TECHNOLOGY AREAS: Information Systems
OBJECTIVE: The objective to this solicitation is to develop techniques and methods for enhancing software robustness and security during development by enhancing software developers’ understanding and awareness of their works, via automated capture and documentation of design decision (ACD3).
DESCRIPTION: Achieving information dominance requires Department of Defense (DoD) to maintain trust, availability and security within its information infrastructures. COTS based hardware and software in our computing systems and the network are large, complex and hence inherently insecure. Currently flaws in software are the major contributor to the vulnerability of cyber systems. Most if not all of these vulnerabilities originate from improper software implementations. Identified flaws that lead to improper implementations include, and are not limited to; buffer overflow, stack and heap overflow, dangling pointers, input data format violation, race conditions and deadlocks, etc. Significant investment has been made to address this issue through techniques that seek to provide formal or other forms of software verification. However, complementary efforts to verification, an automated method to enhance programmers awareness of his/her work during software development is under-explored.
Only rarely are all of the details for the implementation of software be specified in advance. Currently, programmers make instantaneous detailed design decisions during software coding. These instantaneous decisions (and assumptions) have far reaching effects, and they are often forgotten and lost. A tool that captures and documents these design decisions (and hence assumptions) automatically as coding is in progress can significantly enhance maintainability, robustness, and security of codes. The availability of these tools also presents an opportunity to provide feedback to programmers to improve the correctness of their product and enhance productivity and efficiency.
The objective to this solicitation is to develop techniques and methods for enhancing software robustness and security during development by enhancing software developers’ understanding and awareness of their works and to develop a working prototype of a software development tool which performs automatic capture and document programmer's design decisions (ACD3), as coding is in progress. This software development tool should be applicable to one or more widely used programming languages, within common software development frameworks. The development of this tool may employ one or more of the following (partial) list of methods: capture and visualization of program structure and data, variable, and subroutine dependencies, capture of programmer's intent, analysis and prediction of consequences, formal analysis, etc. This solicitation does not entertain methods and tools specifically targeted for software verification.
PHASE I: Architectural analysis and design for the automated capture & documentation of design decision (ACD3) tool for an open-source software development environment of choice. Develop a proof of concept prototype for ACD3. Identify the metrics that determine the prototype’s value-added.
PHASE II: Develop a full functioning prototype of a tool which performs automated capture & documentation of design decision (ACD3) for an open-source software development environment of choice. Demonstrate the efficacy for the tool.
PHASE III Dual Use Application: ACD3 is a valuable tool for both the DoD as well as for software developing public. It should find its role in, and can be ported into, various open-source and proprietary software development environments. ACD3 should also be applicable and portable to development environments of many different programming languages for many different application spaces, such as high performance computing, mobile devices, embedded systems, finance applications, cloud computing, the web and service oriented applications, etc.