Non-developmental item computer systems and the malicious software threat

The following subject areas are covered: a DOD development system - the Army Secure Operating System; non-development commercial computer systems; security, integrity, and assurance of service (SI and A); post delivery SI and A and malicious software; computer system unique attributes; positive feedback to commercial computer systems vendors; and NDI (Non-Development Item) computers and software safety

Software acquisition: a business strategy analysis

The paper argues that there are new insights to be gained from a strategic analysis of requirements engineering. The paper is motivated by a simple question: what does it take to be a world class software acquirer? The question has relevance for requirements engineers because for many organisations market pressures mean that software is commonly acquired rather than developed from scratch. The paper builds on the work of C. H. Fine (1998) who suggests that product, process and supply chain should be designed together, i.e., 3D concurrent engineering. Using a number of reference theories, it proposes a systematic way of carrying out 3D concurrent engineering. The paper concludes that the critical activity in supply chain design is the design of the distribution of skills and the nature of contract

IoT Droplocks: Wireless Fingerprint Theft Using Hacked Smart Locks

Electronic locks can provide security- and convenience-enhancing features, with fingerprint readers an increasingly common feature in these products. When equipped with a wireless radio, they become a smart lock and join the billions of IoT devices proliferating our world. However, such capabilities can also be used to transform smart locks into fingerprint harvesters that compromise an individual's security without their knowledge. We have named this the droplock attack. This paper demonstrates how the harvesting technique works, shows that off-the-shelf smart locks can be invisibly modified to perform such attacks, discusses the implications for smart device design and usage, and calls for better manufacturer and public treatment of this issue.Comment: Submitted and accepted into 2022 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress. Submitted version: 10 pages, 8 figure

A Persistent Simulation Environment for Autonomous Systems

The age of Autonomous Unmanned Aircraft Systems (AUAS) is creating new challenges for the accreditation and certification requiring new standards, policies and procedures that sanction whether a UAS is safe to fly. Establishing a basis for certification of autonomous systems via research into trust and trustworthiness is the focus of Autonomy Teaming and TRAjectories for Complex Trusted Operational Reliability (ATTRACTOR), a new NASA Convergent Aeronautics Solution (CAS) project. Simulation Environments to test and evaluate AUAS decision making may be a low-cost solution to help certify that various AUAS systems are trustworthy enough to be allowed to fly in current general and commercial aviation airspace. NASA is working to build a peer-to-peer persistent simulation (P3 Sim) environment. The P3 Sim will be a Massively Multiplayer Online (MMO) environment were AUAS avatars can interact with a complex dynamic environment and each other. The focus of the effort is to provide AUAS researchers a low-cost intuitive testing environment that will aid training for and assessment of decisions made by autonomous systems such as AUAS. This presentation focuses on the design approach and challenges faced in development of the P3 Sim Environment is support of investigating trustworthiness of autonomous systems