DOCSLIB.ORG

Download BCK12 Software Architecture in Practice

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Download BCK12 Software Architecture in Practice Bass.book Page i Thursday, March 20, 2003 7:21 PM Software Architecture in Practice SecondThird Edition Edition i The SEI Series in Software Engineering Visit informit.com/sei for a complete list of available products. he SEI Series in Software Engineering represents is a collaborative Tundertaking of the Carnegie Mellon Software Engineering Institute (SEI) and Addison-Wesley to develop and publish books on software engineering and related topics. The common goal of the SEI and Addison-Wesley is to provide the most current information on these topics in a form that is easily usable by practitioners and students. Books in the series describe frameworks, tools, methods, and technologies designed to help organizations, teams, and individuals improve their technical or management capabilities. Some books describe processes and practices for developing higher-quality software, acquiring programs for complex systems, or delivering services more effectively. Other books focus on software and system architecture and product-line development. Still others, from the SEI’s CERT Program, describe technologies and practices needed to manage software and network security risk. These and all books in the series address critical problems in software engineering for which practical solutions are available. Software Architecture in Practice Third Edition Len Bass Paul Clements Rick Kazman ▲ ▼▼ Addison-Wesley Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Capetown • Sydney • Tokyo • Singapore • Mexico City TheThe SEI Series SEISEI in SeriesSeries Software Engineeringin in Software Software Engineering Engineering Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designationsMany ofof thetheappear designations designations in this book, used usedand bythe by manufacturerspublisher manufacturers was aware and and ofsellers asellers trademark to distinguishto distinguish claim, the their designations their products products have are been claimedare printedclaimed with ini- tialas capital trademarks.trademarks. letters or Where Wherein all capitals. those those designations designations appear appear in inthis this book, book, and and the the publisher publisher was was aware aware of a oftrade a trade- - CMM,mark CMMI, claim,claim, Capability the the designations designations Maturity Model,have have been Capabilitybeen printed printed Maturity with with initial Modeling, initial capital capital Carnegie letters letters Mellon, or inor all CERT,in capitals.all andcapitals. CERT Coordination Center are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. CMM, CMMI,CMMI, Capability Capability Maturity Maturity Model, Model, Capability Capability Maturity Maturity Modeling, Modeling, Carnegie Carnegie Mellon, Mellon, CERT, CERT, ATAM;and CERTCERTArchitecture CoordinationCoordination Tradeoff Analysis Center Center Method; are are registered registered CMM Integration; in inthe the U.S. U.S.COTS Patent Patent Usage-Risk and and Trademark Evaluation; Trademark Office CURE; Office EPIC;by Carnegieby Evolutionary Carnegie ProcessMellon for University. Integrating COTS Based Systems; Framework for Software Product Line Practice; IDEAL; Interim Profile; OAR; OCTAVE;Mellon Operationally University. Critical Threat, Asset, and Vulnerability Evaluation; Options Analysis for Reengineering; Personal Soft- wareATAM; Process; ArchitectureArchitecture PLTP; Product Tradeoff Tradeoff Line Technical Analysis Analysis Probe; Method; Method; PSP; SCAMPI; CMM CMM SCAMPIIntegration; Integration; Lead Appraiser;COTS COTS Usage-Risk SCAMPI Usage-Risk Lead Evaluation; Assessor; Evaluation; SCE; SEI; SEPG;CURE; Team EPIC;EPIC; Software Evolutionary Evolutionary Process; and ProcessTSP Process are service for for Integrating Integratingmarks of Carnegie COTS COTS MellonBased Based University.Systems; Systems; Framework Framework for Softwarefor Software Product Line Practice; IDEAL; Interim Profile; OAR; OCTAVE; Operationally Critical Threat, Asset, SpecialProduct permission Line Practice; to reproduce IDEAL; portions Interim of CMMI Profile; for Development OAR; OCTAVE;(CMU/SEI-2010-TR-035), Operationally © Critical2010 by CarnegieThreat, MellonAsset, and Vulnerability Evaluation; Options Analysis for Reengineering; Personal Software Process; PLTP; University,and Vulnerability has been granted