Visible to the public A Look at Designed-In Security Needs and Preliminary Successes


Fulfillment of the aspiration of designed-in security requires a re-balancing of costs, benefits, and incentives in the development of software-intensive systems. This re-balancing, if it is to be motivated on the basis of immediately valued outcomes (rather than mandates), must be facilitated by significant enhancements to both development and evaluation practice. There are a number of cases in industry that, in particular development settings, provide compelling evidence of feasibility. In this talk, we take an informal look at some of the common features of these success cases, with particular consideration of the technical interplay of development and evaluation factors. The models, tools, practices, and team culture in these success cases demonstrate this interplay of practices for development and for evaluation. We consider, from the research perspective, how this intertwining can be advanced in ways that can take us well beyond the current industry baseline and potentially lead to approaches that are suitable for at-scale government critical systems. Two particular issues are addressed: The first is the role of evidence accumulation in the simultaneous creation of systems and their assurance cases. The second is the folkloric tradeoff of systems capability with evidenced quality, and the hypothesis that this may not always be a necessary feature -- that designed-in security approaches can improve productivity overall.


William L. Scherlis is a full Professor in the School of Computer Science at Carnegie Mellon. He is director of CMU's Institute for Software Research (ISR) in the School of Computer Science and the founding director of CMU's PhD Program in Software Engineering. Since Jan 2012 he has also been serving as Acting CTO for the Software Engineering Institute. His research relates to software assurance, software analysis, and assured safe concurrency. Dr. Scherlis joined the Carnegie Mellon faculty after completing a Ph.D. in Computer Science at Stanford University, a year at the University of Edinburgh (Scotland) as a John Knox Fellow, and an A.B. at Harvard University.

Scherlis has led the Fluid Project for more than a decade, which has focused on techniques and practices for scalable software assurance, leading to a family of tools for "analysis-based verification," based primarily on sound static analysis but also including dynamic and heuristic analysis. Building on the use of fragmentary specifications, the project emphasizes issues of scalability, composability, and usability in the development of techniques to assure safe concurrency. Some of the technologies are commercialized through a Carnegie Mellon spinoff, and these versions have been applied to larger-scale systems including Hadoop, Java system libraries such as java.util.Concurrent, and diverse proprietary and open source systems such as app servers and simulation engines.

Scherlis was principal investigator for the Carnegie Mellon/NASA High Dependability Computing Project (HDCP), in which CMU led a collaboration with five universities (MIT, USC, U Wash, U Md, U Wisc) to help NASA address long-term software dependability challenges.

Scherlis has testified before Congress on innovation and information technology, and, previously, on roles for a Federal CIO. He interrupted his career at CMU to serve at Defense Advanced Research Projects Agency (DARPA) for six years, departing in 1993 as a senior executive. While at DARPA his responsibilities related to research and strategy in software technology, computer security, information infrastructure, and other topics. He was involved in the initiation of the high performance computing and communications (HPCC) program (now NITRD) and in creating the concept of operations for CERT-like organizations, several hundred of which are now in operation world-wide.

Scherlis chaired the National Research Council (NRC) study committee on defense software producibility, which recently released its final report Critical Code: Software Producibility for Defense. He served multiple terms as a member of the DARPA Information Science and Technology Study Group (ISAT). He also chaired a NRC study on information technology, innovation, and e-government, and has led or participated in other national studies related to cybersecurity, crisis response, analyst information management, Ada, and health care informatics infrastructure. He has been an advisor to major IT companies and is a founder of SureLogic and Panopto. He has served as program chair for a number of technical conferences, including the ACM Foundations of Software Engineering (FSE) Symposium. He has more than 80 scientific publications. He is a Fellow of the IEEE and a lifetime National Associate of the National Academy of Sciences.

Preview: Text

Other available formats:   

A Look at Designed-In Security Needs and Preliminary Successes
Switch to experimental viewer