Trends in Software Design for Software Assurance

Interconnectivity has revolutionized software applications and designs; the frustrating days of using adapters for different systems, experiencing severe lag, or juggling five platforms for one purpose are gone. Now, software interconnectivity has made real life feel like futuristic movies where a single swipe of a finger takes a video from a mobile device to the television. However, with this interconnectivity comes various cybersecurity challenges, creating a connected system that is only as strong as its weakest link.

Technology trends signal that interconnectivity is essential to consumers and developers; it creates a more seamless experience for users, and for developers, it means easier co-creation, faster time to market, and more integrated software. At the same time, cybercriminals are increasingly more sophisticated, quickly hacking vulnerable endpoints and infiltrating an entire organization’s infrastructure within seconds.

At key thought leadership conferences, including the 2021 International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2021); the 26th European Conference on Pattern Languages of Programs (EuroPLoP’21); and the 2021 International Conference on Model-Driven Engineering Languages and Systems (MODELS 2021), five different themes around multiconcern assurance are discussed.

Multiconcern Assurance in Real Life

Take newly automated vehicles, for example. Modern vehicles are increasingly enhanced with technology, but safety is still the primary concern. New technology threatens to compromise safety if certain checks and balances are not utilized, and stringent standards aren’t set across the industry for consistency. If an attack enters through a technology endpoint and physically compromises the safety of the vehicle and its passenger, this could have devastating consequences. About 68% of companies have experienced an endpoint attack, and when these endpoints are highly impactful systems like vehicles, the effects are far-reaching and severe.

Similarly, consistent security arguments are needed to help software engineers create more secure systems that can still work seamlessly with other applications. Safety cases, an assurance technique required or recommended by multiple systems, also create secure technology. If taking home monitoring hardware, for example, then interconnectedness with other applications is critical in making the system run smoothly and preventing breaches.

When interconnectedness is played out in real life, there are inevitably conflicts between stakeholders. With sometimes competing interests, standard processes accounting for bias and responsiveness help prevent a recurrence. Additionally, synthesizing those variable components in an Open Source AADL Tool Environment (OSATE) helps detect potential vulnerabilities and suggest mitigations.

The Future Outlook

In 2022, the Internet of Things (IoT) market grew by 18%, leading to 14.4 billion endpoints. As more endpoints arise, more vulnerabilities are exposed, and cybercriminals have billions of new access points to sensitive systems like the global supply chain or healthcare organizations. Roughly 15% of organizations are not using any endpoint security. As complex systems become more intertwined, the architecture and design of these systems need to account for sometimes contradicting and competing needs, which calls for software designers to rethink the idea of software-intensive systems. Read the latest research and education through the five articles presented in "Software Design Trends that Support Multi-concern Assurance".

Download the Full Study