An Emergent Perspective on Interoperation in Systems of Systems

This technical report characterizes systems of systems from several perspectives; shows the role of emergent behavior in systems of systems; and introduces interoperability as the domain of development, use, sustainment, and evolution for systems of systems. It argues that the increasing importance of systems of systems was inevitable, emergent behavior is inherent in systems of systems, traditional software and systems engineering methods are inadequate for interoperation of systems of systems, and emergent methods offer a potential for cost-effective and predictable solutions. This report aims to facilitate discussion and reasoning about interoperation within systems of systems by showing some of the interdependencies among systems, emergence, and interoperation. It establishes a sizable but incomplete repertoire of topics, characteristics, and principles that are fundamental to the intersection of systems of systems, emergent behavior, and interoperation

Principles of Trust for Embedded Systems

<p>The development of trusted systems is a long-standing, elusive, and ill-defined objective in many domains. This paper gives substance and explicit meaning to the terms <em>trust</em> and <em>trustworthy</em> as they relate to automated systems and to embedded systems in particular. Principles of trust are identified. Some of their implications for software engineering practice and for the design of hardware-based trusted computing platforms are also discussed.</p

Trust and Trusted Computing Platforms

Hardware-based trusted computing platforms are intended to overcome many of the problems of trust that are prominent in computing systems. In this paper, a result of the Software Engineering Institute's Independent Research and Development Project "Trusted Computing in Extreme Adversarial Environments: Using Trusted Hardware as a Foundation for Cyber Security," we discuss the capabilities and limitations of the Trusted Platform Module (TPM). We describe credential storage, device identity, chains of trust, and other techniques for extending hardware-based trust to higher levels of software-based infrastructure. We then examine the character of trust and identify strategies for increasing trust. We show why acceptance of TPM-based trust has been limited to date and suggest that broader acceptance will require more focus on traditional trust issues and on end-to-end services

Conditions for Achieving Network-Centric Operations in Systems of Systems

The advantages of systems of systems—such as the ability to adapt to unanticipated and unforeseen situations, eliminate single points of failure, and remain continuously operational while being dynamically updated—guarantee their increasing importance to military and commercial environments. The advent of network-centric systems has served only to accelerate the already prevalent move toward systems of systems. At the same time, network-centric systems and systems of systems are proving difficult to acquire, develop, test, and operate. Many of them are abandoned before they can be fielded, and fielded systems often fail to satisfy their objectives—demonstrating cost and schedule overruns in their development and sometimes catastrophic failures in operation. The increasing disparity between the normative (but nonfactual) assumptions that underlie current practices and tools used in the acquisition, development, evolution, and operation of systems and the realities of actual systems of systems contributes to those problems. Effective practices and tools for the acquisition, development, and operation of systems of systems have not yet been developed. Suggesting a context in which those practices and tools can be developed, this technical note proposes necessary conditions—statements of what the desired future state should be—in six areas that influence the effectiveness of network-centric systems and systems of systems: (1) social and cultural environment, (2) legal and regulatory framework, (3) management practices, (4) governance procedures, (5) engineering practices, and (6) technology base

Some Current Approaches to Interoperability

This technical note examines some of the complexities of interoperability and some recent research approaches to achieving it. There are many reasons why achieving interoperability between complex, heterogeneous systems is difficult. These include the problem of semantics; the differences between hardware and software; the difference between bounded and unbounded software systems; the need for trust, trustworthiness, and security in software systems; and the difficulty of quantifying interoperability. Many research efforts currently underway are aimed at finding improvements in both technologies and procedures to achieving interoperability more easily. These efforts include work in ontologies, service-oriented architectures, emergent methods, and new approaches to security. While these efforts show many signs of promise, a considerable amount of work will be needed to bring these to a mature state

System-of-Systems Navigator: An Approach for Managing System-of-Systems Interoperability

We have crossed a threshold where most of our large software systems can no longer be constructed as monoliths specified by a single, focused, and unified team; implemented as a unit; and tested to be within known performance limits. They are now constructed as groups of interoperating systems (as systems of systems) developed by different but sometimes related teams and made to interoperate through various forms of interfaces. Unfortunately, while we can easily conceive these large systems of systems, we have trouble building them. Software engineering practices have not kept pace, and the problem will only get worse as the community begins to build Internet-scale systems of systems like the Global Information Grid. This technical note introduces the System-of-Systems Navigator (SoS Navigator), the collection and codification of essential practices for building large-scale systems of systems. These practices have been identified through the work of the Integration of Software-Intensive Systems Initiative at the Carnegie Mellon Software Engineering Institute. SoS Navigator provides tools and techniques to characterize organizational, technical, and operational enablers and barriers to success in a system of systems; identify improvement strategies; and pilot and institutionalize these strategies

Report to the President’s Commission on Critical Infrastructure Protection

This report was submitted to the President's Commission on Critical Infrastructure Protection for their consideration. Based on the experience of the CERT Coordination Center, we identify threats to and vulnerabilities of the Internet and estimate the cascade effect that a successful, sustained attack on the Internet would have on the critical national infrastructures set out in Executive Order 13010. Finally, we discuss the implications for public policy and make specific recommendations

A Proposed Taxonomy for Software Development Risks for High-Performance Computing (HPC) Scientific/Engineering Applications

Because the development of large-scale scientific/engineering application codes is an often difficult, complicated, and sometimes uncertain process, success depends on identifying and managing risk. One of the drivers of the evolution of software engineering, as a discipline, has been the desire to identify reliable, quantifiable ways to manage software development risks. The taxonomy that follows represents an attempt to organize the sources of software development risk for scientific/engineering applications around three principal aspects of the software development activity: the software development cycle, the development environment, and the programmatic environment. These taxonomic classes are divided into elements and each element is further characterized by its attributes

Current Perspectives on Interoperability

This report describes current research within the software engineering community on the topic of interoperability between software systems. That research includes analyses of the different types of interoperability problems and issues and efforts to define models of interoperability that will aid in creating solutions to those problems. The report also describes work that is currently underway at the Software Engineering Institute (SEI) in this area. That work originated in an independent research effort and now has grown into a separate technical initiative in the area of interoperability. The SEI initiative is currently focused on analyzing several aspects of interoperability: how it is manifest in different kinds of activities (i.e., programmatic vs. constructive vs. operational activities), the essential characteristics of interoperability, and the key principles on which solutions will depend

Results of SEI Independent Research and Development Projects (FY 2010)

The Software Engineering Institute (SEI) annually undertakes several independent research and development (IRAD) projects. These projects serve to (1) support feasibility studies investigating whether further work by the SEI would be of potential benefit and (2) support further exploratory work to determine whether there is sufficient value in eventually funding the feasibility study work as an SEI initiative. Projects are chosen based on their potential to mature and/or transition software engineering practices, develop information that will help in deciding whether further work is worth funding, and set new directions for SEI work. This report describes the IRAD projects that were conducted during fiscal year 2010 (October 2009 through September 2010).</p