Mission Assurance

Successful missions from risk-informed decisions in design, operation, and sustainment

Systems and systems of systems, which operate with ever-increasing autonomy, must be designed and architected with the knowledge that they will accomplish missions as intended in contested and challenging environments. Our work aims to assure mission accomplishment, even in the face of adversarial behavior aimed at subverting it.

We develop and apply technologies that identify and manage failure modes with supporting, quantifiable metrics. We develop software architecture instrumentation to enable continuous monitoring of mission effectiveness during operations. We also create and prototype means to effectively adapt operation or degrade it in predictable ways while maintaining effective performance. Additionally, we investigate means to address the challenges arising when systems and software are combined in unforeseen ways for emerging missions.

Featured Work

Insider Threat

CERT researchers devise strategies to help you prevent and detect insider threats and respond if harm results.

Learn More

GraphBLAS: A Programming Specification for Graph Analysis

The GraphBLAS Forum is a world-wide consortium of researchers working to develop a programming specification for graph analysis that will simplify development.

Learn More

Converting a Navy Weapon System from a 32- to a 64-Bit Architecture

The SEI provided an independent assessment of the risks of migrating a weapons control system deployed by the U.S. Navy from one architecture to another.

Learn More

Verifying Distributed, Adaptive Real-Time (DART) Systems

Distributed, adaptive real-time (DART) systems must satisfy safety-critical requirements. We developed a method to verify DART systems and generate assured code.

Learn More

View More Work

Featured Publications

Exploring the Use of Metrics for Software Assurance

March 07, 2019 • Technical Note

Carol Woody, PhD Robert J. Ellison Charlie Ryan

This report proposes measurements for each Software Assurance Framework (SAF) practice that a program can select to monitor and manage the progress it's making toward software assurance.

Download

Program Manager's Guidebook for Software Assurance

December 14, 2018 • Special Report

Kenneth Nidiffer Carol Woody, PhD Timothy A. Chick

This guidebook helps program managers address the software assurance responsibilities critical in defending software-intensive systems, including mission threads and cybersecurity.

Download

DoD Developer’s Guidebook for Software Assurance

December 14, 2018 • Special Report

William Nichols Tom Scanlon

This guidebook helps software developers for DoD programs understand expectations for software assurance and standards and requirements that affect assurance.

Download

Composing Effective Software Security Assurance Workflows

October 18, 2018 • Technical Report

William Nichols Jim McHale David Sweeney

In an effort to determine how to make secure software development more cost effective, the SEI conducted a research study to empirically measure the effects that security tools—primarily automated static analysis tools—had on costs and benefits.

Download

The QUELCE Method: Using Change Drivers to Estimate Program Costs

April 19, 2016 • White Paper

Sarah Sheard

This report introduces the Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE) method for estimating program costs early in a development lifecycle.

Download

From Our Experts

Comments on NIST IR 8269: A Taxonomy and Terminology of Adversarial Machine Learning

February 13, 2020 • Blog Post

Jonathan Spring

The U.S. National Institute of Standards and Technology (NIST) recently held a public comment period on their draft report on proposed taxonomy and terminology of Adversarial Machine Learning (AML). AML sits at the intersection of many specialties of the SEI....

read

Mission Thread Analysis Using End-to-End Data Flows - Part 2

August 19, 2019 • Blog Post

Donald Firesmith

The first blog post in this series provided an overview of the E2E Mission Thread Data Flow Analysis (EMDA) method, an approach that analyzes the flow of data as they traverse end-to-end mission threads through the architecture components of a...

read

Mission Thread Analysis Using End-to-End Data Flows - Part 1

August 05, 2019 • Blog Post

Donald Firesmith

Although the vast majority of military missions require the successful collaboration of multiple cyber-physical systems within an overall system of systems (SoS), almost all system and software architects work on programs developing or sustaining individual systems and subsystems. Often, they...

read

The Organizational Impact of a Modular Product Line Architecture in DoD Acquisition - Third in a Series

April 29, 2019 • Blog Post

Nickolas Guertin

This post was co-written by Douglas Schmidt and William Scherlis. To maintain a strategic advantage over its adversaries, the Department of Defense (DoD) must field new technologies rapidly. "It is not about speed of discovery, it is about speed of...

read

A 5-Step Process for Release Planning

April 22, 2019 • Blog Post

Robert Ferguson

Software products are often used for two decades or more. Several researchers have shown the cost of maintenance and sustainment ranges between 40- and 80 percent of the total lifecycle cost with a median estimate near 70 percent. Sometimes executives...

read

View More Publications

History of Innovation at the SEI in Mission Assurance

The SEI has performed innovative research in C4ISR mission assurance for almost 30 years that has benefited government, industry, and academia. Learn more about a few of the highlights.

2015

Enhancing Computing Power at the Edge

KD-Cloudlet, a tool for implementing tactical cloudlets, springs from years of research on cloud computing at the tactical edge. The SEI makes this tool freely available as part of its transition mission.

Read the Story

2014

Attacking Software Vulnerabilities

In 2014, the SEI CERT Division introduced the Tapioca tool to check Android apps for vulnerabilities. In the first year of use, Tapioca was used to check more than 1 million Android apps.

Read the Story

2014

Building Capability to Defend Against Malware

To analyze malware, SEI CERT researchers have developed a suite of tools based on a framework called Pharos, which is built on top of Lawrence Livermore National Laboratory's ROSE compiler infrastructure.

Read the Story

2009

Codifying Resilience Practice

After the 9/11 terror attacks, organizations sought greater operational resilience through security and business continuity. The SEI developed the CERT Resilience Management Model to improve operational resilience.

Read the Story

2002

Tailoring Risk Management Practice

Since the 1990s, SEI risk research has shaped standards for software risk management, enabling program managers in software-intensive programs to identify what could go wrong and mitigate those risks.

Read the Story

2001

Changing Software Contractor Selection Criteria

Through CMMI and SCAMPI, the SEI has made substantial contributions to software contractor appraisal and evaluation processes, strongly influencing government acquisition practices.

Read the Story

1988

Pointing the Way Toward a Software Architecture Discipline

The SEI contributed to a greater understanding of how architectural decisions affect the ease of modifying a user interface, introducing an important concept to the discipline of software architecture in the 1990s.

Read the Story