SEI Documents List
[2007] [2006] [2005] [2004] [2003] [2002] [2001] [2000] [1999] [1998] [1997] [1996] [1995] [1994] [1993] [1992] [1991] [1990] [1989] [1988] [1987] [1986] [PDF]
1997 Reports
Handbooks
CMU/SEI-97-HB-001,
ADA320732
C4 Software Technology Reference Guide-A Prototype
Foreman, J.; Gross, J.; Rosenstein, R.; Fisher, D.; & Brune, K.
The Air Force acquisition community tasked the Software Engineering Institute (SEI) to create a reference document that would provide the Air Force with a better understanding of software technologies. This knowledge will allow the Air Force to systematically plan the research and development (R&D) and technology insertion required to meet current and future Air Force needs, from the upgrade and evolution of current systems to the development of new systems.
The initial release of the Software Technology Reference Guide is a prototype to provide initial capability, show the feasibility, and examine the usability of such a document. This prototype generally emphasizes software technology of importance to the C4I (command, control, communications, computers, and intelligence) domain. This emphasis on C4I neither narrowed nor broadened the scope of the document; it did, however, provide guidance in seeking out requirements and technologies. It served as a reminder that this work is concerned with complex, large-scale, distributed, real-time, software-intensive, embedded systems in which reliability, availability, safety, security, performance, maintainability, and cost are major concerns.
http://www.sei.cmu.edu/publications/documents/97.reports/97hb001/97hb001abstract.html
CMU/SEI-97-HB-003,
ADA325551
Practical Software Measurement: Measuring for Process Management and Improvement
Florac, W.; Park, R.; & Carleton, A.
This guidebook shows how well-established principles and methods for evaluating and controlling process performance can be applied in software settings to help achieve an organization's business and technical goals. Although the concepts that are illustrated are often applicable to individual projects, the primary focus is on the enduring issues that enable organizations to improve not just today's performance, but the long-term success and profitability of their business and technical endeavors.
http://www.sei.cmu.edu/publications/documents/97.reports/97hb003/97hb003abstract.html
CMU/SEI-97-HB-002,
ADA328098
Software Acquisition Risk Management Key Process Area (KPA)-A Guidebook Version 1.0
Gallagher, B.; Alberts, C.; & Barbour, R.
In this guidebook, we hope to provide sponsors of acquisition improvement programs and their immediate staff with guidelines on how to implement a software acquisition risk management program satisfying the goals of the Acquisition Risk Management (ARM) Key Process Area (KPA) of the Software Acquisition Capability Maturity Model® (SA- CMM®). Brief overviews of software acquisition and the SA-CMM are included.
http://www.sei.cmu.edu/publications/documents/97.reports/97hb002/97hb002abstract.html
Continuous Risk Management Guidebook
Dorofee, A.; Walker, J.; Alberts, C.; Higuera, R.; Murphy, R.; & Williams, R.
The purpose of the Continuous Risk Management Guidebook is to explain what Continuous Risk Management is; to help you understand the principles, functions, methods, and tools; to show what it could look like when implement its own adaptation. The intent is not to provide a "cookie-cutter" answer for everyone. There is no such answer. This is a generic practice with a variety of methods and tools from which to choose. It is meant to be adapted to suit an organization and a project.
To purchase the guidebook, please contact-
Center for Information Systems Engineering
Carnegie Mellon University
412-268-1700
FAX 412-804-3290
E-mail: info@cise.cmu.edu
Security Improvement Modules
CMU/SEI-SIM-001,
ADA329629
Detecting Signs of Intrusion
Cunningham, L.; Firth, R.; Ford, G; Fraser, B.; Kochmar, J.; Konda, S; Richael, J.;
& Simmel, D.
The module provides concrete, practical guidance to help organizations improve the security of their networked computer systems. It describes a set of practices that can help detect intrusions by looking for the "fingerprints" of known intrusion methods.
http://www.cert.org/security-improvement/#modules
Special Reports
CMU/SEI-97-SR-009,
ADA331515
How to Use the Software Process Framework
Gates, L.
