A Technical History of the SEI

More documents

Recommendations

Info

understand the relationship among the various groups in the community. They defined the following plan of work and are implementing it successfully. 1. Bring reverse engineers together in workshops, training, and mentoring sessions to allow them to learn from each other and to increase the skills and capabilities of reverse engineers with less experience. The team held its first invitational Malicious Code Workshop in October 2004 to discuss the top challenges in malware. By 2012, they had held seven Malicious Code Workshops and seven Malicious Code Training Workshops, the latter focusing on sharing analysis techniques. 2. Build a set of tools and processes to collect malicious code and make that collection available to collaborators so that the number of collection infrastructures can be minimized, particularly within the U.S. government. A catalog of malicious code and analysis processes was developed and is available to malware analysts and researchers. Development and analysis continue. The limited-access Artifact Catalog contained more than 80 million files in January 2013, with typically a million new samples ingested weekly. 3. Automate as many analysis functions as possible so limited resources can be spent on only the novel and the most important malware samples. Reverse engineering is a time-consuming technique—an analyst dissects every instruction in the malware. The SEI malware experts have codified some of their reverse engineering expertise into automated tools, which they share with other analysts in the DoD and intelligence community. The SEI analysts use the tools themselves for research and to fulfill requests from government agencies. The team refines the tools and develops additional ones in the process [Householder 2011; Cohen 2009, 2010]. The Consequence: Faster Response to Malicious Code Attacks, Better Control Malware analysts at government operation centers have advanced tools, shortening their response times; they also have specialized analytical support from the SEI through the CERT/CC artifact analysis team. The Artifact Catalog provides them with an extensive collection of malicious code that supports trending and related research. The automated tools significantly decrease analysis time and enable analysts and researchers to be increasingly effective at identifying and understanding malicious code—understanding that is essential to gaining control over attacks and limiting the damage they cause. The result is increased safety for U.S. government and agency systems. By providing analysis and serving as expert witnesses [Poulsen 2008, Ove 2010, Cruz 2011], SEI malicious code experts have helped to shut down and apprehend a major identity theft and fraud ring, whose activities caused more than $4 million in losses, and helped convict a perpetrator of wire fraud that cost financial institutions an estimated $86 million [Mills 2009]. The SEI Contribution The SEI Malicious Code team has collaborative relationships with both the DoD and the intelligence community. Because of the CERT/CC malware work, SEI collaborators and sponsors have the tools and education needed to streamline analysis and more quickly answer specific questions. The SEI has been a resource to build new capabilities in the U.S. government. Its malware experts CMU/SEI-2016-SR-027 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 174 Distribution Statement A: Approved for Public Release; Distribution is Unlimited.
have put advanced tools in the hands of malware analysts at government operation centers, shortening their response times, and have also provided specialized analytical support to federal agencies. It fosters research with the Artifact Catalog and serves as a neutral third party for collecting, categorizing, and analyzing malware. The SEI has reached out to the community, bringing disparate groups together to collaborate on identifying significant issues and sharing tools and techniques. The Malicious Code Workshops give experts a forum for sharing information and techniques and also help build a community. The SEI malware experts have reached more than 1,100 people through the Malicious Code Workshops and have reached even more through professional conferences, meetings with individual government agencies/departments, and email. References [Bair 1999] Bair, Jeffrey, Associated Press. “Virus Fighters Eye How, Not Who.” The Indiana Gazette, (April 9, 1999): 9. Archived at http://www.newspaperarchive.com/SiteMap/FreePdfPreview.aspx?img=112050250 [Brewin 1999] Brewin, Bob & Verton, Daniel. “Melissa Tests DoD Procedures.” Federal Computer Week, 1999. https://fcw.com/articles/1999/04/11/melissa-tests-dod-procedures.aspx [Cohen 2009] Cohen, C. & Havrilla J. “Malware Clustering Based on Entry Points.” CERT Research Annual Report 2008. Software Engineering Institute, Carnegie Mellon University, 2009. http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=54240 [Cohen 2010] Cohen, C. & Havrilla J. “Function Hashing for Malicious Code Analysis,” CERT Research Annual Report 2009. Software Engineering Institute, Carnegie Mellon University, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=51314 [Cruz 2011] Cruz, Natalie. “Internet Hacker Bruce Raisley Gets Prison for Creating Botnet Computer Virus.” Newsroom New Jersey, April 17, 2011. http://www.newjerseynewsroom.com/science-updates/internet-hacker-bruce-raisley-gets-prison-for-creating-botnet-computer-virus (2011). [Frontline 2000] Power, Richard. “The Financial Costs of Computer Crime.” Interviews with security experts. http://www.pbs.org/wgbh/pages/frontline/shows/hackers/risks/cost.html (2011). [Householder 2011] Householder, Alan. “Announcing the CERT Basic Fuzzing Framework 2.0.” CERT/CC Blog February 28, 2011. http://www.cert.org/blogs/certcc/post.cfm?EntryID=66 [Mills 2009] Mills, Elinor. “‘Iceman’ Pleads Guilty in Credit Card Theft Case.” CNET. June 29, 2009. http://news.cnet.com/8301-1009_3-10275442-83.html (2009). [Ove 2010] Ove, Torsten. “Prolific Computer Hacker Gets 13 Years in Prison.” Pittsburgh Post- Gazette (February 12, 2010). http://www.post-gazette.com/nation/2010/02/12/Prolific-computerhacker-gets-13-years-in-prison/stories/201002120174 [Poulsen 2008] Poulsen, Kevin. “Feds Charge 11 in Breaches at TJ Maxx, OfficeMax, DSW, Others.” Wired. August, 5, 2008. http://www.wired.com/threatlevel/2008/08/11-charged-in-m/ [Ruppe 2001] Ruppe, David. “Hit by Virus, Pentagon Web Site Access Blocked.” ABC News. July 23, 2001. http://abcnews.go.com/International/story?id=80758&page=1#.Tw8C0vKyBac CMU/SEI-2016-SR-027 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 175 Distribution Statement A: Approved for Public Release; Distribution is Unlimited.
Page 1 and 2:
A Technical History of the SEI Larr
Page 3 and 4:
Table of Contents Foreword Preface
Page 5 and 6:
The Consequence: Undergraduate Soft
Page 7 and 8:
References 131 Expanding the CMMI P
Page 9 and 10:
The Challenge: Configuration Suppor
Page 11 and 12:
References 275 Operational Support
Page 13 and 14:
Foreword Angel Jordan University Pr
Page 15 and 16:
to the SEI on a part-time basis as
Page 17 and 18:
Blaise Durante Deputy Assistant Sec
Page 19 and 20:
synergy between the TRA team’s ob
Page 21 and 22:
Preface This report chronicles the
Page 23 and 24:
Abstract This report chronicles the
Page 25 and 26:
1 Introduction CMU/SEI-2016-SR-027
Page 27 and 28:
Introduction In December 1984, the
Page 29 and 30:
promulgate use of modern techniques
Page 31 and 32:
Interpreting the Charter In creatin
Page 33 and 34:
of Defense and flag officers from t
Page 35 and 36:
(CRADA) funding is available to exp
Page 37 and 38:
Another effective mechanism has bee
Page 39 and 40:
2 Real-Time Embedded Systems Engine
Page 41:
Figure 3: Real-Time Embedded System
Page 44 and 45:
Introduction to Real-Time Embedded
Page 46 and 47:
in those developments. The SEI was,
Page 48 and 49:
general-purpose techniques but with
Page 50 and 51:
Summary DoD systems have traditiona
Page 52 and 53:
Ada/Real-Time Embedded Systems Test
Page 54 and 55:
enchmark. Results of testbed experi
Page 56 and 57:
Distributed Ada Real-Time Kernel Th
Page 58 and 59:
Ada Adoption Handbook The Challenge
Page 60 and 61:
[Hefley 1992] Hefley, William; Fore
Page 62 and 63:
processor utilization. The sample a
Page 64 and 65:
References [AFSAB 1988] Air Force S
Page 66 and 67:
also known as using simplicity to c
Page 68 and 69:
Software for Heterogeneous Machines
Page 70 and 71:
[Barbacci 1986b] Barbacci, Mario &
Page 72 and 73:
The increase in processing capacity
Page 74 and 75:
[Lakshmanan 2011] Lakshmanan, Karth
Page 76 and 77:
analysis as well as model tuning fo
Page 78 and 79:
References [Hansen 2004] Hansen, J.
