Developing and Securing Software for Small Space Systems
Total Page:16
File Type:pdf, Size:1020Kb
Utah State University DigitalCommons@USU All Graduate Theses and Dissertations Graduate Studies 8-2019 Developing and Securing Software for Small Space Systems Brandon L. Shirley Utah State University Follow this and additional works at: https://digitalcommons.usu.edu/etd Part of the Computer Sciences Commons Recommended Citation Shirley, Brandon L., "Developing and Securing Software for Small Space Systems" (2019). All Graduate Theses and Dissertations. 7544. https://digitalcommons.usu.edu/etd/7544 This Dissertation is brought to you for free and open access by the Graduate Studies at DigitalCommons@USU. It has been accepted for inclusion in All Graduate Theses and Dissertations by an authorized administrator of DigitalCommons@USU. For more information, please contact [email protected]. DEVELOPING AND SECURING SOFTWARE FOR SMALL SPACE SYSTEMS by Brandon L. Shirley A dissertation submitted in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY in Computer Science Approved: Stephen W. Clyde, Ph.D. David E. Brown, Ph.D. Major Professor Committee Member Curtis E. Dyreson, Ph.D. Chad D. Mano, Ph.D. Committee Member Committee Member Dan W. Watson, Ph.D. Richard S. Inouye, Ph.D. Committee Member Vice Provost for Graduate Studies UTAH STATE UNIVERSITY Logan, Utah 2019 ii Copyright © Brandon L. Shirley 2019 All Rights Reserved iii ABSTRACT Developing and Securing Software For Small Space Systems by Brandon L. Shirley, Doctor of Philosophy Utah State University, 2019 Major Professor: Stephen W. Clyde, Ph.D. Department: Computer Science This research addresses two problems associated with developing smaller multi-vendor satellites for Small Space. These two problems interrelate and this research addresses them together. The Development Problem deals with the development of modular, reusable, and secure space systems while the Security Problem encompasses securing these space systems. This research addresses the Development Problem by conducting a series of five surveys, referred to as Space Industry Software Development Practices and Attitudes (SISDPA), to asses current attitudes and state of practice among space system developers. This crys- tallized a need in space system development | modular reusable open networks can help Small Space realize its potential, but there is still a need to address certain security threats. This research addresses the Security Problem by creating Secured Space Plug-and-Play Services Manager (SSSM), a secure modular reusable open-network software development framework based off of Space Plug-and-Play Services Manager (SSM). SSSM adds security provisions while minimizing the impact on developers using the framework. An evaluation of SSSM shows that it preserves the ease-of-use of SSM while adding policy enforcement in the form of authentication, access control, and encryption provisions. (284 pages) iv PUBLIC ABSTRACT Developing and Securing Software For Small Space Systems Brandon L. Shirley The space systems industry is moving towards smaller multi-vendor satellites, known as Small Space. This shift is driven by economic and technological factors that necessitate hardware and software components that are modular, reusable, and secure. This research addresses two problems associated with the development of modular, reusable, and secure space systems: developing software for space systems (the Development Problem) and se- curing space systems (the Security Problem). These two problems are interrelated and this research addresses them together. The Development Problem encompasses challenges that space systems developers face as they try to address the constraints induced by reduced budgets, design and develop- ment lifecycles, maintenance allowances, multi-vendor component integration and testing timelines. In order to satisfy these constraints a single small satellite might incorporate hardware and software components from dozens of organizations with independent work forces and schedules. The Security Problem deals with growing need to ensure that each one of these software or hardware components behaves according to policy or system design as well as the typical cybersecurity concerns that face any information system. This research addresses the Development Problem by exploring the needs and barriers of Small Space to find the best path forward for the space systems industry to catch up with the methodology advancements already being widely used in other software fields. To do this exploration a series of five surveys, referred to as SISDPA, was conducted to asses current attitudes and state of practice among space system developers. This crystallized a need in space system development | modular reusable open networks can help Small