This report is intended to provide guidance on how to use the Software Process Framework (SPF) for reviewing, analyzing, and designing software process documents that are consistent with the Capability Maturity Model® (CMM®) for Software, Version 1.1. This guidance is not "how to design" or "how to analyze" software process documents in general. Rather, the guidance is focused on how to use the Software Process Framework for those purposes. The purpose of this report is to clarify the intended usage of the SPF and describe usage scenarios that have evolved through the use of the SPF in the software development community over several years. This report is intended to be used as a supplement to the SPF, not by itself. It is assumed that the reader is familiar with the CMM, is experienced in software process improvement and definition, and has skill in designing or analyzing software process documents.
http://www.sei.cmu.edu/publications/documents/97.reports/97sr009/97sr009abstract.html
CMU/SEI-97-SR-008,
ADA327776
Perspective on the State of Research in Fault-Tolerant Systems, A
Weinstock, C. & Gluch, D.
As computers take on a greater role in society, their dependability is becoming increasingly important. Given software's critical role in computing systems, reliable software has emerged as crucial to achieving a dependable infrastructure. Using a system perspective that recognizes the prominence of software, we characterize the current state of fault- tolerance research as it contributes to the dependability of computer systems and we conjecture on future directions for this research area.
http://www.sei.cmu.edu/publications/documents/97.reports/97sr008/97sr008abstract.html
CMU/SEI-97-SR-001,
ADA325553
Proceedings of the Introducing Requirements Management into Organizations Workshop: Requirements Management Transition Packages (November 11-13, 1996)
Fowler, P. & Patrick, M.
This document summarizes the findings and presents the raw data from the Introducing Requirements Management into Organizations workshop hosted by the SEI (Software Engineering Institute) in November 1996. A transition package consists of a process description, related materials for users of the description, and materials for use by change agents in action teams and technical working groups introducing requirements management processes and tools into their organizations. The workshop participants considered the feasibility of building a transition package to expedite the adoption of effective requirements management practice and concluded that a transition package can and should be built for requirements management. This document records and publicizes the findings of the workshop, including problems and opportunities related to requirements management transition packages identified by workshop participants.
http://www.sei.cmu.edu/publications/documents/97.reports/97sr001/97sr001abstract.html
CMU/SEI-97-SR-010,
ADA328634
Report of the Reuse and Product Lines Working Group of WISR8
Clements, P.
This report summarizes the discussions held by the Reuse and Product Lines working group at the Eighth Workshop on Software Reuse (WISR8). The working group was chartered to explore the range of issues and practices necessary for the successful fielding of a software product line, which is a collection of systems that are built from a common set of core assets. Issues addressed include the relation between a product line and a domain, benefits of the product line approach to software development, organizational factors, effects of the products' domain and context, risks, the role of architecture and architects, and managing change and variation. Maintaining intellectual control was a theme that arose repeatedly during the discussion.
http://www.sei.cmu.edu/publications/documents/97.reports/97sr010/97sr010abstract.html
CMU/SEI-97-SR-016,
ADA330926
Report of the STEP '97 Workshop on Net-Centric Computing
Tilley, S. & Storey, M.
As part of the STEP '97 conference, workshop W2b, Net-Centric Computing, was held on Thursday, July 17, 1997. Through focused presentations and open discussion, this workshop explored net-centric computing and its potential impact on software users, application developers, and system administrators. This report describes the STEP '97 conference, overviews the Net-Centric Computing workshop, and provides a summary of the invited presentations.
http://www.sei.cmu.edu/publications/documents/97.reports/97sr016/97sr016abstract.html
CMU/SEI-97-SR-003,
ADA324232
Report to the President's Commission on Critical Infrastructure Protection
Ellis, J.; Fisher, D.; Longstaff, T.; Pesante, L.; & Pethia, R.
This report was submitted to the President's Commission on Critical Infrastructure Protection for their consideration. Based on the experience of the CERT Coordination Center®, we identify threats to and vulnerabilities of the Internet and estimate the cascade effect that a successful, sustained attack on the Internet would have on the critical national infrastructures set out in Executive Order 13010. Finally, we discuss the implications for public policy and make specific recommendations.
http://www.sei.cmu.edu/publications/documents/97.reports/97sr003/97sr003abstract.html
CMU/SEI-97-SR-013,
ADA328632
Software Acquisition Process Maturity Questionnaire
Ferguson, J.; Cooper, J.; Falat, M.; Fisher, M.; Guido, A.; Marciniak, J.; Matejceck,
J.; & Webster, R.
This package contains a copy of the software acquisition process maturity questionnaire. It is intended for those interested in performing and learning about software acquisition process appraisals. This questionnaire is not an appraisal method itself; rather, it is a tool that may be used in different appraisal methods.
http://www.sei.cmu.edu/publications/documents/97.reports/97sr013/97sr013abstract.html
CMU/SEI-97-SR-002,
ADA324230
Turbo-Team Approach to Establishing a Software Test Process at Union Switch & Signal, A
McAndrews, D.; Marchok Ryan, J.; & Fowler, P.
