Building Assured Systems Framework

Researchers at the CERT Program, part of Carnegie Mellon University's Software Engineering Institute, need a framework to organize research and practice areas focused on building assured systems. The Building Assured Systems Framework (BASF) addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems. After reviewing existing life-cycle process models, security models, and security research frameworks, the authors used the Master of Software Assurance Reference Curriculum knowledge areas as the BASF. The authors mapped all major CERT research areas to the BASF, proving that the BASF is useful for organizing building assured systems research. The authors also performed a gap analysis to identify promising CERT research areas. The BASF is a useful structure for planning and communicating about CERT research. The BASF will also be useful to CERT sponsors to track current research and development efforts in building assured systems.