Aspen: Analyzing the compatibility of security policies in a system of systems

Award Information
Agency: Department of Defense
Branch: Missile Defense Agency
Contract: W9113M-07-C-0113
Agency Tracking Number: B063-002-0012
Amount: $99,942.00
Phase: Phase I
Program: SBIR
Awards Year: 2007
Solicitation Year: 2006
Solicitation Topic Code: MDA06-002
Solicitation Number: 2006.3
Small Business Information
ATC - NY
33 Thornwood Drive, Suite 500, Ithaca, NY, 14850
DUNS: 101321479
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 David Guaspari
 Staf Scientist
 (607) 257-1975
 davidg@atc-nycorp.com
Business Contact
 Richard Smith
Title: Controller
Phone: (607) 257-1975
Email: rick@atc-nycorp.com
Research Institution
N/A
Abstract
Complex applications are, increasingly, constructed by networking and integrating computer systems and services, each with its own stakeholders and security policy. Developers can find it difficult to understand how those policies mediate interactions among the component systems. Access decisions at some internal interface can have profound and unanticipated consequences, affecting both the functionality and security of the whole. The architecture of a system supplies the context in which these interactions occur and imposes constraints in addition to those enforced by individual security policies. ATC-NY, in collaboration with Architecture Technology Corporation and Professor Andrew Myers of Cornell University, will develop Aspen, a tool to specify, design, model, and analyze the interactions of security policies and architecture in a system of systems. Aspen will extend a systems modeling language (such as SysML) with rich interface descriptions that include security annotations and specifications of the protocols by which components interact. Annotations and specifications are based, ultimately, on security type systems, which can be used to analyze security properties by a form of type checking. These type systems can also guide implementation of the inter-component protocols so that they do not introduce new security flaws.

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government