New Technical Reports Published: October 2010-January 2011

« More Announcements

February 1, 2011—The following technical reports and technical notes were published recently by the Software Engineering Institute. For the latest SEI technical reports and papers, see http://www.sei.cmu.edu/library/reportspapers.cfm.

Implementation Guidance for the Accelerated Improvement Method (AIM)

James McHale, Timothy A. Chick, & Eugene Miluk

This report is a description of and aid for implementing the Accelerated Improvement Method (AIM), and is a companion to the Guide for SCAMPI Appraisals: Accelerated Improvement Method (AIM). The intended audience is anyone responsible for implementing CMMI using the Team Software Process (TSP), Six Sigma, and other methodologies—management sponsors and champions, line and support management directly affected by such changes, process group leads and members responsible for implementing such changes, and the team leaders and developers enacting such new methods in concert and combination with their existing practices. This guide is not exhaustive; rather it is a starting point on the road to using CMMI and related technologies to help organizations achieve business objectives using world-class process management techniques.

PDF Download

Guide for SCAMPI Appraisals: Accelerated Improvement Method (AIM)

Eugene Miluk, James McHale, & Timothy A. Chick

The Software Engineering Institute's Accelerated Improvement Method (AIM) incorporates a new version of the Team Software Process (TSP) The Team Software Process Plus (TSP+). TSP+ is a project-based implementation of many of the specific and generic practices of Capability Maturity Model Integration (CMMI) for Development. Organizations using AIM for their improvement approach will be implementing similar processes with similar artifacts. Since these implementations of CMMI start from a common base, the work of appraising such organizations against a specific model scope should benefit from this commonality of approach.

This document therefore provides guidance to lead appraisers and appraisal teams unfamiliar with TSP+ when conducting Standard CMMI Appraisal Method for Process Improvement (SCAMPI) appraisals within organizations that use the TSP+ as a foundational operational practice. The intended benefits of this guidance are (1) to shorten the time needed to prepare and conduct such appraisals; (2) to provide information helpful for appropriate interpretations; (3) and to familiarize SCAMPI leads and appraisal teams with a powerful, proven, and available technology.

PDF Download

Trust and Trusted Computing Platforms

David Fisher, Jonathan M. McCune, & Archie D. Andrews

Hardware-based trusted computing platforms are intended to overcome many of the problems of trust that are prominent in computing systems. In this paper, a result of the Software Engineering Institute's Independent Research and Development Project "Trusted Computing in Extreme Adversarial Environments: Using Trusted Hardware as a Foundation for Cyber Security," we discuss the capabilities and limitations of the Trusted Platform Module (TPM). We describe credential storage, device identity, chains of trust, and other techniques for extending hardware-based trust to higher levels of software-based infrastructure. We then examine the character of trust and identify strategies for increasing trust. We show why acceptance of TPM-based trust has been limited to date and suggest that broader acceptance will require more focus on traditional trust issues and on end-to-end services.

PDF Download

Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data

Michael Hanley

The insider threat continues to be one of the prime issues facing government entities and organizations across critical infrastructure sectors. Extensive catalogues of case material from actual insider events have been used by CERT, part of Carnegie Mellon University’s Software Engineering Institute, to create socio-technical models of insider crime to help educate organizations on the risk of insider crime. Building upon this work, this paper seeks to demonstrate how a useful method for extracting technical information from previous insider crimes and mapping it to previous modeling work can create informed candidate technical controls and indicators. This paper also shows current examples of case material and candidate indicators that have been successfully converted into well-received insider threat training modules.

PDF Download

Adaptive Flow Control for Enabling Quality of Service in Tactical Ad Hoc Wireless Networks

Jeffrey Hansen, Scott Hissam, Craig B. Meyers, Ed Morris, Daniel Plakosh, Soumya Simanta, & Lutz Wrage

Wireless networks for emergency responders and military personnel operating in tactical situations are often assembled without any preexisting infrastructure (i.e., ad hoc) and are subject to changing topology as nodes enter or leave service or move (i.e., are mobile) in the environment. These networks often have lower-than-optimal bandwidth and can see further bandwidth reductions due to disadvantageous topologies and other factors. In addition, needed applications must compete for possibly diminishing bandwidth. As a result, such networks are frequently oversubscribed: they cannot fully meet the quality of service (QoS) expectations of all applications.

