SMART Project: Applying Reliability Metrics to Security Vulnerabilities

Presented at DEF CON 18 (2010), Aug. 1, 2010, 3 p.m. (50 minutes).

Battlefield operations depend heavily on network-centric computing systems. Such complex and widely dispersed operations expose network-based systems to unprecedented levels of reliability and security risks. Computer systems and network security are often limited by the reliability of the software running on constituent machines. Faults in the software expose vulnerabilities, pointing to the fact hat a critical aspect of the computer security problem resides in software. This presentation will be covering the latest results of the Software Engineering Research Center's (SERC) SMART Project. SMART stands for Security Measurement and Assuring Reliability through metrics Technology. SMART is the result of a collaboration between SERC and the US Army Research Laboratory (ARL). Through our previous award winning reliability research and our current focus of analyzing large open-source systems, promising results were obtained to support the accurate prediction of the reliability and security of individual and interdependent components in a network-centric environment. Open-source systems being analyzed include Apache, OpenSSH, OpenSolaris, and Firefox. An analysis of our current methods and results of those methods will be given.


Presenters:

  • Dolores Zage - Computer Science, Ball State University
    Wayne Zage and Dolores Zage are professors in the Computer Science Department at Ball State University. They have been conducting research in the Software Engineering Research Center since 1986. Their research in design metrics and models has led to the Zages' design metrics being used at SERC industrial sites as indicators of good software design, to identify fault-prone modules during the design phase of development, and as indicators of where to place effort during software testing. Most recently, they have applied their metrics technology to assess the reliability and security of software systems. Wayne and Dolores Zage received the Alexander Schwarzkopf Prize for Technological Innovation from the National Science Foundation Association in 2007 for their Software Design Metrics.
  • Blake Self - Researcher, S2ERC Security and Software Engineering Research Center
    Blake Self is most widely known for co-authoring the first commercial encrypted instant messenger with Dr. Cyrus Peikari while at VirusMD. He has also worked as a SIPRNET Administrator, Department of Defense Red Team Analyst, and R&D at various corporations including Airscanner and Ontario Systems. He currently works in the automated data collection industry as well as doing research for S2ERC (http://www.serc.net).
  • Wayne Zage - Professor, Computer Science, Ball State University
    Wayne Zage and Dolores Zage are professors in the Computer Science Department at Ball State University. They have been conducting research in the Software Engineering Research Center since 1986. Their research in design metrics and models has led to the Zages' design metrics being used at SERC industrial sites as indicators of good software design, to identify fault-prone modules during the design phase of development, and as indicators of where to place effort during software testing. Most recently, they have applied their metrics technology to assess the reliability and security of software systems. Wayne and Dolores Zage received the Alexander Schwarzkopf Prize for Technological Innovation from the National Science Foundation Association in 2007 for their Software Design Metrics.

Links:

Similar Presentations: