CERT
 
Research Staff Biographies CMU Heinz School CMU School of Computer Science CERT Statistics US-CERT CyLab
 

STAR*Lab: A Software Development Laboratory for Security Technology Automation and Research

Richard C. Linger

Developing Engineering Automation for Challenge Problems in System Security

CERT has established a software development laboratory in response to the growing needs of its customers. The mission of STAR*Lab (Security Technology Automation and Research Laboratory) is development of theory-based prototype automation that provides solutions to challenge problems in security engineering and software assurance.

Challenge problems are long-standing barriers to progress identified by the Department of Defense (DoD) and other organizations whose solutions can have substantial impact on engineering capabilities. The focus of STAR*Lab is not on producing studies and reports that may leave implementation speculative and undone, but rather on applying theory to develop working tools. The purpose of the laboratory is to help its sponsors achieve three objectives:

  1. Faster development. Solutions must replace time- and resource- intensive operations with engineering automation that permits faster system development.
  2. Improved quality. Solutions must augment human processes with foundations-based automation to improve system security and dependability.
  3. Fewer resources. Solutions must increase the span of intellectual control through automation for more effective use of resources in developing secure systems.

STAR*Lab Operating Principles

The laboratory operates according to three principles:
  1. Foundations-first principle. Theoretical foundations are necessary to ensure completeness and correctness in automated solutions and confidence in the results they produce. All projects start with sound foundations to avoid ad hoc solutions with limited applicability.
  2. Proof-by-automation principle. Automation is essential to replace resource-intensive human operations with solutions that augment intellectual control. All projects will demonstrate solutions through automated engineering tools.
  3. ppractical application principle. Automation must solve challenge problems with practical engineering operations for routine use by practitioners. All projects will scale up engineering solutions for widespread application.

STAR*Lab projects are managed within a gated review structure designed to maintain visibility, reduce risk, and ensure effective use of sponsor resources. Projects must satisfy the requirements of each gate in order to receive funding to progress to the next gate:

  • Gate 1: Challenge problem definition. Each project must address a barrier to progress through a project plan that defines team composition, tasks, and schedules.
  • Gate 2: Theoretical feasibility. Each project must identify theoretical foundations to avoid heuristic or partial approaches of limited value for achieving a comprehensive solution.
  • Gate 3: Proof-of-concept automation. Each project must develop prototype automation that demonstrates application of the theoretical foundations.
  • Gate 4: Scale-up for application. Each project must evolve the prototype automation to scale up engineering capabilities for routine application.

STAR*Lab Projects

Star*Lab is currently engaged in the Function Extraction (FX) for Software Assurance project. This multiyear effort has satisfied the requirements of Gate 3 and is progressing to Gate 4. In addition, the laboratory is ready to capitalize on function extraction technology in four potential FX-based project areas:

Disclaimers and copyright information

Last updated March 13, 2008