search menu icon-carat-right cmu-wordmark

Automated Assurance of Security Policy Enforcement (2017)

October 2017 Presentation
Peter H. Feiler, Samuel Procter

Presentation on research to detect vulnerabilities early in the lifecycle in architecture models

Publisher:

Software Engineering Institute

Abstract

As DoD mission and safety-critical systems become increasingly connected, exposure due to security infractions is likewise increasing. This project developed techniques to detect vulnerabilities early in the lifecycle in architecture models by producing tools to

  • detect security policy violations early
  • assure that the system implementation enforces the policies and that no security risks are introduced by the runtime architecture
  • automate the execution of security assurance plans

Tools produced in this project have been released under an open-source license and are available on the SEI Github code repository (https://github.com/cmu-sei/AASPE).