This report provides an overview of approaches for satisfying QoS expectations in ad hoc wireless networks assembled to support high-criticality crisis and tactical scenarios. It illustrates that these approaches are adaptations of approaches used in wired (often fixed) infrastructures where bandwidth is known and interference is not the norm. It documents and provides experimental evidence for the Adaptive QoS (AQoS) approach that allows applications to adapt bandwidth demand to conditions without the need to know, estimate, or predict available bandwidth. AQoS informs applications that oversubscription is occurring, thereby allowing them to continue to operate, albeit at diminished rate or capacity, and meet mission needs.

PDF Download

A Software Supply Chain Risk Management: From Products to Systems of Systems

Robert Ellison, Christopher Alberts, Rita Creel, Audrey Dorofee, & Carol Woody

Supply chains are usually thought of as manufacturing and delivering physical items, but there are also supply chains associated with the development and operation of a software system. Software supply chain research does not have decades of evidence to draw on, as with physical-item supply chains. Taking a systems perspective on software supply chain risks, this report considers current practices in software supply chain analysis and suggests some foundational practices. The product and supplier selection criteria for system development depend on how a product is used in a system. While many of the criteria for the selection of product suppliers and system development contractors are the same, there is also a significant difference between these kinds of acquisitions. Product development is completed in advance of an acquirer’s product and supplier assessment. There is no guarantee that current supplier development practices were used for a specific product. For custom system acquisitions, acquirers can and should actively monitor both contractor and product supply chain risks during development. This report suggests contractor and acquirer activities that support the management of supply chain risks.

PDF Download

Source Code Analysis Laboratory (SCALe) for Energy Delivery Systems

Robert C. Seacord, William Dormann, James McCurley, Philip Miller, Robert Stoddard, David Svoboda, Jefferson Welch

The Source Code Analysis Laboratory (SCALe) is an operational capability that tests software applications for conformance to one of the CERT secure coding standards. CERT secure coding standards provide a detailed enumeration of coding errors that have resulted in vulnerabilities for commonly used software development languages. The SCALe team at CERT, a program of Carnegie Mellon University’s Software Engineering Institute, analyzes a developer’s source code and provides a detailed report of findings to guide the code’s repair. After the developer has addressed these findings and the SCALe team determines that the product version conforms to the standard, CERT issues the developer a certificate and lists the system in a registry of conforming systems. This report details the SCALe process and provides an analysis of energy delivery systems. Though SCALe can be used in various capacities, it is particularly significant for conformance testing of energy delivery systems because of their critical importance.

PDF Download

A Taxonomy of Operational Cyber Security Risks

James J. Cebula & Lisa R. Young

This report presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. Each class is broken down into subclasses, which are described by their elements. This report discusses the harmonization of the taxonomy with other risk and security activities, particularly those described by the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) Special Publications, and the CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method.

PDF Download

The CERT Approach to Cybersecurity Workforce Development

Josh Hammerstein & Christopher May

For most established organizations, developing and maintaining a competent cybersecurity workforce needs little justification and is, in fact, a central requirement for ensuring resilient operations. As a result, these organizations invest significant resources in attempts to fulfill this requirement. However, most organizations find that the rapid changes and dynamic nature of cybersecurity make keeping their workforce up to date a very challenging problem. This report describes a traditional model commonly used for addressing this challenge, explains some operational limitations associated with that model, and presents a new, continuous approach to cybersecurity workforce development.

PDF Download

Beyond Technology Readiness Levels for Software: U.S. Army Workshop Report

Stephen Blanchette, Jr., Cecilia Albert, & Suzanne Garcia-Miller

The Carnegie Mellon Software Engineering Institute (SEI) facilitated an Army workshop, Beyond Technology Readiness Levels for Software, on August 10-11, 2010. The workshop, part of the ongoing Army Strategic Software Improvement Program (ASSIP), was an attempt to develop an Army perspective on the "right" software information to gather and analyze at significant program decision points (especially Milestones A, B, and C) to determine readiness to proceed to the next acquisition phase. This report synthesizes the workshop presentations, discussions, and outcomes.

PDF Download

Suggestions for Documenting SOA-Based Systems

Stephany Bellomo

This report provides suggestions for documenting service-oriented architecture-based systems based on the Views & Beyond (V&B) software documentation approach. The V&B documentation approach is a lightweight and flexible approach to documenting software architecture developed by Carnegie Mellon University's Software Engineering Institute.

