Software Engineering Institute Publications's Documents

  • 35 p.

    CERT® Resilience Management Model (CERT®-RMM) V1.1: NIST Special Publication Crosswalk Version 1

    The CERT® Resilience Management Model (CERT®-RMM) allows organizations to determine how their current practices support their desired levels of process maturity and improvement. This technical note maps CERT-RMM process areas to certain National Institute of Standards and Technology (NIST) special publications in the 800 series. It aligns the tactical practices suggested in the NIST publications to the process areas that describe management of operational resilience at a process level. This technical note is an extension of the CERT-RMM Code of Practice Crosswalk, Commercial Version (CMU/SEI-2011-TN-012).

    Category:Internet & TechnologyReads:22Uploaded:03 / 27 / 2012Add to collection
  • 34 p.

    What’s New in V2 of the Architecture Analysis & Design Language Standard?

    This report provides an overview of changes and improvements to the Architecture Analysis & Design Language (AADL) standard for describing both the software architecture and the execution platform architectures of performance-critical, embedded, real-time systems. The standard was initially defined in the document SAE AS-5506 and published in November 2004 by SAE International (formerly the Society of Automotive Engineers). SAE International published the revised language, known as AADL V2, in January 2009. Feedback from users of the standard guided the plan for improvements. Their experience and suggestions resulted in the addition of component categories to better represent protocols as logical entities (virtual bus), scheduler hierarchies and logical time partitions (virtual processor), and a generic component (abstract). The revisions also led to the abilities to (1) explicitly parameterize component declarations to better express architecture patterns, (2) specify multiple instances of the same component in one declaration (component array) and corresponding connection patterns, (3) set visibility rules for packages and property sets that access other packages and property sets, (4) specify system-level mode transitions more precisely, and (5) use additional property capabilities including property value records.

    Category:Internet & TechnologyReads:30Uploaded:03 / 22 / 2012Add to collection
  • 20 p.

    Principles of Trust for Embedded Systems

    The development of trusted systems is a long-standing, elusive, and ill-defined objective in many domains. This paper gives substance and explicit meaning to the terms trust and trustworthy as they relate to automated systems and to embedded systems in particular. Principles of trust are identified. Some of their implications for software engineering practice and for the design of hardware-based trusted computing platforms are also discussed.

    Category:Internet & TechnologyReads:19Uploaded:03 / 20 / 2012Add to collection
  • 91 p.

    Mission Risk Diagnostic (MRD) Method Description

    Although most programs and organizations use risk management when developing and operating software-reliant systems, preventable failures continue to occur at an alarming rate. In many instances, the root causes of these preventable failures can be traced to weaknesses in the risk management practices employed by those programs and organizations. In particular, Carnegie Mellon? Software Engineering Institute (SEI) field experience indicates that programs and organizations throughout government and industry are unable to assess their risks effectively. For example, SEI independent assessments routinely uncover significant risks that have not been brought to the attention of key decision makers. When decision makers are unaware of significant risks, they are unable to take action to mitigate those risks. As a result, SEI researchers undertook a project to examine and improve the practice of risk assessment. The SEI has developed the Mission Risk Diagnostic (MRD) to assess risk in interactively complex, socio-technical systems across the life cycle and supply chain. To date, the SEI has employed the MRD in a variety of domains, including software acquisition and development, cybersecurity, software security, and business portfolio management. This technical note provides an overview of the MRD method.

    Category:Internet & TechnologyReads:177Uploaded:03 / 20 / 2012Add to collection
  • 63 p.

    Risk-Based Measurement and Analysis: Application to Software Security

    For several years, the software engineering community has been working to identify practices aimed at developing more secure software. Although some foundational work has been performed, efforts to measure software security assurance have yet to materialize in any substantive fashion. As a result, decision makers (e.g., development program and project managers, acquisition program offices) lack confidence in the security characteristics of their software-reliant systems. The CERT? Program at Carnegie Mellon University's Software Engineering Institute (SEI) has chartered the Software Security Measurement and Analysis (SSMA) Project to advance the state-of-the-practice in software security measurement and analysis. The SSMA Project is exploring how to use risk analysis to direct an organization's software security measurement and analysis efforts. The overarching goal is to develop a risk-based approach for measuring and monitoring the security characteristics of interactively complex software-reliant systems across the life cycle and supply chain. To accomplish this goal, the project team has developed the SEI Integrated Measurement and Analysis Framework (IMAF) and refined the SEI Mission Risk Diagnostic (MRD). This report is an update to the technical note, Integrated Measurement and Analysis Framework for Software Security (CMU/SEI-2010-TN-025), published in September 2010. This report presents the foundational concepts of a risk-based approach for software security measurement and analysis and provides an overview of the IMAF and the MRD.

    Category:Internet & TechnologyReads:141Uploaded:03 / 20 / 2012Add to collection
  • 103 p.