Evaluation; by the Software Options Engineering Analysis Institute. for Reengineering; Personal Software Process; PLTP; Product Line Technical Probe; PSP; SCAMPI; SCAMPI Lead Appraiser; SCAMPI Lead Assessor; TheProduct authors Lineand publisher Technical have Probe; taken care PSP; in theSCAMPI; preparation SCAMPI of this book, Lead but Appraiser; make no expressed SCAMPI or implied Lead warranty Assessor; of any SCE; SEI; SEPG; Team Software Process; and TSP are service marks of Carnegie Mellon University. kindSCE; and SEI;assume SEPG; no responsibility Team Software for errors Process; or omissions. and TSP No liability are service is assumed marks for ofincidental Carnegie or consequential Mellon University. damages in connectionSpecial permission with or arising to outreproduce of the use portions of the information of works copyrightor programs by contained Carnegie herein. Mellon University, as listed TheonSpecial publisher page 588,permission offers is granted excellent to reproduce by discounts the Software onportions this Engineeringbook of whenworks ordered Institute.copyright in quantity by Carnegie for bulk purchases Mellon University,or special sales, as whichlisted may includeon page electronic 588, isversions granted and/or by thecustom Software covers andEngineering content particular Institute. to your business, training goals, marketing focus, and Many of the designations used by manufacturers and sellers to distinguish their products are claimed branding interests. For more information, please contact: asMany trademarks. of the designations Where those used designations by manufacturers appear in thisand book,sellers and to thedistinguish publisher their was productsaware of area trade claimed- U.S. Corporate and Government Sales markas trademarks. claim, the Wheredesignations those havedesignations been printed appear with in initial this book, capital and letters the publisheror in all capitals. was aware of a trade- mark(800) claim, 382-3419 the designations have been printed with initial capital letters or in all capitals. [email protected] authors and publisher have taken care in the preparation of this book, but make no expressed or ForimpliedThe sales authors outside warranty andthe United publisherof any States, kind have please and taken contact:assume care no in responsibility the preparation for of errors this book,or omissions. but make No no liability expressed is or assumedimpliedInternational warrantyfor incidental Sales of any or consequentialkind and assume damages no responsibility in connection forwith errors or arising or omissions. out of the Nouse liabilityof the is [email protected] for or incidental programs orcontained consequential herein. damages in connection with or arising out of the use of the VisitForinformation us information on the Web: or programs aboutinformit.com/aw buying contained this title herein. in bulk quantities, or for special sales opportunities (which may LibraryincludeThe publisherof Congresselectronic offersCataloging-in-Publication versions; excellent custom discounts cover Data ondesigns; this book and whencontent ordered particular in quantity to your forbusiness, bulk purchases training or Chrissis,goals,special Marymarketing sales, Beth. which focus, may or include branding electronic interests), versions please and/orcontact custom our corporate covers andsales content department particular at corp to -your [email protected],CMMI for developmenttraining goals, : orguidelines (800)marketing 382-3419. for processfocus, integrationand branding and productinterests. For more information, please contact: improvementFor government / Mary sales Beth Chrissis,inquiries, Mike please Konrad, contact Sandy go [email protected].—3rd ed. p. U.S.cm. Corporate and Government Sales ForIncludes questions (800)bibliographical about382-3419 sales references outside and the index. U.S., please contact [email protected]. VISBNisit us978-0-321-71150-2 [email protected] the Web: informit.com/aw (hardcover : alk. paper) 1.For Capability sales outside maturity the model United (Computer States, software) please contact:2. Software engineering.Library of 3. Congress Production Cataloging-in-Publication engineering. 4. Manufacturing Data processes. I. Konrad, Mike.International II. Shrum, Sales Sandy. III. Title. Bass, Len. [email protected] 2011 005.1—dc22Software architecture in practice / Len Bass, Paul Clements, Rick Kazman.—3rd ed. Visitp. us oncm.—(SEI the Web: series informit.com/aw in software engineering) 2010049515 Copyright Includes © 2011 bibliographical Pearson Education, references Inc. and index. LibraryISBN of 978-0-321-81573-6Congress Cataloging-in-Publication (hardcover : alk. paper) Data 1. Software architecture. 2. System All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtaineddesign.Bass, Len.from I. Clements, the publisher Paul, prior
