Our system-of-systems software assurance (SoSSA) research focuses on meeting the assurance needs of large-scale, multi-user adaptive information management and command-and-control systems of systems that will be operated in unanticipated ways. Systems of systems built using the service-oriented architecture paradigm can fall into this category.

The key research question is determining what types of evidence (and associated argumentation) are needed to achieve justified confidence that system-of-systems behavior (with respect to quality attributes such as reliability, availability, performance, or security) will be acceptable when the system of systems is used in its actual and evolving usage environments.

We are pursuing four thrusts in this research, areas developed from information collected through interviews conducted with test and evaluation personnel and other inputs. These research thrusts cover a range of near-term to long-range technical and transition goals. (Our white paper provides an in-depth discussion of issues in system-of-systems software assurance.)

Thrust 1: Interoperability Assurance

In this research thrust, we intend to determine how to make systems of systems more robust against the consequences of failure to exchange information properly among system-of-systems constituents. We view this thrust as having near-term impact since we are studying current problems and practices, but the study will provide a basis for a better understanding of key underlying technical issues that must be addressed. We will also be noting acquisition and procedural barriers to putting good interoperability assurance practices in place. Our approach is to

• examine examples of such failures to determine what architecture robustness approaches could make constituents of systems of systems more robust against such interoperability failures.
• examine interoperability assurance practices to determine what types of evidence are needed to provide greater confidence in constituent system interoperability, given the fact that it is difficult (or impossible) and time-consuming to test every interoperable combination
• issue reports analyzing interoperability failures and possible robustness solutions as well as analyzing effective interoperability evaluation practices

Thrust 2: Release Decision Analysis

The objective of this thrust is to improve the soundness and timeliness of system-of-systems release decisions by combining assurance information collected from various sources and phases of development. This thrust is focused on determining how a variety of design, analysis, and test information can be combined to develop increased and justified confidence in system-of-systems behavior.

Thrust 3: Compositional Robustness Evaluation

This is a speculative research thrust aimed at identifying novel ways of predicting and bounding unacceptable system-of-systems behavior (e.g., by use of non-monotonic logic frameworks or the development of robustness guards that limit the scope of unacceptable end-to-end system interactions). This work is in its formative stages.

Thrust 4: Transition and Collaboration Analysis

The objective of this thrust is to better understand barriers and incentives for transitioning new assurance technology into practice. Our initial approach is to identify funders, developers, and users of new assurance technology and their motivations (value exchanges) for supporting the creation and adoption of assurance technology. Our initial work focuses on identifying organizational interactions supporting the development and adoption of assurance technology in the security assurance domain. This overview of assurance technology developers and users will be helpful in determining the most effective transition paths for technology developed by the other research thrusts.