    An Investigation of Techniques for Detecting Data Anomalies in Earned Value Management Data

    Organizations rely on valid data to make informed decisions. When data integrity is compromised, the veracity of the decision-making process is likewise threatened. Detecting data anomalies and defects is an important step in understanding and improving data quality. The study described in this report investigated statistical anomaly detection techniques for identifying potential errors associated with the accuracy of quantitative earned value management (EVM) data values reported by government contractors to the Department of Defense. This research demonstrated the effectiveness of various statistical techniques for discovering quantitative data anomalies. The following tests were found to be effective when used for EVM variables that represent cumulative values: Grubbs' test, Rosner test, box plot, autoregressive integrated moving average (ARIMA), and the control chart for individuals. For variables related to contract values, the moving range control chart, moving range technique, ARIMA, and Tukey box plot were equally effective for identifying anomalies in the data. One or more of these techniques could be used to evaluate data at the point of entry to prevent data errors from being embedded and then propagated in downstream analyses. A number of recommendations regarding future work in this area are proposed in this report.

    Category:Internet & TechnologyReads:440Uploaded:03 / 20 / 2012Add to collection
  • 101 p.

    Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE)

    Difficulties with estimating the costs of developing new systems have been well documented, and are compounded by the fact that estimates are now prepared much earlier in the acquisition lifecycle, before there is concrete technical information available on the particular program to be developed. This report describes an innovative synthesis of analytical techniques into a cost estimation method that models and quantifies the uncertainties associated with early lifecycle cost estimation. The method described in this report synthesizes scenario building, Bayesian Belief Network (BBN) modeling and Monte Carlo simulation into an estimation method that quantifies uncertainties, allows subjective inputs, visually depicts influential relationships among program change drivers and outputs, and assists with the explicit description and documentation underlying an estimate. It uses scenario analysis and design structure matrix (DSM) techniques to limit the combinatorial effects of multiple interacting program change drivers to make modeling and analysis more tractable. Representing scenarios as BBNs enables sensitivity analysis, exploration of scenarios, and quantification of uncertainty. The methods link to existing cost estimation methods and tools to leverage their cost estimation relationships and calibration. As a result, cost estimates are embedded within clearly defined confidence intervals and explicitly associated with specific program scenarios or alternate futures.

    Category:Internet & TechnologyReads:26Uploaded:03 / 20 / 2012Add to collection
  • 112 p.

    CERT® Resilience Management Model Capability Appraisal Method (CAM) Version 1.1

    The CERT® Resilience Management Model (CERT®-RMM), developed by the CERT® Program at Carnegie Mellon University’s Software Engineering Institute (SEI), is the result of many years of research and development committed to helping organizations meet the challenge of managing operational risk and resilience in a complex world. In operational terms, resilience is an emergent property of an organization that can continue to carry out its mission after a disruption that does not exceed its operational limit. The ability of an organization to assess its current level of capability using CERT-RMM as the reference model is essential for measuring the current competency of its operational practices, setting improvement targets, and establishing plans and actions to close any gaps. The SEI has developed and maintained the Standard Capability Maturity Model® Integration (CMMI®) Appraisal Method for Process Improvement (SCAMPISM) family of appraisal methods from the CMMI product suite. Consultations with the SEI’s CMMI program manager indicated that it would be appropriate to extend the pedigree of the SCAMPI family of appraisal methodologies for the CERT-RMM Capability Appraisal Method (CAM) Version 1.1. This report demonstrates that the SCAMPI Version 1.2 method can be adapted and applied to CERT-RMM V1.1 as the reference model for a process appraisal.

    Category:Internet & TechnologyReads:34Uploaded:03 / 20 / 2012Add to collection
  • 254 p.

    CERT® Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk Commercial Version 1.1

    CERT® Resilience Management Model (CERT-RMM) provides a reference model that allows organizations to make sense of their practice deployment in a process context. In this context, the primary goal of this document is to help model users and adopters to understand how CERT-RMM process areas, industry standards, and codes of practices that are used by organizations in an operational setting are connected. Additionally, this document helps to achieve a primary goal of CERT-RMM, which is to allow adopters to continue to use their preferred standards and codes of practice at a tactical level while maturing management and improvement of operational resilience at a process level. This document was also created with the objective to permit organizations to use CERT-RMM as a means for managing the complexities of deploying more than one standard or code of practice.

    Category:Internet & TechnologyReads:38Uploaded:03 / 20 / 2012Add to collection
  • 42 p.

    Best Practices for Artifact Versioning in Service-Oriented Systems

    This report describes some of the challenges of software versioning in an SOA environment and provides guidance on how to meet these challenges by following industry guidelines and recommended practices. Managing change in software systems becomes more difficult as the software increases in size, complexity, and dependencies. Part of this task is software versioning, in which version identifiers are assigned to software artifacts for the purpose of managing their evolution. However, software versioning is not a self-contained task. Versioning decisions affect a wide range of processes that fall under the broad heading of change management. With the advent of service-oriented architecture (SOA) as a software-development paradigm, software versioning has become even more en¬twined with the software life cycle, mainly due to the highly distributed nature, multiproduct outcome, and multilayer implementation of service-oriented systems. The report describes typical items that a versioning policy for a service-oriented system should contain, including which artifacts to version, how to apply version control, and the impact of versioning on each phase of the life cycle within an SOA infrastructure.

    Category:Internet & TechnologyReads:80Uploaded:03 / 20 / 2012Add to collection
123...18