Cyber Security and Complex Software Systems
The Software and Computer Systems program focuses on developing the fundamental principles and models for the design and construction of complex software systems that meet required assurances for security, safety, reliability and performance.
- It builds upon foundations of mathematical logic and computational complexity, but takes into account the uncertainties and constraints of the operational environment.
- The overall goal is to measurably improve the ability of complex software-intensive systems to meet the information-processing challenges of future naval systems.
The Cyber Security sub-program investigates and develops wide-ranging principles and techniques for continuously maintaining integrity, availability and confidentiality of information and information infrastructures, focusing on the software, the hardware and the network.
- The program heavily emphasizes automation and autonomy in the cyber environment, preferring the human-on-the-loop paradigm over the human-in-the-loop, whenever possible.
- The program seeks to establish an autonomic, secure and dependable informational infrastructure toward ensuring Navy’s mission successes.
The Complex Software sub-program:
- Investigates principles, algorithms and methods.
- Develops software engineering tools for achieving efficient, timely, robust and secure software executables.
- It focuses on science for software construction, correctness and efficiency by revisiting software development and deployment methodology.
Efficient, timely, robust and secure software is a requirement for secure information infrastructure toward ensuring Navy’s mission successes.
Research Concentration Areas
The program often explores non-conventional and fundamental scientific research topics for better return on investment. It has several thrust areas that build around the theme of information as a computational resource to be managed, secured and shared in different contexts.
- Principles for correctness and security properties: focuses on developing basic principles to determine the security and performance properties of software systems, the conditions under which these properties hold, and the methods used to prove these properties of interest for systems. Of particular interest are issues involving networked systems adapting to dynamic conditions and threats.
- Trusted network computing: focuses on protocols and network configurations that provide a trusted network environment for federated, heterogeneous and distributed computing. It includes the development of new, efficient, provable secure communication protocols, alternative network architectures and new approaches to securing the end hosts. These require better accountability, manageability and performance despite adversarial efforts to disrupt and compromise the network.
- Secure information management, sharing and interaction: focuses on developing fundamental advancements for secure information sharing between information producers and consumers. As information needs to be shared more widely, it is more susceptible to being compromised, intercepted, modified or fabricated. There is a need for new policy languages and frameworks for federated systems, especially in coalition environments where trust is not fully guaranteed and flexibility of action is needed.
- Integrity of cyber-physical systems: focuses on the security of information and processes in systems that involve a tight control and coordination between computational and physical devices, which includes many embedded real-time systems. Problems occur both in ensuring security properties at the boundaries between cyber and physical components, as well as ensuring or enforcing any security properties for the physical components. Components of both types must be able to generate, share and compute with security-relevant information using a model that enforces a consistent set of security policies.
Research Challenges and Opportunities
- Tools and methods for reduction of complexity and attack surface
- Accuracy and reliability (false positives false negatives)
- Advanced modeling of cyber interaction
- Improving scalability for formal methods and bottom-up formal methods from executables
- Autonomic, self-aware computing
- Automation in cryptographic design
- Synergistic integration of formal and statistical reasoning in cyber environment
Type of Funding Available
- Basic Research
- Applied Research
- Advanced Technology Development
Program Contact Information
Submit white papers, QUAD charts and full proposals for contracts to this email address: ONR Code 31 Research Submissions
Follow instructions within BAA for submission of grant proposals to grants.gov website.