Architecture/Security Roundtable Discussion

1. Architecture/Security Roundtable Discussion security architecture Architect and Security are separate topics, architecture is overarching concept.

2. Team Members Bayuk, Jennifer Brown, Winson Clarke, Lori Dauby, Jason Ergin, Nil Guckert, Ross Hamilton, Drew Horowitz, Barry Huang, LiGuo Mitola, Joe Sangwan, Ragu West, Stephen Facilitators: Bayuk, Jennifer; Hamilton, Drew

3. Problem Definition Model-assisted (using SYSML), lifecycle issues, evolution requirements (e.g. scale) Check-the-box approaches do not work. Evaluation criteria are not evident. How to produce feasibility evidence? Can architecture be separated from design? What tools and processes can inform architecture, how to define attributes like security? Security attributes cannot be taken out of context. Need high level principles? Can they be applied to architecture directly? Functional requirements usually come first. Is this the right order? Should quality come first? How to reduce ambiguity?

4. Purpose/Objectives of a Research Effort To extract goals for architecture, operational definitions for quality implications for mission. Possible to define attributes first prior to functionality? Security, architecture of all scales? Motivate better architecture by allowing justification for project costs due to architectural design considerations not currently accounted for by contracting processes. Identify out-of-norm detection techniques early in evolution. Reduce tendency for humans to grab low-hanging (potentially poisonous) fruit (and commit to poor choices made too early, instead learn from them, metrics?).

5. Benefits of a Research Effort Provide potentially better presentation methods for architecture alternatives. Catalogue of standard system-to-system and enterprise views and their relationships. Allows for human-centric mission-driven views. Produces rigorous definitions as a basis for measurability. Provides basis for evaluating systems on the basis of scenarios. Allows for plug-and-play testing for components. Provide methodology to isolate problematic architectural issues in system components. Provide framework to study agility versus evolvability? Provide migration path via industry standards. Potential for expansion of computing and communication facility command and control alternatives.

6. Approach of a Research Effort Cloud computing may allow experimentation with both architecture and security in an economically viable manner. Architecture centric engineering using architecture agility principles Attack complexity issues head-on. Shadow projects with alternative architectural approaches. Make architecture evaluation a formal part. Use security benefits as justification for “duplicate” efforts. Have separate project to use formal architecture framework reviews of a variety of other projects.

7. Potential Task Initiatives DD R&E – acquisition process DOD - Commercial system evaluation Functional capability specification DOE - resiliency sourcing area DOD overlap for portable power generation systems NSA - asset protection strategies IAD evaluation criteria DOD, Agency overlap with functional assurance criteria DHS - Critical infrastructure protection evaluation criteria IC - Any command and control function that would benefit from architecture alternatives MDA – security architecture

8. Potential Collaborators Bayuk, Jennifer Brown, Winson Clarke, Lori Dauby, Jason Ergin, Nil Guckert, Ross Hamilton, Drew • Horowitz, Barry • Huang, LiGuo • Mostashari, Ali • Mitola, Joe • Sangwan, Ragu • West, Stephen