Process improvement teams are often created and tasked to make complex changes in an organization, but are not provided with the tools necessary for success. This report describes what one team did to successfully install a software testing process in an organization. The principles of a turbo-team approach are introduced and a defined process for working in teams to introduce a new software technology is adapted from the prototype Process Change Guide developed by the Software Engineering Institute (SEI). Artifacts of this effort are included and described as examples for other teams to reference. Successes and lessons learned are described.
http://www.sei.cmu.edu/publications/documents/97.reports/97sr002/97sr002abstract.html
CMU/SEI-97-SR-019,
ADA332592
Workshop on COTS-Based Systems
Oberndorf, P.; Brownsword, L.; Morris, E.; & Sledge, C.
This report documents the proceedings of the first Workshop on COTS-Based Systems, held at the Software Engineering Institute (SEI) June 10-11, 1997. It describes the workshop activities, the discussions of the three breakout groups, and some general conclusions reached by the participants in the workshop.
http://www.sei.cmu.edu/publications/documents/97.reports/97sr019/97sr019abstract.html
CMU/SEI-97-SR-014,
ADA329326
Workshop on the State of the Practice in Dependably Upgrading Critical Systems
Gluch, D. & Weinstock, C.
This report describes the results of the Workshop on the State of the Practice in Dependably Upgrading Critical Systems held April 16-17, 1997 at the Software Engineering Institute. The workshop addressed a broad spectrum of issues associated with dependably and cost-effectively upgrading systems, primarily those with reliability or real-time requirements.
Technical Reports
CMU/SEI-97-TR-009,
ADA350658
Approach for Selecting and Specifying Tools for Information Survivability, An
Firth, R.; Fraser, B.; Konda, S.; & Simmel, D.
As today's technology becomes increasingly complex to manage, administrators of survivable systems will need to place increased reliance on tools to assist them. The selection and specification of these tools must be conducted in a reliable, systematic fashion. This paper proposes a lexicon of functionalities to characterize survivable systems activities, and an approach to analyze networked systems environments. Application of this analysis approach will assist organizations in establishing criteria for selecting tools, and to identifying requirements for new tool development to accommodate needs not met by currently available tools.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr009/97tr009abstract.html
CMU/SEI-97-TR-014,
ADA336213
Approaches to Legacy System Evolution
Weiderman, N.; Smith, D.; & Tilley, S.
The approach that one chooses to evolve software-intensive systems depends on the organization, the system, and the technology. We believe that significant progress in system architecture, system understanding, object technology, and net-centric computing make it possible to economically evolve software systems to a state in which they exhibit greater functionality and maintainability. In particular, interface technology, wrapping technology, and network technology are opening many opportunities to leverage existing software assets instead of scrapping them and starting over. But these promising technologies cannot be applied in a vacuum or without management understanding and control. There must be a framework in which to motivate the organization to understand its business opportunities, its application systems, and its road to an improved target system. This report outlines a comprehensive system evolution approach that incorporates an enterprise framework for the application of the promising technologies in the context of legacy systems.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr014/97tr014abstract.html
CMU/SEI-97-TR-012,
ADA331014
Discovering DISCOVER
Tilley, S.
This report describes investigations into DISCOVER, a modern software development and maintenance environment. The study is guided by a framework for classifying program understanding tools that is based on a description of the canonical activities that are characteristic of the reverse engineering process. Implications of this work for advanced practitioners, researchers and tool developers, and the framework itself are discussed.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr012/97tr012abstract.html
CMU/SEI-97-TR-004,
ADA327035
Distributed Object Technology with CORBA and Java: Key Concepts and Implications
Wallnau, K.; Weiderman, N.; & Northrop, L.
The purpose of this report is to analyze the potential impact of distributed object technology (DOT) on software engineering practice. The analysis culminates with the conclusion that the technology will have a significant influence on both the design and reengineering of information systems and the processes used to build them. We see a profound impact and fundamental change in both technical thinking and practice as a result of the related technologies we group together as DOT.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr004/97tr004abstract.html
CMU/SEI-97-TR-007,
ADA330880
Enterprise Framework for the Disciplined Evolution of Legacy Systems
Bergey, J.; Northrop, L.; & Smith, D.
