Research
INSRE fosters applied research that is enhancing national security, defense, cybersecurity, intelligence gathering, and response capabilities.
Our Big 8 Research Capabilities
Optics and Photonics
Optics and Photonics
Quantum Advanced Applied Materials
Quantum Advanced Applied Materials
System Engineering and Prototyping
System Engineering and Prototyping
Cybersecurity
Cybersecurity
Cube-Satellite Platforms
Information Assurance & Data Science
Information Assurance & Data Science
Materials Engineering & Characterization
Experimental Mechanics and Diagnostics
Experimental Mechanics and Diagnostics
Facilities & Capabilities
- Montana Microfabrication Facility
- Imaging and Chemical Analysis Lab
- MT State Mass Spectrometry Facility
- Applied Research Lab
- Subzero Research Lab
- Center for Biofilm and Engineering
Research Centers & Lab Partners
- MilTech
- Software Engineering & Cybersecurity Lab
- System Engineering in Extreme Environments
- Spectrum Lab (Photonics)
- Applied Quantum CORE Testbed
Student Research Examples
Cyber Security Lab
Eric O'Donoghue
Title: Analysis of Software Bill of Materials Compliance/Quality and Software Supply Chain Security Quality Using Hierarchical Quality Models
With the reliance on software across industries, ensuring the security and quality of software components in software supply chains has become a critical concern for software providers. Software Bill of Materials (SBOM) is an emerging technology that provides an inventory of all software components used in a particular application or system. This thesis addresses two facets of SBOM technology: quality of software bills of materials in their current state and the application of SBOMs as a tool for performing security quality analysis on software supply chains.
Our first research goal is to improve software providers ability in assessing both
compliance to government standards and quality of software bills of materials. We
accomplished this goal by developing and validating a hierarchical quality model,
name tbd, to evaluate the quality of software bills of materials. Our second goal
is to improve providers ability in assessing software supply chain security quality
utilizing SBOM technology. We accomplished this goal by developing and validating
a hierarchical security quality model, PIQUE-SBOM-SUPPLYCHAIN-SEC, to evaluate the
security quality of third-party libraries and packages present in software. While
there are existing tools that can be used to measure SBOM quality or software supply
chain security, the use of a model is beneficial in both these cases as it integrates
multiple analysis tools to have a better coverage of quality and security issues,
utilizes existing quality standards, improves scoring accuracy via benchmarking a
large corpus of SBOMs, and finally the aggregation of findings upward into a broader
quality and security context.