Dependence Graphs for Information Assurance of Systems
Under the DARPA Information Assurance Science and Engineering Tools (IASET) Program, GrammaTech is developing a tool for static analysis of dependencies in systems, and mechanisms that exploit such dependence models to address Information Assurance & Security (IA&S) needs during design and assessment.
A system's information assurance and survivability (IA&S) requires the prevention of certain information flows and the preservation of other flows. For example, we must prevent flows of classified information to unauthorized users, and we must preserve flows of essential command and control information even when some subsystems fail or are selectively shut down in response to an attack. Dependences among and within system components provide a good basis for understanding which information flows in a system are possible, and which are not. Under IASET (Design and Assessment Tools), GrammaTech proposes to develop SystemSurfer, a tool to model dependences in systems (both inter- and intra-component), and the Information Assurance Workbench, a tool to support reasoning about those dependences to meet IA&S needs.
SystemSurfer will enable an analyst to browse and manipulate the system dependence graph (SDG) for a system. SDG vertices represent the individual actions (e.g., program statements as well as events) and predicates (conditions affecting whether an action is taken) of all the components, hardware and software, making up the system. SDG edges represent the dependences among the actions and predicates, including data and control dependences, and other system-level dependences such as synchronization and communication dependences.
SystemSurfer will support heterogeneous models, with components defined by UML, code, and HDL descriptions. Design-centered users will view SystemSurfer as a smart OO modeling tool that allows some components to be already implemented in code. Code-centered users will view SystemSurfer as a smart code browser in which the external environment can be modeled by the finite-state diagrams of an OO modeling tool.
The key technical challenge is to extend CodeSurfer, our existing dependence technology for sequential programs, so that it is effective for concurrent systems. Ongoing improvements to CodeSurfer, funded by GrammaTech IR&D and a DARPA SBIR Phase II contract, are complementary and will directly benefit SystemSurfer. But concurrency is a new dimension to the problem of precise modeling of dependences, and presents separate challenging problems.
The Information Assurance Workbench will provide specialized operations for information assurance analysis, and will be layered on SystemSurfer's open APIs and scripting language.
Related Links:
- DARPA Information Assurance Science and Engineering Tools (IASET) program home pages (www.iaset.org, AFRL).
- Multi-Lingual Dependence-Graph Components for Software and Hardware Analysis, Design, and Specialization
- CodeSurfer - GrammaTech's Software development, inspection, and maintenance tool for program understanding and information assurance.