Space realize its potential, but there is still need to address certain security threats. v This research addresses the Security Problem by augmenting a modular reusable open- network software development framework, called SSM, by adding policy enforcement in the form of authentication, access control, and encryption provisions, to create a new devel- opment framework, SSSM. This design and implementation adds security provisions while minimizing the impact on developers using the framework. SSSM is evaluated in terms of developer and system resource burden and shows that SSSM does not significantly increase developer burden and preserves the ease-of-use of SSM. vi To Allyson, we would not be here without you. vii ACKNOWLEDGMENTS It has been a long road, I would like to acknowledge those who have helped or carried me along the way. The Space Dynamics Laboratory, for the PhD Fellowship and support via internal research and development funding. Allyson, for sharing the burden and prodding me along when I got complacent. Dr. Stephen Clyde, for letting me struggle when I needed to struggle and helping when I really needed help even though he was busy beyond belief. Brook Mckenna for her help and patience throughout the PhD Fellowship process. The various members of the Utah State University (USU) Computer Science faculty that I have pestered over the years, for their patience and help. Parents, for instilling a resilient stubbornness that helped get me through. Katelyn, Hannah, and Nora, for helping me remember what is important. Mark Greenman, for letting me vent, and generally giving me good advice. David Anderson and Ian Karlinsey, for helping stay on track during all those years down in Albuquerque. Brandon Holdaway, for his help in implemented SSSM. All those in Albuquerque and Logan that have put up with my struggle over the years. All the others who helped get me here. Brandon L. Shirley viii CONTENTS Page ABSTRACT :::::::::::::::::::::::::::::::::::::::::::::::::::::: iii PUBLIC ABSTRACT ::::::::::::::::::::::::::::::::::::::::::::::: iv ACKNOWLEDGMENTS :::::::::::::::::::::::::::::::::::::::::::: vii LIST OF TABLES ::::::::::::::::::::::::::::::::::::::::::::::::: xii LIST OF FIGURES :::::::::::::::::::::::::::::::::::::::::::::::: xvi LIST OF SAMPLES :::::::::::::::::::::::::::::::::::::::::::::::: xvii ACRONYMS :::::::::::::::::::::::::::::::::::::::::::::::::::::xviii 1 INTRODUCTION ::::::::::::::::::::::::::::::::::::::::::::::: 1 2 RELATED WORK :::::::::::::::::::::::::::::::::::::::::::::: 5 2.1 Introduction....................................5 2.2 Modularity and Reuse in Space Systems....................5 2.3 Security for Space Systems...........................9 2.3.1 Policy and Principles........................... 10 2.3.2 Process and Tools............................ 13 2.3.3 Implementations............................. 15 3 SURVEY SERIES DESCRIPTION ::::::::::::::::::::::::::::::::::: 18 3.1 Introduction.................................... 18 3.2 Survey Questions................................. 18 3.3 Survey Distribution................................ 22 4 SURVEY SERIES RESULTS AND ANALYSIS :::::::::::::::::::::::::: 24 4.1 Introduction.................................... 24 4.2 Survey Series Participation........................... 25 4.3 Participant Perception of Code Complexity.................. 27 4.3.1 Code Complexity Importance and Benefits.............. 28 4.3.1.1 Core Concepts (CC ) Survey, Question 2.1 Analysis, Part 1 28 Test 1............................... 29 Test 2............................... 30 Test 3............................... 33 4.3.1.2 CC Survey, Question 2.2 Analysis, Part 1.......... 35 4.3.1.3 Reuse, Interoperability, Portability, Code Complexity (RIPCC ) Survey, Question 2.13 Analysis................ 37 4.3.2 Code Complexity Metrics........................ 42 4.3.2.1 RIPCC Survey, Question 2.15 Analysis........... 43 ix 4.4 Participant Perception of Reusable Software.................. 45 4.4.1 Reusability Importance and Benefits.................. 46 4.4.1.1 CC Survey, Question 2.1 Analysis, Part 2.......... 47 Test 1............................... 47 Test 2............................... 48 4.4.1.2 CC Survey, Question 2.2 Analysis, Part 2.......... 51 4.4.1.3 RIPCC Survey, Question 2.10 Analysis........... 53 4.5 Participant Perception of Modular Open-network System Approaches... 59 4.5.1 Networking Benefits........................... 60 4.5.1.1 Network Survey, Question 2.3 Analysis, Part 1....... 60 4.5.2 Open Systems Architecture/Approach (OSA) and Modular Open Net- work Architecture (MONA) Trends................... 65 4.5.2.1 Open Systems Architecture and Modularity (OSAM ) Survey, Question 2.4 Analysis..................... 66 Test 1............................... 66 Test 2..............................