Robert J. Ellison
Software Engineering Institute
Publications by Robert J. Ellison
-
Attack Surface Analysis - Reduce System and Organizational Risk
June 08, 2020 • White Paper
Carol Woody, PhDRobert J. Ellison
This paper offers system defenders an overview of how threat modeling can provide a systematic way to identify potential threats and prioritize mitigations.
read -
Exploring the Use of Metrics for Software Assurance
March 07, 2019 • Technical Note
Carol Woody, PhDRobert J. EllisonCharlie Ryan
This report proposes measurements for each Software Assurance Framework (SAF) practice that a program can select to monitor and manage the progress it's making toward software assurance.
read -
Extending AADL for Security Design Assurance of Cyber-Physical Systems
December 16, 2015 • Technical Report
Robert J. EllisonAllen D. HouseholderJohn J. Hudak
This report demonstrates the viability and limitations of using the Architecture Analysis and Design Language (AADL) through an extended example that allows for specifying and analyzing the security properties of an automotive electronics system.
read -
Predicting Software Assurance Using Quality and Reliability Measures
December 22, 2014 • Technical Note
Carol WoodyRobert J. EllisonWilliam Nichols
In this report, the authors discuss how a combination of software development and quality techniques can improve software security.
read -
Assuring Software Reliability
August 15, 2014 • Special Report
Robert J. Ellison
This report describes ways to incorporate the analysis of the potential impact of software failures--regardless of their cause--into development and acquisition practices through the use of software assurance.
read -
Best Practices for Trust in the Wireless Emergency Alerts Service
April 29, 2014 • Podcast
Robert EllisonCarol WoodySuzanne Miller
In this podcast, CERT researchers Robert Ellison and Carol Woody discuss research aimed at increasing alert originators' trust in the WEA service and the public's trust in the alerts that they receive.
learn more -
Maximizing Trust in the Wireless Emergency Alerts (WEA) Service
February 28, 2014 • Special Report
Carol WoodyRobert J. Ellison
This 2014 report presents recommendations for stakeholders of the Wireless Emergency Alerts (WEA) service that resulted from the development of two trust models, focusing on how to increase both alert originators' and the public's trust in WEA.
read -
Best Practices in Wireless Emergency Alerts
February 19, 2014 • Special Report
John McGregorJoseph P. ElmElizabeth Trocki Stark (SRA International, Inc.)
This report presents four best practices for the Wireless Emergency Alerts (WEA) service, including implementing WEA in a local jurisdiction, training emergency staff in using WEA, cross-jurisdictional governance of WEA, and cybersecurity risk management.
read -
Security and Project Management
August 06, 2013 • White Paper
Robert J. Ellison
In this paper, Robert Ellison explains what project managers should consider because they relate to security needs.
read -
Trustworthy Composition: The System Is Not Always the Sum of Its Parts
July 31, 2013 • White Paper
Robert J. Ellison
In this paper, Robert Ellison surveys several profound technical problems faced by practitioners assembling and integrating secure and survivable systems.
read -
Improving Software Assurance
July 05, 2013 • White Paper
Carol WoodyRobert J. Ellison
In this paper, the authors discuss what practitioners should know about software assurance, where to look, what to look for, and how to demonstrate improvement.
read -
Scale: System Development Challenges
July 05, 2013 • White Paper
Carol WoodyRobert J. Ellison
In this paper, the authors describe software assurance challenges inherent in networked systems development and propose a solution.
read -
System-of-Systems Influences on Acquisition Strategy Development
July 02, 2013 • White Paper
Rita C. CreelRobert J. Ellison
In this paper, the authors discuss significant new sources of risk and recommend ways to address them.
read -
Supply-Chain Risk Management: Incorporating Security into Software Development
July 02, 2013 • White Paper
Carol WoodyRobert J. Ellison
In this paper, the authors describe practices that address defects and mechanisms for introducing these practices into the acquisition lifecycle.
read -
A Systemic Approach for Assessing Software Supply-Chain Risk
May 14, 2013 • White Paper
Audrey J. DorofeeCarol WoodyChristopher J. Alberts
In this paper, the authors highlight the approach being implemented by SEI researchers for assessing and managing software supply-chain risks and provides a summary of the status of this work.
read -
Software Security Engineering: A Guide for Project Managers (white paper)
May 13, 2013 • White Paper
Gary McGrawJulia H. AllenNancy R. Mead
In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.
read -
Introduction to System Strategies
June 27, 2012 • White Paper
Robert J. EllisonCarol Woody
In this paper, the authors discuss the effects of the changing operational environment on the development of secure systems.
read -
Supply Chain Assurance Overview
September 01, 2011 • CERT Research Report
Robert J. EllisonChristopher J. AlbertsRita C. Creel
In this section of the research report, the authors attempt to integrate development and acquisition practices with risk-based evaluations and mitigations.
read -
Software Supply Chain Risk Management: From Products to Systems of Systems
December 01, 2010 • Technical Note
Robert J. EllisonChristopher J. AlbertsRita C. Creel
In this report, the authors consider current practices in software supply chain analysis and suggest some foundational practices.
read -
Survivability Analysis Framework
June 01, 2010 • Technical Note
Robert J. EllisonCarol Woody
In this report, the authors describe the Survivability Analysis Framework, which is used to evaluate critical operational capabilities.
read -
Evaluating and Mitigating Software Supply Chain Security Risks
May 01, 2010 • Technical Note
Robert J. EllisonJohn B. GoodenoughCharles B. Weinstock
In this 2010 report, the authors identify software supply chain security risks and specify evidence to gather to determine if these risks have been mitigated.
