USA flag logo/image

An Official Website of the United States Government

Aspen: Analyzing the compatibility of security policies in a system of systems

Award Information

Agency:
Department of Defense
Branch:
Missile Defense Agency
Award ID:
81648
Program Year/Program:
2007 / SBIR
Agency Tracking Number:
B063-002-0012
Solicitation Year:
N/A
Solicitation Topic Code:
N/A
Solicitation Number:
N/A
Small Business Information
ATC - NY
33 Thornwood Drive, Suite 500 Ithaca, NY 14850-
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2007
Title: Aspen: Analyzing the compatibility of security policies in a system of systems
Agency / Branch: DOD / MDA
Contract: W9113M-07-C-0113
Award Amount: $99,942.00
 

Abstract:

Complex applications are, increasingly, constructed by networking and integrating computer systems and services, each with its own stakeholders and security policy. Developers can find it difficult to understand how those policies mediate interactions among the component systems. Access decisions at some internal interface can have profound and unanticipated consequences, affecting both the functionality and security of the whole. The architecture of a system supplies the context in which these interactions occur and imposes constraints in addition to those enforced by individual security policies. ATC-NY, in collaboration with Architecture Technology Corporation and Professor Andrew Myers of Cornell University, will develop Aspen, a tool to specify, design, model, and analyze the interactions of security policies and architecture in a system of systems. Aspen will extend a systems modeling language (such as SysML) with rich interface descriptions that include security annotations and specifications of the protocols by which components interact. Annotations and specifications are based, ultimately, on security type systems, which can be used to analyze security properties by a form of type checking. These type systems can also guide implementation of the inter-component protocols so that they do not introduce new security flaws.

Principal Investigator:

David Guaspari
Staf Scientist
6072571975
davidg@atc-nycorp.com

Business Contact:

Richard Smith
Controller
6072571975
rick@atc-nycorp.com
Small Business Information at Submission:

ATC - NY
33 Thornwood Drive, Suite 500 Ithaca, NY 14850

EIN/Tax ID: 161549760
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No