Learn More
The Insider Threat Study, conducted by the U.S. Secret Service and Carnegie Mellon University's Software Engineering Institute CERT Program, analyzed insider cyber crimes across U.S. critical infrastructure sectors. The study indicates that management decisions related to organizational and employee performance sometimes yield unintended consequences(More)
The software fault-tree analysis technique is explained. It is then extended to allow its use on a more complex language involving such features as concurrency and exception handling. Ada is used as the example language because many safety-critical projects are using or planning to use Ada. It also contains complex, real-time programming facilities found in(More)
The increased use of botnets as an attack tool and the awareness attackers have of blocking lists leads to the question of whether we can effectively predict future bot locations. To that end, we introduce a network quality that we term uncleanliness: an indicator of the propensity for hosts in a network to be compromised by outside parties. We hypothesize(More)
This paper presents the results of a n empirical study of software e r r o r detection using self checks and N-version voting. A total of 24 graduate students in computer science at the University of Vir-ginia and the University of California, Irvine, were hired a s programmers. Working independently, each first prepared a set of self checks using just the(More)
The growing reliance on technological infrastructures has made organizations increasingly vulnerable to threats from trusted employees, former employees, current or former contractors, and clients. Recent research indicates that successful defense from these threats depends on both technical and behavioral controls. In this paper, we report on our work to(More)
MURPHY is a language-independent, experimental methodology for building safety-critical, real time software, which will include an integrated tool set. Using Ada as an example, this paper presents a technique for verifying the safety of complex, real-time software using Software Fault Tree Analysis. The templates for Ada are presented along with an example(More)
The ideas and findings in this report should not be construed as an official DoD position. It is published in the interest of scientific and technical information exchange. Use of any trademarks in this report is not intended in any way to infringe on the rights of the trademark holder. Internal use. Permission to reproduce this document and to prepare(More)