U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


Resilience and System Level Security

July 14, 2016


Lee Badger - NIST/CSD


Presented at:  Software and Supply Chain Assurance Forum (McLean, Virginia, United States)


One approach for reducing damage caused by software vulnerabilities is to take advantage of emerging systems architecture patterns to strategically improve assurance. Emerging systems architectures embody significant choices about where computation takes place (e.g., server, client, distributed), how intrinsic networking is to typical workloads (always/sometimes required), the resources available in execution environments (e.g., virtual machine, middleware, process, web browser, microcontroller), the degree of inter-component coupling (e.g., monolithic application, microservices), and policies for system updating (e.g., manual vs periodic vs continuous). These choices have potential to significantly increase whole-system complexity, but they also may support architecting systems with high levels of component isolation and independence (e.g., via VMs, containers, language-based separation, microservices). This presentation discusses resilience as a system-level property, illustrates the use of two emerging architecture patterns (OS containers and microservices), and identifies a small number of "idea sketches" describing possible future research opportunities.


computer security; resiliency; vulnerabilities; software assurance; virtualization; containers; micro services

Created March 10, 2017, Updated June 22, 2020