Presentation is loading. Please wait.

Presentation is loading. Please wait.

Auburn University Affiliate – Systems Engineering Research Center 1 www.eng.auburn.edu/users/hamilton J. A. “Drew” Hamilton, Jr., Ph.D. Professor, Computer.

Similar presentations


Presentation on theme: "Auburn University Affiliate – Systems Engineering Research Center 1 www.eng.auburn.edu/users/hamilton J. A. “Drew” Hamilton, Jr., Ph.D. Professor, Computer."— Presentation transcript:

1 Auburn University Affiliate – Systems Engineering Research Center 1 J. A. “Drew” Hamilton, Jr., Ph.D. Professor, Computer Science & Software Engineering Professor, Management Director, Information Assurance Center Alice E. Smith, Ph.D., P.E. Professor and Chair Department of Industrial & Systems Engineering Ginn College of Engineering

2 Auburn University Affiliate – Systems Engineering Research Center 2 Outline Overview of the Auburn University UARC Affiliate –Focused on engineering Modeling & Simulation –Agent-based simulation –Combat simulation –DOD Architecture Framework modeling Information Assurance –Denial of Service modeling –Software Vulnerability Analysis –Forensics –Security Architecture Conclusions

3 Auburn University Affiliate – Systems Engineering Research Center 3 Overview of Auburn’s Strengths Focused on Engineering –Auburn UARC Team is highly technical –Access to outstanding management expertise –AU Management ranked in top 30 of US universities in research productivity, 9 endowed chairs Strong culture of multidisciplinary research Conducts classified research Critical mass of faculty and students who are U.S. Citizens. Applied, innovative technical solutions are our specialty

4 Auburn University Affiliate – Systems Engineering Research Center 4 Current & Recent Relevant Funding Sources U.S. Army U.S. Navy U.S. Air Force Research Lab Office of Naval Research NASA Sandia National Laboratories NSA Missile Defense Agency Space & Missile Defense Command Northrop Grumman National Science Foundation Joint IED Defeat Office

5 Auburn University Affiliate – Systems Engineering Research Center 5 Computational Systems Capabilities Optimization of complex, large scale systems Data mining Simulation modeling of dynamic, stochastic systems Metamodeling Analysis and modeling using small sample sizes Intelligent agent behavior and modeling Predictive models with learning Multi-objective decision making

6 Auburn University Affiliate – Systems Engineering Research Center 6 Example Projects Physical security simulation (Sandia) Safe test boundaries (Navy) Multi-simulation (Air Force) Network Simulation Testbeds (Army) Virtual Academy of Aerospace Quality (NASA) Dynamic worker allocation (ONR) Information Warfare Exercise (Air Force, NSF) DODAF 2.0 Modeling (MDA) Security Architecture (Northrop Grumman) Software Vulnerability Assessment (MDA) Business / Mission Effects of Technical Security Risks (Northrop Grumman)

7 Auburn University Affiliate – Systems Engineering Research Center 7 Physical security models Analysis Cost High Low High Analytical Realism Moderate Security Simulation Timeline Models Force-on-Force Exercises Computer Simulations with Human Players

8 Auburn University Affiliate – Systems Engineering Research Center 8 Analysis of threats, security scenarios

9 Auburn University Affiliate – Systems Engineering Research Center 9 Safe Test Boundaries –Joint SIAP (Single Integrated Air Picture) Program to analyze the impact of change for the IABM (Integrated Architecture Behavioral Model) for E2C Aircraft –Naval Surface Warfare Center (NSWC) Dahlgren to analyze Aegis C&D (Controls & Displays) baseline upgrades –Advanced Seal Delivery System (ASDS) Integrated Controls & Displays (ICAD) to understand the extent of the impact of ICAD upgrades on the safety Certified Software Technology listed by U.S. Navy as one of the top 50 SBIR/STTR technology transfers of 2007

10 Auburn University Affiliate – Systems Engineering Research Center 10 Multi-Simulation Sponsor: Air Force Research Lab, Rome –Exploratory Multi-simulation with Multi resolution Multistage Multi-models. –Formalized, designed, and prototyped an agent- supported multi-simulation engine and incorporated the new multi-simulation technology into a pre-existing simulation infrastructure. –Techniques directly applicable to manipulating/exercising DODAF 2.0 compliant Data Model 2 (DM2) implementations.

11 Auburn University Affiliate – Systems Engineering Research Center 11 Building a Simulation Test Bed demonstrating security / performance when the network is under attack Purpose: Create an engineering design test bed to evaluate potential wireless solutions. Simulation means: –Licensed version of OPNET 14.0 with wireless and terrain models –Alternatives: NS-2 QUALNET Validation method: –Calibrating model against actual test data

12 Auburn University Affiliate – Systems Engineering Research Center 12 OPNET Modeling Hierarchy Workstation Ethernet Model IP Model Ethernet Model Address Resolution Protocol Model

13 Auburn University Affiliate – Systems Engineering Research Center 13 Wireless Modeling Simulation design based on field experiments Research Sponsor: PM Army UAS Generator, mobile Reflector, fixed Close to AP Access point

14 Auburn University Affiliate – Systems Engineering Research Center 14 What happens when multiple systems operate in the same vicinity?

15 Auburn University Affiliate – Systems Engineering Research Center 15 Information Assurance Center Overview >$6M in external funding since 2002 –(not counting co-PI/supporting partnerships) Personnel –Five CSSE faculty affiliates –Affiliate members from ECE, MATH and MNGT –External affiliates from US Air Force Academy, US Military Academy, Tuskegee University and Albany State University –Six Ph.D. students, Twelve Masters students, Two undergrads –95% of students are US Citizens –40% of students have active security clearances Thrice designated and currently an NSA / DHS Center of Academic Excellence in Information Assurance Education Designated as one of 22 NSA / DHS Centers Academic Excellence in Information Assurance Research Conducting TS-level research for the Missile Defense Agency

16 Auburn University Affiliate – Systems Engineering Research Center 16 Current Research Directions Experimentation with OS-level security measures for high assurance networks Security extensions to the DOD Architecture Framework (DODAF) Automatic generation of network simulations from DODAF architectures Software vulnerability analysis for foreign military sales Secure tactical communications with COTS wireless equipment Performance evaluation of n and in secured wireless networks Software reverse engineering techniques for software vulnerability assessment Usage-based pattern recognition for supplementary access control Secure overlays in mobile ad-hoc networks Software anti-tamper techniques

17 Auburn University Affiliate – Systems Engineering Research Center 17 AU Designed Information Warfare Exercise Design & implementation of IW technical events IW scenario design –Simulation design to support scenario play –Integration of constructive simulation into live and virtual play Red team/penetration team “players” –i.e. folks that can penetrate networks during an exercise Technical collection/intel analysis –Open source intel analysis to cue technical attacks –Technical collection cued by intel analysis In house familiarity with USAF doctrine, strategy and tactics –Ties with Air Force Research Institute –Ties with 117 Intelligence Squadron / 8th AF In-house Army, NSA, DISA and FBI scholars –Experience in design and participation in Army digital combat exercises –Cleared personnel

18 Auburn University Affiliate – Systems Engineering Research Center 18 Mobile Lab – WTU Fort Benning, GA

19 Auburn University Affiliate – Systems Engineering Research Center 19 From Disabled Veteran to Digital Forensics Professional Wounded in Action, Not Returned to Duty as of 23 July 2008 (Defense Link) –Operation Iraqi Freedom - 13,507 –Operation Enduring Freedom - 1,414 Servicemen already have security clearances Military service counts directly towards civil service retirements Certified information assurance professionals are in high demand in the civilian sector Go on-site to Army / VA hospitals and set up the recuperating soldiers with wireless-enabled laptops.

20 Auburn University Affiliate – Systems Engineering Research Center 20 Scale & Architecture Handheld PalmOS Linux WIN CE..... Desktop Solaris Windows Mac OS Linux..... USB Serial IR Versus Commercial Model Military Model

21 Auburn University Affiliate – Systems Engineering Research Center 21 DODAF 2.0 Viewpoints

22 Auburn University Affiliate – Systems Engineering Research Center 22 General Approach to a Security Architecture Tie MAC levels to needlines and interfaces (OV-2, SV-1, SV-2) Tie Confidentiality levels to matrices (OV-3, SV-3, SV-6) Apply IA controls to systems in SV-1s Overall, design new representations Integrate with DIACAP Coping with Irreducible Complexity

23 Auburn University Affiliate – Systems Engineering Research Center 23 SV-1 Security Architecture

24 Auburn University Affiliate – Systems Engineering Research Center 24 OV-2 Node Connectivity Diagram MAC 1 MAC 2 MAC 3

25 Auburn University Affiliate – Systems Engineering Research Center 25 OV-3 Operational Information Exchange Matrix

26 Auburn University Affiliate – Systems Engineering Research Center 26 Tie Architecture to DIACAP

27 Auburn University Affiliate – Systems Engineering Research Center 27 Defining Battlefield Risk in terms of IA

28 Auburn University Affiliate – Systems Engineering Research Center 28 Operational Architecture System Architecture Executable Architecture Data Validity A modification to Knepell and Arangno’s validation framework Conceptual Model Validity Operational Validity Implementation Verification Does the System Architecture reflect the Operational Architecture? Is the Operational Architecture supportable by the System Architecture? Is the simulation correctly implemented? Does the simulation reflect the operational architecture?

