SMART Project: Applying Reliability Metrics to Security Vulnerabilities

Battlefield operations depend heavily on network-centric computing systems. Such complex and widely dispersed operations expose network-based systems to unprecedented levels of reliability and security risks. Computer systems and network security are often limited by the reliability of the software running on constituent machines. Faults in the software expose vulnerabilities, pointing to the fact hat a critical aspect of the computer security problem resides in software. This presentation will be covering the latest results of the Software Engineering Research Center's (SERC) SMART Project. SMART stands for Security Measurement and Assuring Reliability through metrics Technology. SMART is the result of a collaboration between SERC and the US Army Research Laboratory (ARL). Through our previous award winning reliability research and our current focus of analyzing large open-source systems, promising results were obtained to support the accurate prediction of the reliability and security of individual and interdependent components in a network-centric environment. Open-source systems being analyzed include Apache, OpenSSH, OpenSolaris, and Firefox. An analysis of our current methods and results of those methods will be given.

Presented by