Page 80 and 81:
or asynchronous networked computer
Page 82 and 83:
3 Education and Training CMU/SEI-20
Page 84:
Figure 4: Education and Training Ti
Page 87 and 88:
making materials available to allow
Page 89 and 90:
course offering, while at other uni
Page 91 and 92:
[DoD 1984] Statement of Work for Im
Page 93 and 94:
The curriculum guidelines also sugg
Page 95 and 96:
Undergraduate Software Engineering
Page 97 and 98:
SEI adapted the Personal Software P
Page 99 and 100:
Software Assurance Curriculum for C
Page 101 and 102:
how they relate to business needs.
Page 103 and 104:
Survivability and Information Assur
Page 105 and 106:
The SEI curriculum and others’ co
Page 107 and 108:
The CSEE conference series also bro
Page 109 and 110:
CMU Master of Software Engineering
Page 111 and 112:
Executive Education Program The Cha
Page 113 and 114:
Professional Training The Challenge
Page 115 and 116:
Education and Training Delivery Pla
Page 117 and 118:
[Ardis 2005] Ardis, Mark. “An Inc
Page 119 and 120:
practical for keeping content curre
Page 121 and 122:
[Johnson 2012] Johnson, Col. Rivers
Page 123 and 124:
4 Management CMU/SEI-2016-SR-027 |
Page 125:
Figure 5: Management Timeline CMU/S
Page 128 and 129:
Introduction to Management When the
Page 130 and 131:
neering CMM [SEI 1995] to describe
Page 132 and 133:
under SEI stewardship in 2009. Deve
Page 134 and 135:
References [Averill 1993] Averill,
Page 136 and 137:
[SEI 1995] A Systems Engineering Ca
Page 138 and 139:
The SEI developed a more explicit m
Page 140 and 141:
[Humphrey 1988] Humphrey, Watts; Sw
Page 142 and 143:
opinion leaders and senior managers
Page 144 and 145:
[Hayes 1995] Hayes, William & Zubro
Page 146 and 147:
move from maturity level to maturit
Page 148 and 149:
The People Capability Maturity Mode
Page 150 and 151:
The SEI Contribution As is the case
Page 152 and 153: and security process improvement. T
Page 154 and 155: [Caralli 2004] Caralli, Richard. Ma
Page 156 and 157: 4.6.2.1 CMMI Constellations For CMM
Page 158 and 159: ity and widespread use of the CMMI
Page 160 and 161: Expanding the CMMI Product Suite to
Page 162 and 163: key leaders within that organizatio
Page 164 and 165: The Smart Grid The Challenge: The N
Page 166 and 167: ecoming more widespread. As utiliti
Page 168 and 169: Continuous Risk Management training
Page 170 and 171: [Alberts 2009] Alberts, Christopher
Page 172 and 173: The principal motivator for the dev
Page 174 and 175: References [Carleton 2010] Carleton
Page 176 and 177: Measurement and Analysis The Challe
Page 178 and 179: Carnegie Mellon University, 2002. h
Page 180 and 181: activities. The final set of activi
Page 182 and 183: [Rombach 1989] Rombach, H. Dieter &
Page 184 and 185: 5 Security CMU/SEI-2016-SR-027 | SO
Page 186: Figure 6: Security Timeline CMU/SEI
Page 189 and 190: Introduction to Security In the ear
Page 191 and 192: The CERT/CC helps guard against dev
Page 193 and 194: The SEI concern about risks posed t
Page 195 and 196: Teams (FIRST), which was formed in
Page 197 and 198: [Killcrece 2008] Killcrece, Georgia
Page 199 and 200: The CERT/CC built on its vast colle
Page 201: Malicious Code Analysis The Challen
Page 205 and 206: Secure Coding The Challenge: Preven
Page 207 and 208: end, the SEI has developed training
Page 209 and 210: Network Situational Awareness The C
Page 211 and 212: In 2007, the Comprehensive National
