search menu icon-carat-right cmu-wordmark

Dynamic Design Analysis

October 2017 Presentation
Rick Kazman

Presentation on research to identify dynamic dependencies that result from the way modern systems are composed


Software Engineering Institute



Increasingly, software systems are composed at runtime. Yet, the impact of runtime composition on design quality is unknown. Static analysis, a state-of-the-practice approach, has demonstrated that dependency-caused design hotspots make security vulnerabilities more likely, but it does not detect the effect of dynamic dependencies. In this work, we are creating tooling to identify dynamic dependencies as well as other information that is not available via static, parsing-based approaches, to both determine and augment the information that is missing in static approaches. One transition opportunity for DoD is envisioned to be extensions to the open standard-based 18F project on Compliance Masonry for automate production of Authority to Operation (ATO) documentation.