Converting a Navy Weapon System from a 32- to a 64-Bit Architecture
A centralized, automated, command-and-control (C2) and weapons control system deployed by the U.S. Navy has played a key role in the United States' ability to project naval power around the globe since the 1980s. This key Navy asset was designed as a total weapon system, from detection to kill, an official Navy description of the platform states. "The computer-based command and decision element is the core of the combat system," the description notes. "This interface makes the system capable of simultaneous operations against multi-mission threats: anti-air, anti-surface, and anti-submarine warfare."
A Difficult Update
In the spring of 2015, the Navy faced a difficult task: it needed to update this key U.S. Navy weapons system by converting its basic software architecture from a 32-bit foundation to a 64-bit foundation. "It was a major undertaking, one that could potentially affect millions of lines of computer code," noted Jay Marchetti, a senior member of the SEI's technical staff. The Navy asked its contractor for the system to assess the risks and schedule the conversion.
And—cognizant of the SEI's reputation as an unbiased, independent expert in software engineering—the Navy also asked the SEI for a second opinion regarding the scope, costs, portability, and risks associated with the migration of such a key system from one architecture to another.
Demonstrating Advances in Code Analysis
"The resulting engagement was good for the Navy and good for the SEI," said Dan Plakosh, a senior engineer at the SEI who worked on the project with Marchetti. "We were able to help them, while at the same time demonstrating that recent advances in code analysis are applicable in large projects."
Through the SEI's analysis, the Navy gained a clearer picture of the 64-bit migration, including the amount of effort it would likely take, how it could be undertaken incrementally, and the technology trends driving the required completion time frame. "We were able to deploy tools across a much wider swath of the code than prior analyses, providing higher confidence in the migration effort estimates as opposed to manually reviewing just a fraction of the total codebase" and then extrapolating those figures for the full project, Marchetti explained.
The SEI's review—using automated tools and the latest static analysis techniques—looked at a substantial portion of the Navy weapons system's code. In doing so, the SEI team demonstrated that static analysis tools are essential for accurately identifying 32- to 64-bit conversion risk areas, particularly in very large codebases. "The SEI approach was faster and much more accurate in finding conversion risks, reducing the overall risk and cost for the program," Plakosh said.
October 24, 2016 Blog Post
The exponential increase in cybercrime is a perfect example of how rapidly change is happening in cyberspace and why operational security is a critical need. In the 1990s, computer crime was usually nothing more than simple trespass. Twenty-five years later,...read