Software Engineering Institute

Explainable AI: Why Did the Robot Do That?

Autonomy and Counter-Autonomy

To help human users trust their robot team members in critical situations, we develop tools that allow autonomous systems to explain their behavior.

Verifying Distributed, Adaptive Real-Time (DART) Systems

Autonomy and Counter-Autonomy Mission Assurance System Verification and Validation

Distributed, adaptive real-time (DART) systems must satisfy safety-critical requirements. We developed a method to verify DART systems and generate assured code.

Multi-Agent Decentralized Planning for Adversarial Robotic Teams

Autonomy and Counter-Autonomy

We created multi-agent planning techniques, middleware, and algorithms that enable single users to manage fleets of UASs in real-world environments with changing adversaries.

QUELCE: Quantifying Uncertainty in Early Lifecycle Cost Estimation

Data Modeling and Analytics Software Engineering and Information Assurance

Costs for large new systems are hard to estimate. We developed a method to quantify uncertainty and increase confidence in a program's cost estimate.

Automated Code Repair

Autonomy and Counter-Autonomy Software Engineering and Information Assurance Cybersecurity

Finding security flaws in source code is daunting; fixing them is an even greater challenge. Our researchers are creating automated tools that can repair bugs automatically or by prompting developers for more information to make effective repairs.

Using Automation to Prioritize Alerts from Static Analysis Tools

System Verification and Validation Cybersecurity

The new CERT method for validating and repairing defects found by static analysis tools helps auditors and coders address more alerts with less effort.

Improving Verification with Parallel Software Model Checking

System Verification and Validation

Current methods for software model checking can take too much time. We develop algorithms for SMC that execute many operations in parallel to improve scalability.

Design Pattern Recovery from Malware Binaries

Software Engineering and Information Assurance Cybersecurity

The U.S. Department of Defense (DoD) and industry face many malware problems. CERT researchers automate malware analysis capabilities, including those focused on malware family evolution and similarity.

Supporting the U.S. Army's Joint Multi-Role Technology Demonstrator Effort

Software Engineering and Information Assurance System Verification and Validation

We build and analyze virtual software systems to find problems early in development, before a system is built. Early discovery reduces cost and certification time.

Automating Vulnerability Discovery in Critical Applications

Software Engineering and Information Assurance Cybersecurity

CERT researchers develop automated tools that discover and mitigate software vulnerabilities and transfer them to researchers, procurement specialists, and software vendors.

Converting a Navy Weapon System from a 32- to a 64-Bit Architecture

Mission Assurance Software Engineering and Information Assurance

The SEI provided an independent assessment of the risks of migrating a weapons control system deployed by the U.S. Navy from one architecture to another.

GraphBLAS: A Programming Specification for Graph Analysis

Mission Assurance

The GraphBLAS Forum is a world-wide consortium of researchers working to develop a programming specification for graph analysis that will simplify development.

Positive Incentives for Reducing Insider Threat

Cybersecurity

Insiders present unique challenges to cybersecurity. We research insider threats and develop tools to analyze threat indicators in sociotechnical networks.

Managing Technical Debt with Data-Driven Analysis

Data Modeling and Analytics Software Engineering and Information Assurance

Most software projects carry technical debt. We develop tools and techniques that identify it and provide a complete view of the debt that you need to manage.

A Tool Set to Support Big Data Systems Acquisition

Data Modeling and Analytics

We offer an approach that reduces risk and simplifies the selection and acquisition of big data technologies when you acquire and develop big data systems.

Helping Government Realize the Agile Advantage

Software Engineering and Information Assurance Mission Assurance

We develop a wealth of resources to help the U.S. Department of Defense (DoD) and federal agencies make informed decisions about using Agile and lean approaches in achieving their goals.

Security-Aware Acquisition

Cybersecurity

The techniques developed by CERT researchers help you evaluate and manage cyber risk in today’s complex software supply chains.

System and Platform Evaluation

Cybersecurity

CERT researchers develop and perform advanced penetration testing and cyber vulnerability assessments of organizations' systems and platforms.

Empirical Research Office

Data Modeling and Analytics

We improve the capability delivered for every dollar of U.S. Department of Defense (DoD) investment made in software systems by improving the use of data in decision making.

Digital Forensics: Advancing Solutions for Today's Escalating Cybercrime

Cybersecurity

As cybercrime proliferates, CERT researchers help law enforcement investigators process digital evidence with courses, methodologies and tools, skills, and experience.

Acquiring Systems, Not Just Software

Data Modeling and Analytics

The U.S. Department of Defense (DoD) and federal agencies are increasingly acquiring software-intensive systems instead of building them with internal resources. However, acquisition programs frequently have difficulty identifying the critical software acquisition activities, deliverables, risks, and opportunities.

USPS Case Study

The SEI teamed with the U.S. Postal Service to help it improve its cybersecurity and resilience and collaborated on a program to develop a strong cybersecurity workforce.

Cyber Lightning Case Study

The SEI hosted Cyber Lightning, a three-day joint training exercise involving Air National Guard and Air Force Reserve units from western Pennsylvania and eastern Ohio.

