earlyin the phase in

which they were introduced.

The goal, says Hansson, is to do more up-ront

modeling o the system to mitigate risks and integra-

tion problems, save money and time, and possibly

allow construction o even larger, more complex

systems with this technique.

AVSI

The Aerospace Vehicle Systems Institute (AVSI)is a consortium comprising aerospace companiesincluding Boeing, Lockheed Martin, Rockwell Collins,and othersthe Department o Deense, and theFederal Aviation Administration. AVSI works toimprove the integration o complex subsystemsin aircrat.

Costs o correcting deects

in the system-integration

phase or ater the systemhas been deployed into

operation are 15 to 30

times, and 30 to 110times higher, respectively,

compared to the cost o

removing the deects early.

AVSI Chooses AADL or Next Gen Design



In 2008, the SEI created a web service certica-

tion process or the U.S. Armys Chie Inormation

Oce/G-6 (CIO/G-6) organization to address security

and provisioning concerns the Army oresees in its

development o service-oriented architecture (SOA)

environments. The CIO/G-6 organization is responsible

or the inormation management unction o the Army.

SOA, according to a denition by IBM, is the archi-

tectural style that supports loosely coupled services

to enable business fexibility in an interoperable,

technology-agnostic manner. For the Army, and other

Service branches in the U.S. Department o Deense,SOA promises a means to realize a vision in which

warghters have a Deense-enterprise-wide capability

through which they can choose and assemble services

quickly in order to adapt and change to conditions on

the battleeld.

Key concerns or the Army in moving toward SOA

are inormation assurance, interoperability, and

networthiness, according to Sriram Bala, a member

o the SEI team working with the Army CIO/G-6.

The central question is this: I we are to eld SOA

on DoD networks, how do we assure that it is sae to

use, Bala says.

The need or inormation assurance poses the question

o how to protect inormation and services by ensuring

condentiality, integrity, authentication, availability,

and non-repudiation, according to Bala. This level o

protection is needed while the inormation is in stor-

age, processing, or transit and whether it is threatened

by malice or accident.

Web service interoperability aims to provide seamless

and automatic connections rom one sotware applica-

tion to another. The networthiness o a web service

in an SOA context depends on determining networkimpact o the web service, developing port and proto-

col white listpolicies or web service use, conducting

network security scans to ensure that web services are

not compromising networks, and other actors. White

list policies dene what a service is allowed to do, ac-

cording to Ed Morris, another SEI team member.

In 2008, the SEI team created a certication and ac-

creditation process or the Army CIO/G-6 that homes

in on these concerns. The intent o our process is

to certiy services in order to assure that they are

not malicious to the SOA inrastructure that they are

deployed on or interacting with, Bala explains.

We have devised a process that can be executed

rapidly to certiy and accredit web servicesto

accomplish these steps in days rather than months,

Morris explains. An Army SOA is expected to be

dynamic, and it does no good to be able to assemble

services rapidly i those services cannot be certiedin a timely way.

This process is robust so that it can deal with ser-

vices or which source code is not available, Bala

says. And it is fexible so that it can be modied and

institutionalized by other service branches and com-

mercial organizations eventually, he notes.

In addition, the SEI process is heavily tool-centric,

Morris says. It draws on applicable commercial and

open-source technologies. Even so, the SEI has ound

that existing testing tools are inadequate or the job;

as a result, the SEI process includes manual reviewby sophisticated users to interpret what the tools are

telling them, Morris adds.

Now that the process has been created, the SEI

team is working with the Army CIO/G-6 to make it

operational.

Our next steps include developing a strategy or

testing end-to-end mission threads to integrate

certied services to perorm the tasks in a mission,

Morris says.

Securing Web Services in an SOAEnvironment or the Army SOA Initiative



SEI Partner Network

The SEI Partner Network is an elite

group o SEI-trained organizations on theleading edge o sotware engineering

processes and technologies. SEI Part-

ners are licensed to deliver SEI services.

SEI Partners provide the ollowing:

CMMI v1.2 Product Suite Services

People CMM Product Suite

Services

SCAMPI Appraisal Services

CERT Inormation Security Courses

Implementing Goal-Driven

Measurement Course

Improving Process Perormance Using

Six Sigma Course Designing Products and Processes

Using Six Sigma Course

Sotware Architecture: Principles

and Practices Course

Team Sotware Process Services

By delivering services worldwide, the

SEI partners provide a critical distribution

channel or accomplishing the SEI

mission.