Many organizations are planning to "migrate" their legacy systems to distributed open system environments or a single product line of systems. Many of these efforts are often less than successful because they concentrate on a narrow set of software issues without fully considering a broader set of enterprise-wide management and technical issues. This report describes an enterprise framework that characterizes the global environment in which system evolution takes place and provides insight into the activities, processes, and work products that shape the disciplined evolution of legacy systems. Exemplary checklists are included to identify critical enterprise issues corresponding to each of the framework's elements. Preliminary results indicate that the enterprise model is a useful tool for probing and evaluating planned and ongoing system evolution initiatives. The model serves to draw out important global issues early in the planning cycle and provides insight for developing a synergistic set of management and technical practices to achieve a disciplined approach to system evolution.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr007/97tr007abstract.html
CMU/SEI-97-TR-005,
ADA326945
Implications of Distributed Object Technology for Reengineering
Weiderman, N.; Northrop, L.; Smith, D.; Tilley, S.; & Wallnau, K.
Distributed object technology is profoundly changing the ways in which software systems evolve over time. To a large extent, the focus of reengineering has been to understand legacy systems and to extract their essential functionality so that they can be rewritten as more robust and more maintainable systems over the long term. However, object technology, wrapping strategies, and the Web may be changing the focus and economics of reengineering. The question posed by this paper is the extent to which reengineering strategies ought to continue to use program understanding technology. The cost/benefit ratio of certain forms of program understanding appears to be staying roughly the same over time, while the cost/benefit ratio of wrapping legacy systems or their subsystems is dropping rapidly. As a result, new reengineering strategies that place less emphasis on deep program understanding, and more emphasis on distributed object technologies, should now be considered.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr005/97tr005abstract.html
CMU/SEI-97-TR-001,
ADA335543
Personal Software Process (PSP): An Empirical Study of the Impact of PSP on Individual Engineers, The
Hayes, W. & Over, J.
This report documents the results of a study that is important to everyone who manages or develops software. The study examines the impact of the Personal Software Process (PSP) on the performance of 298 software engineers. The report describes the effect of PSP on key performance dimensions of these engineers, including their ability to estimate and plan their work, the quality of the software they produced, the quality of their work process, and their productivity. The report also discusses how improvements in personal capability also improve organizational performance in several areas: cost and schedule management, delivered product quality, and product cycle time.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr001/97tr001abstract.html
CMU/SEI-97-TR-010,
ADA330928
Playing Detective: Reconstructing Software Architecture from Available Evidence
Kazman, R. & Carriere S.
Because a system's software architecture strongly influences its ability to support quality attributes such as modifiability, performance, and security, it is important to be able to analyze and reason about that architecture. However, architectural documentation frequently does not exist, and when it does, it is often out of sync with the implemented system. In addition, it is rare that software development begins with a clean slate; systems are almost always constrained by existing legacy code. As a consequence, we need to be able to extract information from existing system implementations and reason architecturally about this information. This paper presents Dali, an open, lightweight workbench that aids an analyst in extracting, manipulating, and interpreting architectural information. By assisting in the reconstruction of architectures from extracted information, Dali helps an analyst redocument architectures and discover the relationship between "as-implemented" and "as-designed" architectures.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr010/97tr010abstract.html
CMU/SEI-97-TR-003,
ADA327610
Product Line Practice Workshop Report
Bass, L.; Clements, P.; Cohen, S.; Northrop, L.; & Withey, J.
The first Software Engineering Institute Product Line Practice Workshop was a hands-on meeting held in December 1996 to share industry and government practices in software product lines and to explore the technical and non-technical issues involved. This report synthesizes the workshop presentations and discussions, which identified factors involved in product line practices and analyzed issues in the areas of architecture, people-organization-management, and business models.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr003/97tr003abstract.html
CMU/SEI-97-TR-008,
ADA331480
Software Process Automation: Interviews, Survey, and Workshop Results
Belton, T.; Christie, A.; Cordelle, D.; Ferotin, J.; Levine, L.; Morris, E. J.; Proctor, L.;
Riddle, B.; Solvay, J.; & Zubrow, D.