read -
Cyber Assurance
March 01, 2010 • White Paper
Christopher J. AlbertsRobert J. EllisonCarol Woody
This paper, extracted from the 2009 CERT Research Report, describes planned research tasks in the field of cyber assurance.
read -
Survivability Assurance for System of Systems
May 01, 2008 • Technical Report
Robert J. EllisonJohn B. GoodenoughCharles B. Weinstock
In this report, the authors describe the Survivability Analysis Framework, a structured view of people, process, and technology.
read -
Software Security Engineering: A Guide for Project Managers (book)
March 01, 2008 • Book
Julia H. AllenSean BarnumRobert J. Ellison
In this book, the authors provide sound practices likely to increase the security and dependability of your software during development and operation.
read -
System Strategies References
July 17, 2007 • White Paper
Robert J. EllisonCarol Woody
In this paper, the authors provide references related to system strategies.
read -
The Influence of System Properties on Software Assurance and Project Management
February 06, 2006 • White Paper
Robert J. Ellison
In this paper, Robert Ellison discusses characteristics of software and how they influence how software assurance should be managed.
read -
Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model
August 11, 2005 • White Paper
Eliot Rich (University at Albany State University of New York)Howard F. LipsonDave Mundie
In this paper, the authors identify actions that may inadvertently lead to increased vulnerability to threats from employees, contractors, and clients.
read -
Security and Survivability Reasoning Frameworks and Architectural Design Tactics
September 01, 2004 • Technical Note
Robert J. EllisonAndrew P. MooreLen Bass
In this report, the authors describe an approach to disciplined software architecture design for the related quality attributes of security and survivability.
read -
Acquisition Overview: The Challenges
June 01, 2004 • White Paper
Rita C. CreelRobert J. Ellison
In this paper, the authors raise issues involving how systems are integrated to provide required capabilities.
read -
Quality Attribute Workshops (QAWs), Third Edition
October 01, 2003 • Technical Report
Mario R. BarbacciRobert J. EllisonAnthony J. Lattanze
This report describes the newly revised QAW (Quality Attribute Workshop) and describes potential uses of the refined scenarios generated during it.
read -
Trustworthy Refinement Through Intrusion-Aware Design
October 01, 2002 • Technical Report
Robert J. EllisonAndrew P. Moore
This document has been superseded by CMU/SEI-2003-TR-002.
read -
Trustworthy Refinement Through Intrusion-Aware Design (TRIAD)
October 01, 2002 • Technical Report
Robert J. EllisonAndrew P. Moore
In this report, the authors demonstrate the application of TRIAD to refining a survivability strategy for a business that sells products on the internet.
read -
Quality Attribute Workshops, 2nd Edition
June 01, 2002 • Technical Report
Mario R. BarbacciRobert J. EllisonAnthony J. Lattanze
This report clarifies the context in which a QAW (Quality Attribute Workshop) is applicable, provides a rationale for developing the process and describes it in detail, and concludes with a list of lessons learned and a discussion of how these lessons have helped evolve the process to its current state.
read -
Foundations for Survivable Systems Engineering
May 20, 2002 • White Paper
Robert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)Nancy R. Mead
In this paper, the authors describe their efforts to perform risk assessment and analyze and design robust survivable systems.
read -
Architectural Refinement for the Design of Survivable Systems
October 01, 2001 • Technical Note
Robert J. EllisonAndrew P. Moore
This paper describes a process for systematically refining an enterprise system architecture to resist, recognize, and recover from deliberate, malicious attacks by applying reusable design primitives that help ensure the survival of the enterprise mission.
read -
Quality Attribute Workshops
May 01, 2001 • Technical Report
Mario R. BarbacciRobert J. EllisonJudith A. Stafford
This report describes the QAW (Quality Attribute Workshop) approach, which is a method for evaluating a software-intensive system architecture during the acquisition phase of major programs.
read -
Attack Modeling for Information Security and Survivability
March 01, 2001 • Technical Note
Andrew P. MooreRobert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)
This technical note describes and illustrates an approach for documenting attack information in a structured and reusable form.
read -
Survivable Network Analysis Method
September 01, 2000 • Technical Report
Nancy R. MeadRobert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)
This report, published in 2000, describes the SNA method developed at the SEI's CERT Coordination Center. The SNA method guides stakeholders through an analysis process intended to improve system survivability when a system is threatened.
read -
Quality Attribute Workshop Participants Handbook
January 01, 2000 • Special Report
Mario R. BarbacciRobert J. EllisonCharles B. Weinstock
This report describes the 1) process we use to conduct QAW (Quality Attribute Workshop), 2) information required, 3) suggested tools, and 4) expected outcomes of QAWs.
read -
Case Study in Survivable Network System Analysis
September 01, 1998 • Technical Report
Robert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)Thomas A. Longstaff
In this report, the authors present a method for analyzing the survivability of distributed network systems and an example of its application.
read -
Survivable Network Systems: An Emerging Discipline
November 01, 1997 • Technical Report
David FisherRichard C. Linger (Oak Ridge National Laboratory)Howard F. Lipson
This 1997 report describes the survivability approach to helping assure that a system that must operate in an unbounded network is robust in the presence of attack and will survive attacks that result in successful intrusions.
read -
A Case Study in Requirements for Survivable Systems
January 01, 1996 • White Paper
Robert J. EllisonRichard C. Linger (Oak Ridge National Laboratory)Thomas A. Longstaff
This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system.
read -
Software Development
October 01, 1987 • Technical Report
Susan A. DartRobert J. Ellison
Over the last 20 years, the set of software tools available to developers has expanded considerably. We can illustrate this change by observing some distinctions in the terminology.
read