The black-box approach to the software reliability suffer from some limitations such as the effect of reliability growth of individual software components and the measurement of software quality when the product is actually released or tested. On the other hand, the white-box approach attempts to measure the quality of a software system based on its structure that is normally architected during the specification and design of the product. Although the architecture-based reliability measurement is promising, its existing limitations necessitate further research. The purpose of this project is to investigate the white-box research achievements with the goal of constructing a knowledge-base that can be used as an underpinning for future research. The results of the research will be collected into a conference article.

Contact: Azad Azadmenesh

This project investigates security issues in control systems that are part of a critical infrastructure. This includes:

• Domain Specific Languages
• Policy Verification/Enforcement
• Honeynets
• Virtual Testbeds for Vulnerability Discovery

Contact: Bill Mahoney

Partners: Robin Gandhi, Ken Dick Discovery Correlation

What's more important: The assessor's knowledge or their toolset?

This project investigates the relationship between the likelyhood of discovering a vulnerability and the attributes of the assessor - education, process followed, tools used, etc.

Contact: Steve Nugen

This project involves developing a new domain specific language which will be used for specifying regulatory security policies for control systems used in industrial settings.

Specifically the research targets SCADA systems, System Control And Data Acquisition. SCADA systems control critical infrastructure in many disparate areas such as the electrical power grid, water supplies, and factory automation systems.

Contact: Bill Mahoney

This research is focused on determining factors that impede the establishment of risk management and security programs in businesses. This includes general risk management as well as specifics in areas of electronic commerce and disaster preparedness.

Contact: Dwight Haworth

Opportunities:

• Content Development
• Content Delivery
• Exercise Development
• Exercise Delivery
• Laboratory Support

Contact: Lucas Wentz

Software security vulnerabilities are weaknesses in software that can lead to the violation of security policies. A successful attack may even lead to a reduction in the perceived value or usefulness of the system. In complex software systems, vulnerabilities are not easy to find as they are often scattered across multiple components and their multi-dimensional interactions. Thus, identifying and predicting their locations continues to be an open problem. We plan to develop a semantic model for identifying security vulnerabilities by studying historical data collected from a large software project.s version control repository.

Contact: Harvey Siy

Partners: Robin Gandhi

This project explores the current automation tools available to analyze software dependability properties and attempts to correlate their results for meaningful analysis.

Contact: Robin Gandhi

We are pursuing next generation modulation techniques to increase the through put, reliability and security on the physical layer of existing and future network protocols. This utilizes the observation that Nyquists theorem may no longer be valid.

Contact: Ken Dick

This project involves the discovery, confirmation, and mitigation of vulnerabilities in operating systems and applications.

Contact: Steve Nugen