Load more

Recommended publications
  • Mary Beth Chrissis, Mike Konrad, Sandra
    ptg Process Areas by Category Process Management OPD Organizational Process Definition OPF Organizational Process Focus OPM Organizational Performance Management OPP Organizational Process Performance OT Organizational Training Project Management IPM Integrated Project Management PMC Project Monitoring and Control PP Project Planning QPM Quantitative Project Management REQM Requirements Management RSKM Risk Management SAM Supplier Agreement Management Engineering PI Product Integration RD Requirements Development TS Technical Solution ptg VAL Validation VER Verification Support CAR Causal Analysis and Resolution CM Configuration Management DAR Decision Analysis and Resolution MA Measurement and Analysis PPQA Process and Product Quality Assurance Generic Goals and Practices GG1 Achieve Specific Goals GP 1.1 Perform Specific Practices GG2 Institutionalize a Managed Process GP2.1 Establish an Organizational Policy GP 2.2 Plan the Process GP 2.3 Provide Resources GP 2.4 Assign Responsibility GP 2.5 Train People GP 2.6 Control Work Products GP 2.7 Identify and Involve Relevant Stakeholders GP 2.8 Monitor and Control the Process GP 2.9 Objectively Evaluate Adherence GP 2.10 Review Status with Higher Level Management GG3 Institutionalize a Defined Process GP 3.1 Establish a Defined Process GP 3.2 Collect Process Related Experiences ptg CMMI® for Development Third Edition ptg Wow! eBook <WoweBook.Com> The SEI Series in Software Engineering Visit informit.com/sei for a complete list of available products. ptg he SEI Series in Software Engineering represents is a collaborative Tundertaking of the Carnegie Mellon Software Engineering Institute (SEI) and Addison-Wesley to develop and publish books on software engineering and related topics. The common goal of the SEI and Addison-Wesley is to provide the most current information on these topics in a form that is easily usable by practitioners and students.
    [Show full text]
  • (Perry & Wolf 92) Software Architecture (Garlan & Shaw
    ICS 221, Winter 2001 Software Architecture Software Architecture (Perry & Wolf 92) “Architecture is concerned with the selection of architectural elements, their interactions, and the Software Architecture constraints on those elements and their interactions necessary to provide a framework in which to satisfy the requirements and serve as a basis for the design.” David S. Rosenblum ICS 221 “Design is concerned with the modularization and detailed interfaces of the design elements, their Winter 2001 algorithms and procedures, and the data types needed to support the architecture and to satisfy the requirements.” Software Architecture Software Architecture (Garlan & Shaw 93) (Shaw & Garlan 96) “Software architecture is a level of design that goes “The architecture of a software system defines beyond the algorithms and data structures of the that system in terms of computational computation; designing and specifying the overall components and interactions among those system structure emerges as a new kind of problem. Structural issues include gross organization and components. … In addition to specifying the global control structure; protocols for communication, structure and topology of the system, the synchronization, and data access; assignment of architecture shows the correspondence functionality to design elements; physical between the requirements and elements of distribution; composition of design elements; scaling the constructed system, thereby providing and performance; and selection among design some rationale for the design decisions.” alternatives.” Analogies with Differences Between Civil and Civil Architecture Software Architecture Civil Engineering and Civil Architecture “Software systems are like cathedrals—first we are concerned with the engineering and design of build them and then we pray.” civic structures (roads, buildings, bridges, etc.) — Sam Redwine ! Multiple views ! Civil: Artist renderings, elevations, floor plans, blueprints ! Physical vs.