29 Auburn University Affiliate – Systems Engineering Research Center 29 High Assurance Software Vulnerability Assessment Line-by-Line verification of source code Professional and/or contract decompilation of executables Complete review of published documentation Analysis of software runs to evaluate training, tactics and procedures Open source review of weapons and systems data Analysis of degree of parameterization A Software Engineering Approach to VA

30 Auburn University Affiliate – Systems Engineering Research Center 30 Business / Mission Effects of Technical Security Risks Risk analysis is a process for considering possible risks and determining, which are the most significant for any particular effort. –Quantitative risk models used in determining which risk factors to focus on, tend to use a traditional approach of annualized loss expectancy (ALE) which is based on frequency of occurrence and the exposure factor (EF) which is the percentage of asset loss due to the potential threat in question. –Data from open source vulnerability databases and results of predicted threat models are used as input to the risk model. –Security factors that take into account the innate characteristics of each vulnerability are incorporated into the calculation of the risk model. The result of this model is an assessment of the potential threats to a development effort and a ranking of these threats based on the risk metric calculation. A prototype of this model will be the result of this effort.

31 Auburn University Affiliate – Systems Engineering Research Center 31 Conclusion - Auburn has DOD-Relevant Systems Engineering Research Expertise (1 of 2) Simulation-Based Acquisition –Support for decision analysis (Ch 4 DAH) –SE Lifecycle Support Quality Assurance –Critical Design Reviews (CDR) Ergonomics –National Environmental Policy Act (NEPA)/Executive Order (EO) Compliance Schedule Information Warfare Exercise –Workforce Development Wounded Warrior Retraining –Workforce Development

32 Auburn University Affiliate – Systems Engineering Research Center 32 Conclusion - Auburn has DOD-Relevant Systems Engineering Research Expertise (2 of 2) DODAF 2.0 Architectures –CJCSI 3170 and CJCSI 6212 –Requirements traceability Security Architecture –Integration with DIACAP Software Vulnerability Analysis –Support for C&A –Support for Foreign Military Sales Information Assurance Risk Analysis –DoD Instruction , Enclosure 12

33 Auburn University Affiliate – Systems Engineering Research Center 33 Backups Example physical security system for Sandia Dynamic worker allocation Academy of Aerospace Quality (AAQ) Occupational Safety and Ergonomics Research Capabilities

34 Auburn University Affiliate – Systems Engineering Research Center 34 Example physical security system for Sandia

35 Auburn University Affiliate – Systems Engineering Research Center 35 Dynamic worker allocation

36 Auburn University Affiliate – Systems Engineering Research Center 36 Academy of Aerospace Quality (AAQ) Virtual academy to train and support academics (students, researchers, professors) Focus on quality assurance for payloads Web based, interactive with training modules, self exams, reference materials, standards, videos Curriculum coordinates with other NASA training projects Module technical content vetted by NASA experts

37 Auburn University Affiliate – Systems Engineering Research Center 37 Academy of Aerospace Quality Mission Success Quality Control Configuration Management Acceptance Data Package Documentation Management Software Quality Records Management Introduction Production / Development / Service Continuous Improvement Shelf Life Control Supplier Auditing Inspection and Test FOD Control Inferential Statistics Regression Analysis Statistics with Excel Parts Selection, Purchasing and Procurement COTS PEMs MEMs Quality Assurance Counterfeit Parts EEE Parts Workmanship Soldering Wire, Crimp, Harness Metrology Staking, Bonding, and Conformal Coating Packaging and Delivery Standards QMS-ISO9000/AS9100 Safety Electrostatic Discharge Flammability Offgassing / Outgassing Fracture Critical FMEA/FMECA Parts Assembly Connectors Fasteners Mechanical Parts Fiber Optics Project Start Project End System Engineering Process Control

38 Auburn University Affiliate – Systems Engineering Research Center 38 Occupational Safety and Ergonomics Research Capabilities Motion capture: –both lab and field capable Muscle EMG: –wireless with data logging capability for field evaluation Force measurement: –force plates and force measurement transducers Balance Evaluation: –long board balance master Electrogoniometry: –with data logging capability for field evaluation Eye tracking Anthropometry and subject strength measurement

39 Auburn University Affiliate – Systems Engineering Research Center 39 Occupational Safety and Ergonomics Research Interests Biomechanical analysis Human factors and Usability: tools and systems Industrial Injury Prevention Cognitive aspects of task design: workload/errors Human performance: thermal, cardiovascular, fatigue, tracking, entry/egress and evacuation Ergonomic epidemiology: –tasks/activities likely to contribute to musculoskeletal disorders Workplace screening: –early identification of persons likely to develop occupational injuries


Download ppt "Auburn University Affiliate – Systems Engineering Research Center 1 www.eng.auburn.edu/users/hamilton J. A. “Drew” Hamilton, Jr., Ph.D. Professor, Computer."

Similar presentations


Ads by Google