Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Staff Profile

Grace A. Lewis

Principal Researcher

Key Responsibilities

Grace A. Lewis is the principal investigator for two research projects related to IoT Security

  • High-Assurance Software-Defined IoT Security is creating an IoT framework that operates, with high assurance, in a resilient and trustworthy manner even in the presence of a powerful and realistic attacker who can compromise IoT devices, control nodes, and other intermediaries. The software-defined IoT infrastructure is composed of (i) a high-assurance control node that monitors security-relevant events and alters the "security postures" of IoT devices to enforce specific policies; (ii) trusted data nodes that execute these security postures for each IoT device using "micro-middleboxes"; and (iii) firmware-hardened IoT device nodes, which can be untrusted (e.g., commodity), or trusted (e.g., custom-built by a trusted contractor) but have verifiably secure communication with the control node and data nodes.
  • Authentication and Authorization of IoT Devices in Tactical Environments is evaluating, adapting, and implementing an IETF proposal for authentication and authorization in constrained environments (ACE) such that it is resilient to high-priority threats of tactical environments (e.g., node impersonation and capture) that are currently not addressed in ACE.

She also led the work in Tactical Computing and Communications (TCC) that developed tactical cloudlets. The tactical cloudlet software is available as KD-Cloudlet on GitHub.

Areas of expertise: edge computing, cloud computing, software architecture, service-oriented architecture, technology evaluation, IoT security

Professional Background

Grace Lewis is a Principal Researcher at the Software Engineering Institute at Carnegie Mellon University. Lewis has over 25 years of professional software development experience in industry and research environments. Her main areas of expertise and interest include edge computing, cloud computing, software architecture, service-oriented architecture, IoT security, and technology evaluation.

Before joining the SEI, Lewis was Chief of Systems Development for Icesi University, where she served as project manager and technical lead for the university-wide administrative systems. Other work experience includes Design and Development Engineer for the Electronics Division of Carvajal S.A. where she developed software for communication between PCs and electronic devices and embedded software on devices microcontrollers. 

At the SEI she has worked in the area of Commercial-of-the-Shelf (COTS) Based Systems, Legacy System Modernization, Systems of Systems Engineering, and Service-Oriented Architecture (SOA), where she has a vast number of publications. Her current areas of work are secure and efficient computing and communications in resource-constrained environments and IoT security.

Lewis has teaching experience at the graduate and undergraduate level. She serves various roles in the Master of Software Engineering professional programs at Carnegie Mellon University.

Lewis hold a BSc in Software Systems Engineering from Icesi University in Cali, Colombia; a Post-Graduate Specialization in Business Administration from Icesi University; a Master of Software Engineering from Carnegie Mellon University in Pittsburgh, PA USA; and a PhD in Computer Science from Vrije Universiteit Amsterdam, Netherlands.

Publications (recent or significant)


Selected External Publications

SEI Publications


Search the library for additional publications by author


Tactical Technologies Group (TTG)

High-Assurance Software-Defined IoT Security

Authorization and Authentication of IoT Devices in Tactical Environments


  • PhD, Computer Science, Vrije Universiteit Amsterdam
  • MS, Software Engineering, Carnegie Mellon University
  • Post-Graduate Specialization, Business Administration, Icesi University
  • BS, Software Systems Engineering, Icesi University

Professional Memberships

  • IEEE Technical Council on Software Engineering, TCSE Executive Vice Chair
  • IEEE Computer Society Technical & Conference Activities Board (T&C) Executive Committee, Treasurer
  • IEEE Technical Council on Software Engineering - Member-at-Large
  • IEEE - Senior Member
  • CMU MSE Executive Committee

Current Professional Activities

Conference Organization

  • Early Career Researchers Forum Co-Chair: ICSA 2018 - IEEE International Conference on Software Architecture - April 30 - May 4, 2018 - Seattle, WA USA
  • Technical Program Co-Chair: MobileSoft 2018 - 5th IEEE/ACM International Conference on Mobile Software Engineering and Systems - co-located with the 40th International Conference on Software Engineering (ICSE 2018) - May 27-28, 2018 - Gothenburg, Sweden
  • Industrial Co-Chair: ECSA 2018 - 12th European Conference on Software Architecture - September 24-28, 2018 - Madrid, Spain

Current Program Committees

  • WF-IOT 2018 - IEEE World Forum on Internet of Things - February 5-8, 2018 - Singapore
  • ICSA 2018 - International Conference on Software Architecture - April 30 - May 4, 2018 - Seattle, WA USA
  • ICT4S 2018 - 5th International Conference on ICT for Sustainability - May 14-18, 2018 - Toronto, Canada
  • ICSE 2018 - 40th International Conference on Software Engineering - Software Engineering in Society (SEIS) Track - May 27 - June 3, 2018 - Gothenburg, Sweden
  • ICDCS 2018 - 38th IEEE International Conference on Distributed Computing Systems - Edge Computing Track - July 2-6, 2018 - Vienna, Austria
  • MOBILITY 2018 - 8th International Conference on Mobile Services, Resources, and Users - July 22-26, 2018 - Barcelona, Spain


Contact Grace A. Lewis