Secure Environment for Distributed Development (SEDD) using the Software Pedigree Analyzer (SPA)
Agency / Branch:
DOD / OSD
During large software development projects, assuring tamper-proof source code is often difficult or impossible. Currently, many projects are vulnerable to attacks-both insider and external. The Software Protection Initiative (SPI) is charged with the task of ensuring all modifications to a project's source code can be accounted for using a Software Pedigree Analyzer (SPA). The SPA provides a method for tracking modifications and ensuring user authenticity via a mechanism for non-repudiation. When malicious code is detected, the SPA would allow a project manager to determine exactly which developer made the modification, what specific changes were made, and when the changes occurred. This requires certain data be collected-primarily the who, what, when, where, and how of the source code modifications. Additional capabilities include documenting each change, the ability to revert previous code versions, monitoring personnel activities during source code access, and notifying the proper authorities during abnormal activities. Sentar and SYColeman have teamed to propose a Secure Environment for Distributed Development (SEDD) architecture in order to protect the code pedigree of a software project. SEDD will act as a distributed development environment which programmers access to modify the source code while retaining control over the source code at all times.
Small Business Information at Submission:
4900 University Square, Suite 8 Huntsville, AL 35816
Number of Employees: