Software Engineering Institute

This problem stems from the fact that the CHIC (Commodity Heterogenous Interconnected Computing-platforms) stack is heterogeneous by nature: we have disparate hardware platform architecture, multiple software layers and millions of lines of software spread across those layers with diverse development pedigree. This opens up a plethora of attack surfaces.

An effective solution to this problem must meet three goals:

• be provable, so we can have assurance on the security delivered
• allow the DoD to procure and maintain such provably secure CPS implementations in a cost-effective manner
• preserve existing functionality to max extent possible or be innocuous (stemming from the NASA innocuity definition)