Software Certification Could Get A Little Simpler Under Evolving DARPA Project

General Electric Company’s central technology development arm, GE Research, is steering the making of an advanced assurance model to accelerate certifying software for critical military and industrial systems.

Currently, it can take one year and millions of dollars to re-certify even modest code changes—but through a fresh $10.5 million project via the Defense Advanced Research Agency’s Automated Rapid Certification of Software or ARCOS program, GE Research intends to dramatically reduce that time and cost. 

The research hub is collaborating with GE Aviation Systems, Galois and Guardtime Federal on this project.

“In general, GE experiences very similar challenges with maintaining and upgrading our industrial fleets as the Defense sector faces with their own fleets of military systems,” Kit Siu, a principal engineer on GE Research’s High Assurance Systems Team co-leading this project, told Nextgov on Thursday. “The opportunities and support DARPA provides through programs like ARCOS not only help to meet important security and military readiness goals and objectives, but they also often lead to improvements for systems in other major industry sectors as well such as aviation and energy.”

Along with an effort officials steered through DARPA’s Cyber Assured Systems Engineering or CASE program, the ARCOS project is all part of what Siu called “a dedicated technology campaign GE Research has” to advance high assurance systems for national security, as well as for industries in aviation, energy and healthcare.

While the present software certification process is typically manual and reliant on human expertise, Siu and the team are producing an automated assurance model that can swiftly curate the right data for certification analysis. 

One element of this work will involve demonstrating a model for a complex aerospace system.

“The best-case scenario outcome would be to complete software updates seamlessly within hours,” Siu explained. “You could show up at a test site in the morning, propose software changes based on observations from the previous day’s run, make the changes and ingest all the evidence of those updates into [the Rapid Assurance Curation Kit], and then have RACK generate a report that shows your changes were done safely, correctly, and securely and have approval for flight by lunchtime.”

Researchers are leaning on artificial intelligence, semantic technology, natural language processing and data analytics, among other technologies, for this pursuit.

“Without defining clear semantics, there can be a lot of misinterpretations, oversights, and rework. Researchers are using NLP to extract meaning out of documents traditionally written in plain text. Mapping that knowledge into a semantic model gives the ability to do analysis and queries. You can ask questions like, ‘Are there parts of the system not covered by satisfying test cases?’; ‘Are there parts of the systems where evidence is weak?’; ‘Have we met all the objectives in our development plan?’” Siu noted. “Being able to answer questions like these during the development process allows better systems to be built faster rather than focusing on ticking development workflow checkboxes.”

Distributed cryptography technology will also be deployed to enhance the security of digital assets in the associated critical systems. 

“Guardtime Federal’s KSI digital integrity and provenance solutions provide users with confidence that their data has not been altered by an unauthorized party,” Siu said. “Using a data-agnostic and distributed cryptographic hash calendar, called the KSI Calendar, data is locked into this single trust anchor to provide mathematical proof of integrity, providing assurance that data have not been modified by an unauthorized party at any later point in time.”