This report also includes an overview of several well-known service-oriented architecture (SOA) documentation challenges and suggestions for tailoring and augmenting the V&B approach to address those challenges.

The author hopes that the suggestions presented in this report will help SOA developers to avoid some of the common documentation pitfalls and produce higher quality SOA documentation.

PDF Download

Combining Architecture-Centric Engineering with the Team Software Process

Robert L. Nord, James McHale, & Felix Bachmann

This report contains a description of an architecture-centric life-cycle model that uses the Carnegie Mellon Software Engineering Institute’s architecture-centric engineering (ACE) methods embedded in a Team Software Process (TSP) framework and our experience in piloting the approach in an actual development effort. Combining ACE and TSP provides an iterative approach for delivering quality systems on time and within budget. TSP provides the infrastructure in estimation, planning, measurement, and project management. ACE provides the means for designing, evaluating, and implementing a system so that it will satisfy its business and quality goals. Bringing these approaches together results in something that is much more than the sum of the parts. The combined approach offers help to organizations to set an architecture/developer team in motion using mature, disciplined engineering practices that produce quality software quickly.

PDF Download

Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability

John Haller, Bradford J. Willke, Samuel A. Merrell, & Matthew J. Butkovic

As nations recognize that their critical infrastructures have integrated sophisticated information and communications technologies (ICT) to provide greater efficiency and reliability, they quickly acknowledge the need to effectively manage risk arising from the use of these technologies. Establishing a national computer security incident management capability can be an important step in managing that risk. In this document, this capability is referred to as a National Computer Security Incident Response Team (National CSIRT), although the specific organizational form may vary among nations. The challenge that nations face when working to strengthen incident management is the lack of information that provides guidance for establishing a capacity appropriate to the nation, understanding how it supports national cyber security, and managing the national incident management capability. This document--first in the Best Practices for National Cyber Security Series--provides insight that interested organizations and governments can use to begin to develop a national incident management capability. The document explains the need for national incident management and provides strategic goals, enabling goals, and additional resources pertaining to the establishment of National CSIRTs and organizations like them.

PDF Download

Performance Analysis of WS-Security Mechanisms in SOAP-Based Web Services

Marc Novakouski, Soumya Simanta, Gunnar Peterson, Ed Morris, & Grace Lewis

Identity management (IdM) solutions in web services environments are often compared on the levels of performance and security they provide. Selecting the appropriate IdM solution for a given system or application often requires making tradeoffs between security and performance, while also considering the system's contextual and environmental requirements and constraints. This paper presents the results of a series of experiments targeted at analyzing the performance impact of adding WS-Security, a common security standard used in IdM frameworks, to SOAP-based web services. The goal of this work is to establish a baseline of performance data that can be used to explore performance/security tradeoffs in environments with complex attributes, such as resource or bandwidth limitations.

PDF Download

A Workshop on Analysis and Evaluation of Enterprise Architectures

John Klein & Michael Gagliardi

This report summarizes a workshop on analysis and evaluation of enterprise architectures that was held at the Carnegie Mellon Software Engineering Institute (SEI) in April 2010. The SEI invited accomplished practitioners from government and industry to discuss key issues in analyzing and evaluating enterprise architectures. After several opening talks by individuals who presented the state of the practice of enterprise architecture within their own organizations, the group considered a series of questions, including (1) Is there a fundamental difference between analyzing and evaluating enterprise architectures and system of system architectures? (2) How are quality attribute concerns expressed and analyzed in practice for an enterprise architecture? (3) How are enterprise architectures evaluated in practice? For each question, discussion included consideration of the current state of the practice, identification of difficulties sufficient to motivate an organization to seek a solution or an alternative (“pain points”), challenges in current practice, and differences between government and industry contexts. This report summarizes the workshop dialogue and findings, and presents a proposal for an Enterprise Architecture Analysis and Evaluation process.

PDF Download

Strategic Planning with Critical Success Factors and Future Scenarios: An Integrated Strategic Planning Framework

Linda Parker Gates

This report explores the value of enhancing typical strategic planning techniques with the critical success factor (CSF) method and scenario planning. It synthesizes documented theory and research in strategic planning, CSFs, and future scenarios. It proposes an enhanced, integrated information framework for strategic planning that can help organizations understand the broad range of interrelated elements that influence strategy development. Finally, the report provides insights and lessons regarding the value and limitations of the integrated strategic planning framework and suggestions for future work.

