search menu icon-carat-right cmu-wordmark

AADL Modeling and Analysis Tool for Cyber Resiliency: GE VERDICT / DARPA CASE

This presentation by Michael Durling was given virtually at AADL/ACVIP User Days 2021.

Software Engineering Institute



AADL/ACVIP User Days 2021 was hosted by the Software Engineering Institute (SEI) and held virtually on February 3-4, 2021. AADL/ACVIP User Days is a free two-day virtual forum to present the latest on the Architecture Analysis and Design Language (AADL), the Architecture-Centric Virtual Integration Process (ACVIP), and associated tools. This presentation by Michael Durling was given virtually at AADL/ACVIP User Days 2021.

A team, led by GE Research, including GE Aviation Systems and the University of Iowa created an AADL based tool on the DARPA Cyber Assured Systems Engineering (CASE) program. The tool is named VERDICT - Verification Evidence and Resilient Design in Anticipation of Cybersecurity Threats. VERDICT enables system engineers to model, jointly analyze safety and security based on AADL architectural models and mission scenarios, generate fault and attack/defense trees, then synthesize an architecture that meets all the design constraints. The attacks are based on MITRE's Common Attack Pattern Enumeration and Classification (CAPEC™) framework. Once the architecture is in place, the second thread of the tool will perform a formal analysis of the architecture and design models to see if they satisfy formal resiliency properties. After the analysis, the tool returns proof evidence that the system is resilient, counter examples that highlight vulnerability, or run-time monitor location recommendations.

Michael Durling is the Technical Manager for High Assurance Systems at General Electric Research (GRC) in Niskayuna, New York. He has been at GRC since 1999 in various engineering leadership roles. He has a BSEE and MSEE from Rensselaer Polytechnic Institute. In his current role, his team is focused on developing technology and tools that provide trust and assurance of functionality and security for critical software and systems that may include artificial intelligence and machine learning algorithms. The team is concentrating on formal modeling and analysis of requirements, architecture and design models, automated test case generation, and optimized test automation.

Watch the video on YouTube