This report describes the results of a two-year study of experiences with the adoption and use of software process automation. The work was motivated by a desire to provide insights and guidelines to those planning to implement this technology. The focus of the study was primarily, but not exclusively, on end-user organizations. The study was conducted in three stages: First, in-depth interviews were conducted to assess the state of the practice. Second, a survey questionnaire was distributed to a wider number of organizations to obtain more quantitative data. The populations in these two groups turned out to be quite different, a fact that we believe enriches the content of this report. Finally, a one-day workshop was held, the objective of which was to explore with practitioners why the gap between the theory and practice of software process automation is as large as it is. A previous report by Alan Christie, et al. [Christie 96] documented the results of the in-depth interviews in detail. This report now summarizes the results of the interviews, and describes in more detail the questionnaire survey and the workshop. It also provides both insight for process automation tool developers and guidelines for adoption to process-automation end users.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr008/97tr008abstract.html
CMU/SEI-97-TR-029,
ADA343692
Steps in an Architecture Tradeoff Analysis Method: Quality Attribute Models and Analysis
Barbacci, M.; Carriere, S.; Feiler, P.; Klein, M.; Lipson, H.; Longstaff, T.; &
Weinstock, C.
This paper presents some of the steps in an emerging architecture tradeoff analysis method (ATAM). The objective of the method is to provide a principled way to understand a software architecture's fitness with respect to multiple competing quality attributes: modifiability, security, performance, availability, and so forth. These attributes can interact or conflict-improving one often comes at the price of worsening one or more of the others, thus it is necessary to trade off among multiple software quality attributes at the time the software architecture of a system is specified, and before the system is developed. This report illustrates typical quality attribute models, analyses, and tradeoffs using a small real-time industrial application.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr029/97tr029abstract.html
CMU/SEI-97-TR-011,
ADA335653
Study in the Use of CORBA in Real-Time Settings: Model Problems for the Manufacturing Domain, A
Polze, A. (Humboldt University of Berlin); Plakosh, D.; & Wallnau, K.
The Object Management Group's (OMG) Common Object Request Broker Architecture (CORBA) is an important and popular technology that supports the development of object-based, distributed applications. The benefits promised by CORBA (abstraction, heterogeneity, etc.) are appealing in many application domains, including those that satisfy real- time requirements-such as manufacturing. Unfortunately, CORBA was not specified in light of real-time requirements, and so the question remains whether existing object request brokers (ORBs) can be used in real-time settings, or whether developers of real-time systems must await future extensions of CORBA that address real-time issues or use non-CORBA- compliant ORBs. In this report, we describe the application of an off-the-shelf ORB to two real-time model problems. Based on our experiences, we believe that today's ORBs can be used in real-time settings, with certain caveats as outlined in this report. We also outline the concept of composite objects, an approach for extending the range of non-real-time ORBs into a greater variety of real-time settings.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr011/97tr011abstract.html
CMU/SEI-97-TR-013,
ADA341963
Survivable Network Systems: An Emerging Discipline
Ellison, B.; Fisher, D.; Linger, R.; Lipson, H.; Longstaff, T.; & Mead, N.
Society is growing increasingly dependent upon large-scale, highly distributed systems that operate in unbounded network environments. Unbounded networks, such as the Internet, have no central administrative control and no unified security policy. Furthermore, the number and nature of the nodes connected to such networks cannot be fully known. Despite the best efforts of security practitioners, no amount of system hardening can assure that a system that is connected to an unbounded network will be invulnerable to attack. The discipline of survivability can help ensure that such systems can deliver essential services and maintain essential properties such as integrity, confidentiality, and performance, despite the presence of intrusions. Unlike the traditional security measures that require central control or administration, survivability is intended to address unbounded network environments. This report describes the survivability approach to helping assure that a system that must operate in an unbounded network is robust in the presence of attack and will survive attacks that result in successful intrusions. Included are discussions of survivability as an integrated engineering framework, the current state of survivability practice, the specification of survivability requirements, strategies for achieving survivability, and techniques and processes for analyzing survivability.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr013/97tr013abstract.html
CMU/SEI-97-TR-002,
ADA325361
Year 2000 Problem: Issues and Implications, The
Smith, D.; Muller, H.; & Tilley, S.
A lot of attention has recently focused on the possibility that a great deal of software will fail at the turn of the century because of the way dates are stored and processed by computer programs. Attitudes range from alarmist to unconcerned regarding the magnitude and implications of the problem. This report outlines the basic issues of the so-called "Year 2000" (Y2K) problem and discusses some of its implications.
http://www.sei.cmu.edu/publications/documents/97.reports/97tr002/97tr002abstract.html
[2007] [2006] [2005] [2004] [2003] [2002] [2001] [2000] [1999] [1998] [1997] [1996] [1995] [1994] [1993] [1992] [1991] [1990] [1989] [1988] [1987] [1986] [PDF]