Computing and Software -- Projects

Assurance of Compositions and Federations

High Confidence Software Research Initiative

Internal SourceForge (iSF)

The Research Computing Facility (RCF)

Time-Critical Resource Management in Dynamic C2 Systems

Understanding Object-Oriented Software

Computing and Software

Computing and Software maintains awareness of developments outside MITRE related to the technologies of computer architecture and engineering, computer science, software engineering and the software profession.

Assurance of Compositions and Federations

Gary Vecellio, Principal Investigator

Washington

Problem
In general, commercial composition and federation technologies are designed to solve commercial problems such as business-to-business transactions. While some of our customers’ problems can be mapped into a commercial solution space, many cannot. Complicating this picture is that developing customer-centric, often proprietary, solutions is prohibitive from the perspective of cost, schedule, and maintenance.

Objectives The project will investigate how commercial compositional frameworks and federation technologies can be augmented so they include capabilities that will make high confidence software easier and cheaper to build, deploy, and maintain. It will demonstrate that these augmentations can take the form of mediators and monitors and that they provide a mechanism to enforce domain- and application-specific policies and properties.

Activities
The project will investigate runtime approaches that could be used to augment or harden applications. It will formulate those approaches into mechanisms that can be applied across various composition and federation technologies. It will apply these mechanisms to the commercial technologies that are being used by our customers to show improved development and maintenance characteristics of the technologies.

Impacts
Domain- and application-specific augmentations of commercial compositional and federation technology can be applied to several programs, including the major C2 integration programs and DISA’s Network-Centric Enterprise Services program. In addition, the results of this work can be used to influence commercial products and standards.

High Confidence Software Research Initiative

Chuck Howell, Principal Investigator

Washington

Problem
Across MITRE, a key aspect of our sponsors' systems is an increasing reliance on software. Both the complexity and the consequences of failure of these software-intensive systems are steadily growing. For critical software, our reach exceeds our grasp, yet our reach keeps increasing. For many of the critical systems our nation increasingly depends on, software is the weakest link.

Objectives
This project aims to improve the ability to build, assess, and sustain complex software systems for which compelling evidence is required that the software delivers specified services in a manner that satisfies specified critical properties. The framework for this research is the collection and analysis of technical evidence from multiple sources to calibrate if confidence is justified for a given software system.

Activities
We are developing a tangible means for expressing an “assurance case”: the documented argument for why a system can be trusted to present identified critical characteristics. We are also developing a testing methodology that avoids a “requirements-checkoff” approach and instead focuses on the system’s fitness to present those characteristics. The research concentrates on the challenges introduced by revalidation or certification of rapidly evolving systems.

Impacts
Underlying this initiative is a vision of a self-sustaining role for MITRE as a national resource for high confidence software. If this is a vision and not a hallucination, the impacts include reduced risks of unexpected software failures in critical systems, more effective exploitation of software capabilities in modernization and transformation, and a significant contribution to the national interest.

Internal SourceForge (iSF)

Deborah Ercolini, Principal Investigator

Bedford and Washington

Problem
Software development at MITRE is a nonstandard process; it varies depending on the center, department, and/or project. Software development projects often face a large startup cost due to the project manager and/or developers having to establish processes and functional systems. We will help to solve this by giving users access to a set of software development tools.

Objectives
We will pilot a SourceForge server internal to MITRE, providing a single interface for all software development projects. Developers and project managers will have access to software development tools and resources. SourceForge has many capabilities, including configuration management, bug tracking, task management, and file releases. Analysis of the pilot will help us to understand the requirements of the MITRE software development community.

Activities
A SourceForge server has been installed within MITRE. We have integrated the MITRE LDAP (Lightweight Directory Access Protocol) servers, allowing a user to log on using his/her standard MII username/password. We have also integrated MITRE mailing lists. Throughout this FY03 pilot, we will monitor the use of the system and conduct surveys to better understand the requirements of a software development resource.

