Designed-In Security

The Designed-in Security (DIS) theme focuses on designing and producing software systems that are resistant to attacks by dramatically reducing the number of exploitable flaws. Using assurance-focused engineering practices, languages, and tools, software developers will be able to develop a system while simultaneously generating the assurance artifacts necessary to attest to the level of confidence in the system’s capabilities to withstand attack.

Research is required to develop:

• Models and techniques to support on-the-fly evidence creation during a systems engineering process
• Mathematically sound techniques to support combination of models and composition of results from separate components
• Analysis techniques (based on model checking, abstract interpretation, semantics-based testing, and/or verification) to enable traceable linking among diverse models and code
• Language design, processing, and tooling techniques that are oriented to achieving high assurance for systems with high levels of capability, modularity, and flexibility
• Team and supply chain practices to facilitate composition of assurance in the supply chain
• Tooling to support information management, configuration management, and developer/team interaction to support rapid and automatic management of the chains of evidence linking software code, models, analysis results, etc
• Psychology and human factors for how to build software specification, implementation, verification, analysis, and testing tools that are easy to use and provide positive feedback to users
• Economics to improve motivation for use of tools through measurement of improved reliability and security