A-CERT (Advancing Certification Evidence, Rigor, and Traceability)

Overview

A-CERT (Advancing Certification Evidence, Rigor, and Traceability) toolchain for automatic collection of evidence to support automated construction of assurance arguments for high-confidence software. A-CERT enables assurance of legacy systems as well as systems that make use of legacy and COTS components. A-CERT analyzes system implementation and documentation to infer the actual system architecture and map it against the intended system design, available as, e.g., a SysML model. This mapping exposes potential discrepancies between the implementation and design, e.g., missing functionality (e.g., unmet requirements and missing security controls) or extra functionality (e.g., backdoors intentionally introduced by the hackers or benign, but unneeded features that extend attack surface). It also enables a better assessment of implementation quality: low-level implementation weaknesses and structural code coverage are tracked to the high-level system modules they affect allowing analysts to better assess their safety and security implications. A-CERT toolchain comprises several tools to analyze, process, and collect different types of certification evidence. Collectively, these tools aim to generate high quality assurance evidence for legacy and COTS systems (we assume the absence of source code or, at least, of buildable source code). The tools can also be used individually to provide useful automation of traditionally labor-intensive tasks for preparing various types of artifacts for reasoning about and understanding the target software.

Playlist

  • TradeWind-ACERT-final-20240529_nomusic.mp4
Acknowledgements

Contacts

  • Denis Gopan

Contributors

  • Denis Gopan, GrammaTech

  • Lucja Kot, GrammaTech

  • Greg Nelson, GrammaTech

  • Katherine Leffel, GrammaTech

  • David Ciarletta, GrammaTech

  • Drew DeHaas, GrammaTech

  • Ray Chen, Peraton Labs

  • Elisheva Zak, Peraton Labs

  • Debra Cook, Peraton Labs

  • Kaya Knake, Peraton Labs

  • Graham Anderson, CS Group

References
Feedback
Feedback
If you experience a bug or would like to see an addition on the current page, feel free to leave us a message.
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.