PDF Download

Using TSP Data to Evaluate Your Project Performance

Shigeru Sasao, William Nichols, & James McCurley

The Team Software Process (TSP) provides a framework to predictably and effectively build software-intensive products. It relies on data collected by team members to provide insight into how a software project is operating. For this paper, an exploratory data analysis was conducted to investigate other ways that TSP data could be used. A set of measures was determined that allow analyses of TSP projects in terms of their fidelity to the TSP process and their project performance. These measures were applied to a data set of 41 TSP projects from an organization to identify their strengths and weaknesses. Software engineering teams already using TSP for soft-ware development can use the measures provided in this report to gain further insight into their projects.

PDF Download

CMMI for Services, Version 1.3

CMMI Product Team

CMMI (Capability Maturity Model Integration) models are collections of best practices that help organizations to improve their processes. These models are developed by product teams with members from industry, government, and the Carnegie Mellon Software Engineering Institute (SEI).

This model, called CMMI for Services (CMMI-SVC), provides a comprehensive integrated set of guidelines for providing superior services.

PDF Download

CMMI for Development, Version 1.3

CMMI Product Team

CMMI (Capability Maturity Model Integration) models are collections of best practices that help organizations to improve their processes. These models are developed by product teams with members from industry, government, and the Carnegie Mellon Software Engineering Institute (SEI).

This model, called CMMI for Development (CMMI-DEV), provides a comprehensive integrated set of guidelines for developing products and services.

PDF Download

CMMI for Acquisition, Version 1.3

CMMI Product Team

CMMI (Capability Maturity Model Integration) models are collections of best practices that help organizations to improve their processes. These models are developed by product teams with members from industry, government, and the Carnegie Mellon Software Engineering Institute (SEI).

This model, called CMMI for Acquisition (CMMI-ACQ), provides a comprehensive integrated set of guidelines for acquiring products and services.

PDF Download

Program Executive Officer Aviation, Major Milestone Reviews: Lessons Learned Report

Scott Reed & Kathryn Ambrose Sereno

This report documents ideas and recommendations for improving the overall acquisition process and presents the actions taken by project managers in several programs to develop, staff, and obtain approval for their systems. This report contains information on the decision briefings and lessons learned, and describes issues encountered and the recommendations regarding the actual processes that were followed. Finally, this report includes checklists of required actions that will assist new and existing Program Management Offices (PMOs) as they prepare for milestone reviews.

PDF Download

Success in Acquisition: Using Archetypes to Beat the Odds

William E. Novak & Linda Levine

This project on patterns of failure is based on experiences with actual programs and employs concepts from systems thinking to analyze dynamics that have been observed in software development and acquisition practice. The software acquisition and development archetypes, based in part on the general systems archetypes, have been created as part of an ongoing effort to characterize and help manage patterns of counterproductive behavior in software development and acquisition.

This report introduces key concepts in systems thinking and the general systems archetypes, and then applies these concepts to the software-reliant acquisition domain. Twelve selected software acquisition and development archetypes are each described and illustrated by a real-life scenario, and guidance is provided on both recovering from and preventing these dynamics. Finally, the authors consider implications of the work and future directions for research.

PDF Download

Integrated Measurement and Analysis Framework for Software Security

Christopher Alberts, Julia Allen, & Robert Stoddard

In today’s business and operational environments, multiple organizations routinely work collaboratively to acquire, develop, deploy, and maintain technical capabilities via a set of interdependent, networked systems. Measurement in these distributed management environments can be an extremely challenging problem. The CERT Program, part of Carnegie Mellon University’s Software Engineering Institute (SEI), is developing the Integrated Measurement and Analysis Framework (IMAF) to enable effective measurement in distributed environments, including acquisition programs, supply chains, and systems of systems. The IMAF defines an approach that integrates subjective and objective data from multiple sources (targeted analysis, reports, and tactical measurement) and provides decision makers with a consolidated view of current conditions. This report is the first in a series that addresses how to measure software security in complex environments. It poses several research questions and hypotheses and presents a foundational set of measurement concepts. It also describes how meaningful measures provide the information that decision makers need when they need it and in the right form. Finally, this report provides a conceptual overview of the IMAF, describes methods for qualitatively and quantitatively collecting data to inform the framework, and suggests how to use the IMAF to derive meaningful measures for analyzing software security performance.

PDF Download

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Media Contacts: 

Richard Lynch



Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.