Impacts
We believe this pilot will improve software development by providing a single source for tools and resources. Developers and project managers have been requesting this service for some time. If the pilot program is successful, it will provide a consistent way of managing and accessing software development projects, and we will be able to make recommendations for a supported software development system.

Presentation    PDF    

The Research Computing Facility (RCF)

Dave Goldberg, Associate Department Head, G06A

Bedford and Washington

The Research Computing Facility (RCF) provides a distributed computing environment to the MITRE technical community. Our mission is to help MITRE researchers focus more on their research efforts, and less on their computing assets. Our solution is a highly scalable environment, largely based on the Andrew File System (AFS), that provides users a common view of their home directory, project spaces, and application suite regardless of geographic location or supported UNIX platform (currently Solaris, Irix, and Linux). We also conduct our own research into the state of the art in various information technologies to ensure that we can provide our customers with up-to-date capabilities and expertise in the management of their resources. Lessons learned from the management of the RCF are leveraged to support other MITRE work, including support for classified and DMZ-based (external to the MITRE network) systems on a consulting basis. We also provide direct support to various sponsors. In the current year, the RCF has been exploring management of large storage systems, focusing on SAN and backup as well as supporting the development of a MITRE equivalent to sourceforge.net.

Time-Critical Resource Management in Dynamic C2 Systems

E. Douglas Jensen, Principal Investigator

Bedford and Washington

Problem
Battle management command and control (BMC2) systems have multiple resources and needs with numerous constraints that must often be satisfied in seconds to minutes. Resource management is greatly complicated because the systems and their environments are dynamic, with many uncertainties. Commanders need dependable indicators and strong assurances about system behavior.

Objectives
We will help fill the void between traditional real-time resource management and traditional any-time planning and decision-making for machine-to-machine resource management in dynamic BMC2 systems having seconds-to-minutes timeframes. We will apply the theory, methodologies, and tools of utility theory to seek a formal basis, methodology, and proof-of-concept software tool for time/utility function time constraints.

Activities
In collaboration with researchers and a COTS vendor, we will seek a formalism for our time-critical resource management by adapting and extending work from the fields of constraint-based scheduling, utility functions, and machine scheduling. We will derive a methodology and modify a COTS software tool. We will demonstrate the results in a realistic BMC2 application.

Impacts
Resource management in most BMC2 systems – and hence software cost and the system’s cost-effectiveness – usually suffer from insufficient consideration of timeliness, due in large part to inadequate formal bases, methodology, and software tools. This problem is increasingly critical as shorter timeframes of opportunity necessitate automated resource management, and increasingly difficult to solve as warfare becomes more network-centric.

Understanding Object-Oriented Software

Melissa Chase, Principal Investigator

Bedford and Washington

Problem
While object-oriented approaches to software development promise to provide solutions that are faster, cheaper, and reusable, the software delivered contains enough indirection (via inheritance and polymorphism) to make it more difficult for analysts to understand object-oriented versions than strict procedural versions. Through understanding object-oriented code, we can assess qualities such as performance and security, support iterative development, and support reuse.

Objectives
The work of the design pattern software-engineering community provides us with descriptions of best practices, applicability conditions, and consequences of use for specific designs. Hence, we will develop the capability to automatically recognize use of design patterns through static reverse engineering techniques. Moreover, we will develop capabilities to reason about concomitant design rationale and software qualities.

Activities
We are using commercial integrated development environments to extract data on class interactions. First, we will concentrate on recognizing structural patterns and validating recognition results by examining software that contains intentional, documented use of patterns. Second, we will broaden this to cover architectural patterns and reasoning about pattern applicability conditions. Third, we will tackle the interplay among multiple pattern types within a single program.

Impacts
Our results will have direct impact on supporting software acquisition. We will be able to document legacy and newly developed software and to perform architectural compliance tasks. This work is also a prerequisite for analysis of static software vulnerability and malicious code. We will connect with projects that have an anticipated need for this within the next fiscal year.