    [Show full text]
  • Automated Improvement of Software Architecture Models for Performance and Other Quality Attributes
    Automated Improvement of Software Architecture Models for Performance and Other Quality Attributes Zur Erlangung des akademischen Grades eines Doktors der Ingenieurwissenschaften von der Fakultät für Informatik des Karlsruher Instituts für Technologie (KIT) genehmigte Dissertation von Anne Koziolek geb. Martens aus Oldenburg Tag der mündlichen Prüfung: 14.07.2011 Erster Gutachter: Prof. Dr. Ralf Reussner Zweiter Gutachter: Prof. Dr. Andreas Oberweis KIT – Universität des Landes Baden-Württemberg und nationales Forschungszentrum der Helmholtz-Gemeinschaft www.kit.edu Automated Improvement of Software Architecture Models for Performance and Other Quality Attributes PhD thesis to gain the degree “Doktor der Ingenieurwissenschaften” at the Department of Informatics of the Karlsruhe Institute of Technology (KIT) Dissertation by Anne Koziolek neé Martens Oldenburg Day of defence: 14.07.2011 Referees: Prof. Dr. Ralf Reussner Prof. Dr. Andreas Oberweis KIT – University of the State of Baden-Wuerttemberg and National Laboratory of the Helmholtz Association www.kit.edu Contents Abstract xi Zusammenfassung xiii Danksagungen xvii 1. Introduction 1 1.1. Motivation . 1 1.2. Problem . 4 1.3. Existing Solutions . 5 1.4. Contributions . 6 1.5. Outline . 9 I. Foundations and Related Work 11 2. Component-based Software Architectures and Quality 13 2.1. Component-based Software Architecture . 13 2.1.1. Definitions . 13 2.1.2. Component-based Software Development Process . 17 2.2. Quality of Software Architectures . 18 2.2.1. Quality Attributes of Software Architecture . 18 2.2.2. Quantitative Quality Properties . 21 2.3. Modelling Concepts . 24 2.3.1. Models and Metamodels . 24 2.3.2. Essential Meta Object Facility . 26 2.4. Model-based Quality Prediction .
    [Show full text]
  • The Role of an Architect
    Learn the discipline, pursue the art, and contribute ideas at www.ArchitectureJournal.net Resources you can build on. Journal 15 The Role of an Architect We Don’t Need No Architects! Becoming an Architect in a System Integrator Architecture Journal Profi le: Paul Priess The Open Group’s Architect Certifi cation Programs The Need for an Architectural Body of Knowledge A Study of Architect Roles by IASA Sweden The Softer Side of the Architect An A-Z Guide to Being an Architect ® Contents TM Journal 15 Foreword 1 by Simon Guest We Don’t Need No Architects 2 by Joseph Hofstader What does an architect do? What should an architect do? Join Joseph Hofstader as he examines the role of an architect. Becoming an Architect in a System Integrator 7 by Amit Unde In this article, Amit Unde explores the skills that aspiring architects need in a leading System Integrator. Architecture Journal Profi le: Paul Preiss 10 We chat with Paul Preiss, founder of a nonprofi t group called IASA (International Association of Software Architects). The Open Group’s Architect Certifi cation Programs 13 by Leonard Fehskens Join Leonard Fehskens as he outlines one of the industry’s architect certifi cation programs, Open Group’s ITAC (IT Architect Certifi cation). The Need for an Architectural Body of Knowledge 17 by Miha Kralj Miha Kralj covers an Architectural Body of Knowledge, an effort led by the Microsoft Certifi ed Architect community. A Study of Architect Roles by IASA Sweden 22 by Daniel Akenine Discover a perspective of architect roles through a recent study conducted by the local IASA chapter in Sweden.
