Galois Releases MBSE Training Materials for AADL and CASE Tools
Galois today announced the release of CASE-AADL-Tutorial, an extensive set of training materials for both the Architecture Analysis & Design Language (AADL) and the freely-available Cyber Assured Systems Engineering (CASE) tools developed by DARPA. While excellent stand-alone documentation about AADL and each CASE tool already exists, more hands-on guides for real-world scenarios previously did not. These new training materials were prepared to be practical instructions detailing how to approach modeling and running the CASE tools to accomplish specific tasks.
Each guide in the training materials is accompanied by a set of example models that readers can use to learn how to model the system and execute the analyses provided in the training scenario. At each step along the way, the guides explain what actions are being performed, and why. The intent is to provide practical training for Model Based Systems Engineering (MBSE), while simultaneously allowing users to explore the state of the art in the field, learning what is possible with AADL and CASE.
Crafting Cyber Resilient Systems
But why do these sorts of digital engineering tools matter anyway?
In short, in an increasingly complex cyber security landscape, AADL and CASE tools are part of an approach that helps system engineers create cyber-resilient systems from the ground up.
NIST defines Cyber Resilience as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resilience starts at the architectural level. System components need to be designed, connected, and configured in a way that is resistant to attack. This includes applying appropriate encryption mechanisms to data at rest and data in transit, using filters or guards on interfaces, limiting connectivity to external devices and building in fail-safe redundancy.
Both AADL and the CASE program tools are intended to support systems engineering practitioners during the design and development of cyber resilient systems. In particular, the tools were created for the following goals:
- Elicitation of cyber resiliency requirements before the system is built
- Design and verification of systems when requirements are not testable (i.e., when they are expressed in “shall not” statements)
- Automatic adaptation of software to new non-functional requirements; and
- Scaling and providing meaningful feedback from analysis tools that reside low in the development tool chain
The CASE tools are intended to be used in an iterative process with the system designer. The tools find weaknesses in the design which are then addressed by adapting and/or refining the system architecture as well as imposing new requirements. The process of deriving requirements and then refining the design is repeated until cyber risk can be reduced to a desired level.
At Galois, we build tools that empower our clients to map and understand the minute components and interactions of complex system architecture. This Model-Based Security Engineering tutorial release is part of an ongoing deliberate effort to make tooling available to help the community improve across all areas of Digital Engineering.
Our goal is to make it a regular practice for engineers to generate detailed digital models of their intricate systems right from the beginning of the development process. These models will be used to examine and analyze complex systems at varying levels of detail, enabling faster and more cost-effective experimentation and testing compared to current methods. This approach will facilitate rapid iterations and development, ultimately leading to improved quality for the numerous complex systems that we depend on every day.