SEI Hosts Crisis Simulation Exercise for Cyber Intelligence Research Consortium

Mission Assurance

In SEI crisis simulation exercises, participants use scenarios that present fictitious malicious actors and environmental factors based on real-world events.

Runtime Assurance for Big Data Systems

System Verification and Validation

To help assure runtime performance in big data systems, we designed a reference architecture to automatically generate and insert monitors and aggregate metric streams.

Building Security into Application Lifecycles

Software Engineering and Information Assurance Cybersecurity

Cybersecurity Engineering (CSE) prepares program managers, engineers, developers, educators, and others to better approach the acquisition, development, validation, and sustainment of software so they can address known and emerging patterns of software failure, misuse, and abuse.

Smart Grid Maturity Model (SGMM)

Software Engineering and Information Assurance

The smart grid is a constantly evolving infrastructure of digital technology and power industry practices for improving the management of electricity generation, transmission, and distribution. The Smart Grid Maturity Model (SGMM) helps utilities plan their smart grid journeys.

Developing Tomorrow’s Solutions for Improving Cyber Simulations

The CERT Division of the SEI develops tools that virtualize systems to deliver high-quality training and user performance validation to ensure cyber teams are ready to face ever-evolving threats and challenges.

Training Army Analysts to Use the Big Data Platform

Data Modeling and Analytics

ARCYBER is teaming with the SEI CERT Division to create training capabilities that help Army analysts develop the necessary skills for using its Big Data Platform.

Cyber Intelligence Study

Cybersecurity

The practice of cyber intelligence helps organizations protect their assets, know their risks, and recognize opportunities. In 2018, the SEI conducted a cyber intelligence study on behalf of the United States Office of the Director of National Intelligence (ODNI). Our task was to understand how organizations perform the work of cyber intelligence throughout the United States.

Delivering Real-World Experience with Cyber Simulations

The SEI CERT Division develops simulations that offer cyber operators a way to get the experience they need to perform at elite levels.

Architecture Analysis and Design Language

Software Engineering and Information Assurance

Software for mission- and safety-critical systems, such as avionics systems in aircraft, is growing larger and more expensive. The Architecture Analysis and Design Language (AADL) addresses common problems in the development of these systems, such as mismatched assumptions about the physical system, computer hardware, software, and their interactions that can result in system problems detected too late in the development lifecycle.

Designing Trustworthy Artificial Intelligence

The Human-Machine Teaming Framework guides development in creating Artificial Intelligence systems that are accountable to humans, cognitive of speculative risks and benefits, secure, and usable.

Learning Patterns by Observing Behavior with Inverse Reinforcement Learning

The Software Engineering Institute (SEI) uses Inverse Reinforcement Learning (IRL) techniques—an area of machine learning—to more efficiently and effectively teach novices how to perform expert tasks, achieve robotic control, and perform activity-based intelligence.

CMMC—Securing the DIB Supply Chain

Cybersecurity

Malicious cyber activity—the theft of intellectual property and sensitive information—poses an increasing and serious threat to national and economic security. The Department of Defense (DoD) called on our experts in the CERT Division to help create the Cybersecurity Maturity Model Certification (CMMC) program to combat cybercrime in the Defense Industrial Base (DIB) sector, its trusted supply chain of more than 300,000 organizations globally that provide essential military operation products and services.

xView 2 Challenge

The xView 2 Challenge applied computer vision and machine learning to analyze electro-optical satellite imagery before and after natural disasters to assess building damage. The competition’s sponsor was the Department of Defense’s Defense Innovation Unit (DIU). This technology is being used to assess building damage from wildfires in Australia and the United States.

Train, But Verify

Cybersecurity

Attacks on machine learning (ML) systems can make them learn the wrong thing, do the wrong thing, or reveal sensitive information. Train, But Verify protects ML systems by training them to act against two of these threats at the same time and verifying them against realistic threat models.

Community Guidance to Prevent Common Coding Errors

Cybersecurity

The SEI leads a community initiative to establish secure coding practices that prevent coding errors and that are reliable, usable, and effective.

Knowing When You Don’t Know: Engineering AI Systems in an Uncertain World

Data Modeling and Analytics

This project is benchmarking methods for quantifying uncertainty in machine learning (ML) models. It is also developing techniques to identify the causes of uncertainty, rectify them, and efficiently update ML models to reduce uncertainty in their predictions.

AI Engineering: A National Initiative

The SEI is taking the initiative to develop an AI engineering discipline that will lay the groundwork for establishing the practices, processes, and knowledge to build new generations of AI solutions.

Applying Causal Learning to Improve Software Cost Estimation and Project Control

SEI researchers have applied causal learning to help the Department of Defense identify factors that increase software costs and to provide guidance to control them.

Characterizing and Detecting Mismatch in ML-Enabled Systems

The development of machine learning-enabled systems typically involves three separate workflows with three different perspectives—data scientists, software engineers, and operations. The mismatches that arise can result in failed systems. We developed a set of machine-readable descriptors for elements of ML-enabled systems to make stakeholder assumptions explicit and prevent mismatch.