    [Show full text]
  • Designing Software Architecture to Support Continuous Delivery and Devops: a Systematic Literature Review
    Designing Software Architecture to Support Continuous Delivery and DevOps: A Systematic Literature Review Robin Bolscher and Maya Daneva University of Twente, Drienerlolaan 5, Enschede, The Netherlands [email protected], [email protected] Keywords: Software Architecture, Continuous Delivery, Continuous Integration, DevOps, Deployability, Systematic Literature Review, Micro-services. Abstract: This paper presents a systematic literature review of software architecture approaches that support the implementation of Continuous Delivery (CD) and DevOps. Its goal is to provide an understanding of the state- of-the-art on the topic, which is informative for both researchers and practitioners. We found 17 characteristics of a software architecture that are beneficial for CD and DevOps adoption and identified ten potential software architecture obstacles in adopting CD and DevOps in the case of an existing software system. Moreover, our review indicated that micro-services are a dominant architectural style in this context. Our literature review has some implications: for researchers, it provides a map of the recent research efforts on software architecture in the CD and DevOps domain. For practitioners, it describes a set of software architecture principles that possibly can guide the process of creating or adapting software systems to fit in the CD and DevOps context. 1 INTRODUCTION designing new software architectures tailored for CD and DevOps practices. The practice of releasing software early and often has For clarity, before elaborating on the subject of been increasingly more adopted by software this SLR, we present the definitions of the concepts organizations (Fox et al., 2014) in order to stay that we will address: Software architecture of a competitive in the software market.
    [Show full text]
  • Software Engineering (SE) 1
    Software Engineering (SE) 1 SE 352 | OBJECT-ORIENTED ENTERPRISE APPLICATION DEVELOPMENT SOFTWARE ENGINEERING | 4 quarter hours (Undergraduate) (SE) This course focuses on applying object-oriented techniques in the design and development of software systems for enterprise applications. Topics SE 325 | INTRODUCTION TO SOFTWARE ENGINEERING | 4 quarter hours include component architecture, such as Java Beans and Enterprise (Undergraduate) Java Beans, GUI components, such as Swing, database connectivity and This course introduces students to the activities performed at each object repositories, server application integration using technologies stage of the development process so that they can understand the full such as servlets, Java Server Pages, JDBC and RMI, security and lifecycle context of specific tasks such as coding and testing. Topics will internationalization. PREREQUISITE(S): CSC 301. include software development processes, domain modeling, requirements CSC 301 is a prerequisite for this class. elicitation and specification, architectural design and analysis, product SE 356 | SOFTWARE DEVELOPMENT FOR MOBILE AND WIRELESS and process level metrics, configuration management, quality assurance SYSTEMS | 4 quarter hours activities including user acceptance testing and unit testing, project (Undergraduate) management skills such as risk analysis, effort estimation, project This course will focus on the unique aspects of developing software release planning, and software engineering ethics. applications for mobile and wireless systems, such as personal digital CSC 301 or CSC 393 is a prerequisite for this class. assistant (PDA) devices and mobile phones. Topics will include user SE 330 | OBJECT ORIENTED MODELING | 4 quarter hours interface design for small screens with restricted input modalities, data (Undergraduate) synchronization for mobile databases as well as wireless programming Object-oriented modeling techniques for analysis and design.