Page 213 and 214: study. In 2011, the DoD began fundi
Page 215 and 216: [CSO 2004] CSO Magazine, in coopera
Page 217 and 218: People who work in small organizati
Page 219 and 220: [Violino 2010] Violino, Bob. “IT
Page 221 and 222: Since its initial development in 20
Page 223 and 224: References [Alberts 2005] Alberts,
Page 225 and 226: 6 Software Engineering Methods CMU/
Page 227 and 228: Introduction to Software Engineerin
Page 229 and 230: were delivered to Army and Air Forc
Page 231 and 232: Configuration Management The Challe
Page 233 and 234: The SEI Contribution The SEI recogn
Page 235 and 236: CASE Environments The Challenge: Ma
Page 237 and 238: The SEI Contribution The CASE work
Page 239 and 240: Software Technology Reference Guide
Page 241 and 242: Reengineering The Challenge: Legacy
Page 243 and 244: [Bergey 1999] Bergey, John; Smith,
Page 245 and 246: 2. Influence is more important than
Page 247 and 248: [Brownsword 2004] Brownsword, Lisa;
Page 249 and 250: Developing Systems with Commercial
Page 251 and 252: The SEI Contribution When the SEI s
Page 253 and 254:
[Tyson 2003] Tyson, Barbara; Albert
Page 255 and 256:
system is safe); (2) evidence suppo
Page 257 and 258:
7 Architecture CMU/SEI-2016-SR-027
Page 259:
1984 1986 1988 1990 1992 1994 1996
Page 262 and 263:
Introduction to Software Architectu
Page 264 and 265:
cation description language, in the
Page 266 and 267:
AFSC/ESD conducted a source selecti
Page 268 and 269:
[Brown 1995] Brown, Alan; Carney, D
Page 270 and 271:
Structural Modeling The Challenge:
Page 272 and 273:
The SEI Contribution As a result of
Page 274 and 275:
Federal Aviation Administration Stu
Page 276 and 277:
evolving understanding of software
Page 278 and 279:
The basic features of Serpent were
Page 280 and 281:
Software Architecture Analysis Meth
Page 282 and 283:
A survey of software architecture e
Page 284 and 285:
Quality Attributes The Challenge: M
Page 286 and 287:
[Barbacci 1995] Barbacci, Mario; Kl
Page 288 and 289:
The Consequence: Effective Evaluati
Page 290 and 291:
[Gallagher 2000] Gallagher, Brian.
Page 292 and 293:
design with some variation built in
Page 294 and 295:
Software Product Lines The Challeng
Page 296 and 297:
A software product line curriculum.
Page 298 and 299:
8 Forensics CMU/SEI-2016-SR-027 | S
Page 300:
Figure 8: Forensics Timeline CMU/SE
Page 303 and 304:
Introduction to Computer Forensics:
Page 305 and 306:
ultimate contribution of SEI digita
Page 307 and 308:
The SEI’s experience with cases s
Page 309 and 310:
Digital Intelligence and Investigat
Page 311 and 312:
that not only apply to the specific
Page 313 and 314:
9 The Future of Software Engineerin
Page 315 and 316:
A Vision of the Future of Software
Page 317 and 318:
In each case, impact is achieved th
Page 319 and 320:
e-estimation as a means to assess p
Page 321 and 322:
and complexity of these systems are
Page 323 and 324:
10 Conclusion CMU/SEI-2016-SR-027 |
Page 325 and 326:
Highlighting 30 Years of Contributi
Page 327 and 328:
developed network situational aware
Page 329 and 330:
Direct Support to Government System
Page 331 and 332:
In the course of these reviews, the
Page 333 and 334:
Appendix Authors Contributing to th
Page 335:
REPORT DOCUMENTATION PAGE Form Appr
show all

A Technical History of the SEI

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?