After finishing my PhD, I got a job working at the Software Engineering Institute as an “Architecture Researcher.” I’m on the Architecture Led Modeling and Analysis team, where I’m privileged to work with people like Peter Feiler and others on — as the name implies — (software) architecture-centric modeling tools/techniques and analyses.
In some ways, the work will be very similar to what I did in graduate school — safety assurance and hazard analysis techniques are a huge part of the work that the group does, so I’ve been able to hit the ground running. I’m working on other projects as well, of course, but nothing too far from the topics I studied at K-State. As the various projects that I work on become more mature, I’ll post more about them both here and on my research page.
Now that I’ve been here for a year (though it’s gone quickly!) I’ve found that there’s a lot to like about this job:
We’re part of Carnegie Mellon, which is a world-class university with a particularly strong computer science program. Being near that — attending talks, having the opportunity to take classes, etc — is a great opportunity.
There are no teaching responsibilities. I enjoyed the course that I helped teach, and I am definitely interested in teaching more in the future, but really being able to dig into research full time is wonderful.
I’ve grown to really like living in Pittsburgh! I have a walking commute, which is pretty great, and it’s a fun town with a lot going on but it’s not so huge that I feel totally lost. I could say a lot more about Pittsburgh — and I hope to in a future post — but the upshot is that I initially wasn’t sure what to expect, but I’ve come to like it a lot.
One of my dissertation‘s main contributions was a new hazard analysis technique called the “Systematic Analysis of Faults and Errors” or SAFE. Hazard analysis techniques are, as I wrote about in 2014, structured ways of reasoning about and (typically) documenting the ways that things can go wrong in a given system. While traditionally these techniques have focused on safety problems — eg, a part breaking down, or a communication link becoming overloaded — there is a growing recognition that security should be considered as well.
That’s not to say that developers of safety-critical systems hadn’t previously considered security important (although in some frightening cases that was true) but rather that the degree to which safety and security problems can be discovered by the same analysis technique is an active area of investigation. I referenced the idea that this overlap could potentially be addressed by SAFE in the ‘Future Work’ section of my dissertation, and it fit in nicely with some work that was being done at the SEI. As a result, my PhD advisor, one of my committee members and I turned the results of that idea into a new paper that was recently accepted at the 4th International Workshop on Software Assurance (SAW).
The paper has three main ideas:
It introduces a foundational, unified set of error/effect concepts based on Dolev and Yao’s seminal attacker model. These concepts are mapped to both the (network) security domain and the system safety domain, so we believe they can serve as the basis of any analysis technique that addresses the overlap of security and safety concerns.
Their use is demonstrated in SAFE’s Activity 1, which considers how — irrespective of cause — a core set of error/effect concepts can be used to guide analysis of a component’s behavior when things go wrong.
Attacker models (like Dolev and Yao’s) explicitly specify attacker capabilities. We demonstrate how SAFE’s Activity 2, which considers the effects of faults not caused by network-based stimuli, can use these attacker models to parameterize the analysis — making explicit assumptions about attacker/environmental actions that were previously implicit.
The workshop is in Reggio Calabria, Italy, so I’m headed over there at the end of August. I’m really looking forward to the trip, and the chance to talk about this work with other people working in the area.