    [Show full text]
  • Composition of Software Architectures Christos Kloukinas
    Composition of Software Architectures Christos Kloukinas To cite this version: Christos Kloukinas. Composition of Software Architectures. Computer Science [cs]. Université Rennes 1, 2002. English. tel-00469412 HAL Id: tel-00469412 https://tel.archives-ouvertes.fr/tel-00469412 Submitted on 1 Apr 2010 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Composition of Software Architectures - Ph.D. Thesis - - Presented in front of the University of Rennes I, France - - English Version - Christos Kloukinas Jury Members : Jean-Pierre Banâtre Jacky Estublier Cliff Jones Valérie Issarny Nicole Lévy Joseph Sifakis February 12, 2002 Résumé Les systèmes informatiques deviennent de plus en plus complexes et doivent offrir un nombre croissant de propriétés non fonctionnelles, comme la fiabi- lité, la disponibilité, la sécurité, etc.. De telles propriétés sont habituellement fournies au moyen d’un intergiciel qui se situe entre le matériel (et le sys- tème d’exploitation) et le niveau applicatif, masquant ainsi les spécificités du système sous-jacent et permettant à des applications d’être utilisées avec dif- férentes infrastructures. Cependant, à mesure que les exigences de propriétés non fonctionnelles augmentent, les architectes système se trouvent confron- tés au cas où aucun intergiciel disponible ne fournit toutes les propriétés non fonctionnelles visées.
    [Show full text]
  • Download Distributed Systems Free Ebook
    DISTRIBUTED SYSTEMS DOWNLOAD FREE BOOK Maarten van Steen, Andrew S Tanenbaum | 596 pages | 01 Feb 2017 | Createspace Independent Publishing Platform | 9781543057386 | English | United States Distributed Systems - The Complete Guide The hope is that together, the system can maximize resources and information while preventing failures, as if one system fails, it won't affect the availability of the service. Banker's algorithm Dijkstra's algorithm DJP algorithm Prim's algorithm Dijkstra-Scholten algorithm Dekker's algorithm generalization Smoothsort Shunting-yard algorithm Distributed Systems marking algorithm Concurrent algorithms Distributed Systems algorithms Deadlock prevention algorithms Mutual exclusion algorithms Self-stabilizing Distributed Systems. Learn to code for free. For the first time computers would be able to send messages to other systems with a local IP address. The messages passed between machines contain forms of data that the systems want to share like databases, objects, and Distributed Systems. Also known as distributed computing and distributed databases, a distributed system is a collection of independent components located on different machines that share messages with each other in order to achieve common goals. To prevent infinite loops, running the code requires some amount of Ether. As mentioned in many places, one of which this great articleyou cannot have consistency and availability without partition tolerance. Because it works in batches jobs a problem arises where if your job fails — Distributed Systems need to restart the whole thing. While in a voting system an attacker need only add nodes to the network which is Distributed Systems, as free access to the network is a design targetin a CPU power based scheme an attacker faces a physical limitation: getting access to more and more powerful hardware.
    [Show full text]
  • Introduction to Software Architecture
    Introduction to Software Architecture Imed Hammouda Chalmers | University of Gothenburg Who am I? • Associate Professor of Software Engineering, previously in Tampere, Finland • Research interests – Software Architecture, Open Source, Software Ecosystems, Software Development Methods and Tools, Variability Management • Developing and supporting open software architectures • Studying socio-technical dependencies in software development • Software ecosystems • Coordinates: [email protected], [email protected] • Room 416, floor 4, Jupiter building, Campus Lindholmen • Phone +46 31 772 60 40 Introduction to Software Architecture 2 • What is software architecture? • Architectural drivers • Addressing architectural drivers • Architectural views • Example system Introduction to Software Architecture 3 What is Software Architecture? • Software Architecture is the global organization of a software system, including – the division of software into subsystems/components, – policies according to which these subsystems interact, – the definition of their interfaces. T. C. Lethbridge & R. Laganière Introduction to Software Architecture 4 What is Software Architecture? • "The software architecture of a program or computing system is the structure or structures of the system, which comprise software components, the externally visible properties of those components, and the relationships among them." Len Bass Introduction to Software Architecture 5 What is Software Architecture? • “fundamental concepts or properties of a system in its environment
