Security Policy and Resiliency Tools and ANalysis (SPARTAN)

Presented as part of the 2019 HCSS conference.

The role of the Systems Engineer is to specify a design that meets stakeholder needs. The ability of a design to be resilient to a variety of classes of cyberattack is a first-class stakeholder need that Systems Engineers and their tools are currently ill-equipped to handle. STR has developed a suite of tools that leverage standard Systems Engineering artifacts to expose and prioritize the protections that must be added to the system, from the earliest phases of design, to be resilient to cyberattack. STR’s Security Policy and Resiliency Tools and ANalysis (SPARTAN) toolchain can process system architecture models represented in either the Architecture Analysis and Design Language (AADL) or the Systems Modeling Language (SysML) to reason about which data transfers between system component are allowed, under what conditions, and which connections are not. Thus, SPARTAN builds a mathematical representation of the complete space of Cyber Requirements (CRs) from the modeling artifacts, which enumerate all data transfers between components that shall not occur in the design. Failure of the system to obey a CR, which will allow unintended accesses of system components to occur, represents a fault. A resilient system needs to display fault tolerance, the ability to retain critical mission functionality in the presence of faults. To reason about resiliency, SPARTAN leverages the modeling capabilities of SysML to capture the system level failures that may be triggered by component level faults. The resulting Cyber Resiliency Requirements (CRRs) are then assessed for impact on system failure risk using agent-based modeling and Monte Carlo simulations. 

This talk will detail the SPARTAN tool chain, results and lessons learned. SPARTAN was developed for the DARPA Cyber Assured Systems Engineering (CASE) Phase 1 program. 

Lindsay Holden is a Lead Scientist at Systems & Technology Research in Woburn, MA and has over 12 years of experience in systems and software engineering for complex defense systems. She has a B.S. in Aerospace Engineering from the University of Michigan, an M.S. in Aerospace Engineering from Georgia Tech, and an M.S. in Engineering Management from Tufts University. She has spent her professional career leading teams in the development and test of a variety of systems in different domains, including autonomy software for Unmanned Undersea Vehicles (UUVs), and the development of Model-Based Systems Engineering solutions for government sponsors.