In FY 2008, the SEI Partner Network

consisted o 387 partner organizations.

For more inormation about the

SEI Partner Network, visit

www.sei.cmu.edu/partners/

SEI Afliate Program

Through the SEI Aliate Program,

sponsoring organizations contributetechnical sta members to the SEIs

ongoing eort to dene superior sot-

ware and systems engineering best

practices. Aliates lend their techni-

cal knowledge and experience to SEI

teams investigating specic technology

domains.

Aliates are immersed in the inquiry

and exploration o new tools and meth-

ods that promise to increase productiv-

ity, make schedules predictable, reduce

deects, and decrease costs.

For more inormation about the

SEI Afliate Program, visit

www.sei.cmu.edu/collaborating/afliates

SEI Conerences & Events

As part o its strategy to apply the lat-

est research, the SEI oers conerenc-es, workshops, and user-group meet-

ings. These events represent technical

work and research perormed by the

SEI and its collaborators in the areas

o process improvement, sotware

architecture and product lines, security,

acquisition, and interoperability.

Individuals rom around the

world attend SEI conerences

and events to

connect with industry leaders

share best practices

network with peers

nd potential solutions

gather the latest research and trends

in sotware and systems engineering

Some o the events that the SEI spon-

sored and co-sponsored are

Army Senior Leadership Education

Program

FloCON

SATURN 2008

SEPG Conerence Series

SMART ULS Workshop

TSP Symposium

For more inormation about

SEI conerences and events, visit

www.sei.cmu.edu/events/



SEI Proessional

Development Center

The SEI has ormed a new Proessional

Development Center incorporatingeducation, training, and credentialing,

all o which enable individuals to benet

rom the SEIs research in multiple

disciplines.

The center provides continuing

education or engineering and sotware

proessionals in government, industry,

and academia. The SEI addresses

proessional development needs by:

designing and developing training

that is accessible and eective with

classroom, blended, and distancelearning

encouraging and recognizing individual

accomplishments in various disciplines

through certicate programs

enhancing individual career

opportunities through SEI Certication

In FY2008, the SEI delivered 352

courses, trained 5,990 individuals, and

awarded 515 certications.

For more inormation about SEI training, visitwww.sei.cmu.edu/products/courses/

For more inormation about SEI Certifcation,

visit www.sei.cmu.edu/certifcation/

SEI Membership

SEI Membership is a business and

knowledge network that connectsthe SEI with sotware and systems

engineering leaders in government,

industry, and academia throughout the

world. SEI Membership is designed

or sotware and systems engineering

proessionals who are interested in

priority access to SEI technologies

and events. Individuals use the SEI

Membership program as a means o

networking with other proessionals to

discuss adoption and implementation

o sotware-engineering best practices

and challenges o sotware andsystems engineering.

SEI Members include small-business

owners, sotware and systems

developers, CEOs, directors, and

managers rom business, industry, and

prominent government organizations in

36 countries around the globe.

The SEI is the only one o 37 ederally

unded research and development

centers that oers membership to the

public.

For more inormation about SEI Membership,

visit www.sei.cmu.edu/membership/

100Projects on which the SEI collaborated

with Carnegie Mellon University

27Academic customers and collaborators

76Government customers and

collaborators

60Government acquisition programsreceiving on-site support rom the SEI

31Industry customers and collaborators

88Army leaders attending the Senior

Leadership Education Program at theSEI

15,000Registered attendance at CMMIcourses this year

120,000Hours o training delivered by the

CERT Virtual Training Environment

859Publications & books (respectively)

published by the SEI to date.

Did you know....



Paul D. NielsenDirector

Chie Executive Ocer

Clyde G. ChittisterChie Operating Ocer



SEI Sta

The SEI attracts top talent to imple-

ment its expanding objectives, increas-

ing its sta by a third over the past our

years. Sta members are permanent,

ull-time employees; visiting scientists

are temporary SEI employees rom

government, industry, and academia;

aliates are proess

SEI Year in Review 2008

Documents

Transcript of SEI Year in Review 2008