Aspen: Analyzing the compatibility of security policies in a system of systems

Award Information
Agency:
Department of Defense
Branch
Missile Defense Agency
Amount:
$99,942.00
Award Year:
2007
Program:
SBIR
Phase:
Phase I
Contract:
W9113M-07-C-0113
Award Id:
81648
Agency Tracking Number:
B063-002-0012
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
33 Thornwood Drive, Suite 500, Ithaca, NY, 14850
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
101321479
Principal Investigator:
David Guaspari
Staf Scientist
(607) 257-1975
davidg@atc-nycorp.com
Business Contact:
Richard Smith
Controller
(607) 257-1975
rick@atc-nycorp.com
Research Institute:
n/a
Abstract
Complex applications are, increasingly, constructed by networking and integrating computer systems and services, each with its own stakeholders and security policy. Developers can find it difficult to understand how those policies mediate interactions among the component systems. Access decisions at some internal interface can have profound and unanticipated consequences, affecting both the functionality and security of the whole. The architecture of a system supplies the context in which these interactions occur and imposes constraints in addition to those enforced by individual security policies. ATC-NY, in collaboration with Architecture Technology Corporation and Professor Andrew Myers of Cornell University, will develop Aspen, a tool to specify, design, model, and analyze the interactions of security policies and architecture in a system of systems. Aspen will extend a systems modeling language (such as SysML) with rich interface descriptions that include security annotations and specifications of the protocols by which components interact. Annotations and specifications are based, ultimately, on security type systems, which can be used to analyze security properties by a form of type checking. These type systems can also guide implementation of the inter-component protocols so that they do not introduce new security flaws.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government