    [Show full text]
  • 2010 CERT Research Report
    The CERT® Program’s research mission is to leverage our operational experience and access to state-of-the-art research to fill gaps for our customers, collaborate with the cyber security research community, and provide longer-range perspectives on cyber-security research, technology, and policy. Table of Contents CERT Research Vision .................................................... 2 Executive Summary ..................................................... 3 2010 Research Report Abstracts . 4 CERT in the News ....................................................... 7 Special Project: Recommending Cyber Security Research Topics ................. 9 Critical Code ............................................................11 Insider Threat .......................................................... 14 Insider Threat Vulnerability Assessment Measurement . 17 Modeling and Analysis of Insider Fraud . 19 Insider Threat Lab . 21 Insider Threat in the Financial Services Sector . 22 Preventing the Federal Government from Being the Victim of Identity Theft . 24 Secure Coding ......................................................... 25 Secure Coding Initiative . 28 Software Security Assurance ............................................. 34 Building Assured Systems Framework (BASF) . 37 Supply Chain Assurance . 39 Measuring Software Security Assurance . 42 Security Requirements Engineering . 45 Using Trusted Hardware as a Foundation for Cyber Security . 47 Analysis of Catastrophic Failures . 50 Complexity Modeling and Analysis . 52 Science of Cyber
    [Show full text]
  • Creating and Managing Csirts Page 1 Creating and Managing Csirts
    Creating and Managing Computer Security Incident Response Teams (CSIRTs) CERT® Coordination Center Networked Systems Survivability Program Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 1996-2004 Carnegie Mellon University ® CERT, CERT Coordination Center, and Carnegie Mellon are registered in the U.S. Patent and Trademark Office This material is approved for public release. Distribution is limited by the Software Engineering Institute to attendees. The CERT® Coordination Center (CERT/CC) was created in November 1988 by the Defense Advanced Research Projects Agency (DARPA) in the aftermath of an Internet Worm incident. The CERT/CC is located at Carnegie Mellon University’s Software Engineering Institute (SEI). The SEI is a federally funded research and development center (FFRDC) sponsored by the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics [OUSD (AT&L)]. The mission of the CERT/CC is to • act as a coordination center, • foster collaboration across the network community to achieve effective incident response, • assist other organizations in forming response teams, and • conduct research and analysis of incident trends. Parts of this work were derived from work originally sponsored by the U.S. Army Land Information Warfare Activity (LIWA) and the U.S. Defense Information Systems Agency (DISA). Creating and Managing CSIRTs Page 1 Creating and Managing CSIRTs Introduction Creating an Effective CSIRT CSIRT Components Operational Management Issues Incident Handling
    [Show full text]
  • Us-Cert.Gov) in Partnership with DHS
    Cyber Security—Reality and Perspectives Dr. Angel Jordan Director of the Software Engineering Institute Provost Emeritus Carnegie Mellon University Brazil, March 2004 © 2004 by Carnegie Mellon University 1 Cyber Security—Reality and Perspectives Dr. Angel Jordan Director of the Software Engineering Institute CERT® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 The CERT Coordination Center is part of the Software Engineering Institute. The Software Engineering Institute is sponsored by the U.S. Department of Defense. © 2004 by Carnegie Mellon University 2 Overview • The Cyber Environment • Statistics • Implementing Cyber Security • CERT Advisories • Cyberterror Vulnerabilities • The CERT Centers and their Initiatives © 2004 by Carnegie Mellon University 3 The Cyber Environment Cyberspace • Borderless • Dynamic • Anonymous • Accessible Not limited to the Internet • Includes isolated networks • Embedded systems • Wireless technology • Environment expanding to include new technologies © 2004 by Carnegie Mellon University 4 The Cyber Environment “Urban Sprawl” in Cyberspace • Cyberspace has grown exponentially in recent years, now especially with wireless technologies Expansion leads to increased threat • More people are aware of the capabilities of cyberspace (including criminals and terrorists) • The cyber and physical environments now overlap and are interdependent • Critical infrastructures now rely on the cyber environment • As networks, systems, and service multiply, so do vulnerabilities
    [Show full text]