-
Notifications
You must be signed in to change notification settings - Fork 6
Home
Rapid Assurance Curation Kit is a semantic triplestore backed by an ontology. The ontology (or what we also call the data model) is tailored for curating evidence from certification artifacts of software systems. Evidence to show that a software package is fit-for-purpose can come from multiple subsystem providers, each generating data using different tools, in different formats, captured in different levels of granularity. As a curation platform, RACK uses its data model to normalize and organize the data. It also verifies that the ingested data is compliant with constraints specified by the data model, such as data types and cardinalities. RACK also takes as input the provenance of the data, as well as its relationship to the structure of the relevant system. Specifically, RACK provides a data ingestion interface for use by data providers whose primary focus is to generate evidence from which assurance arguments can be crafted. RACK also provides a query interface for use by data consumers whose primary focus is the construction of compelling assurance arguments. RACK queries allow users to find evidence related to diverse parts of the target system, understand where that evidence came from, and what the evidence infers about that system.
RACK is a vendor agnostic data curation system. Requirements can be maintained in a third-party tool such as DOORS; source code in Git; models in Cameo Teamwork Cloud; and build processes in Jenkins. RACK pulls evidential data from all these sources into a knowledge graph from which it can be queried and the returned results can be used to show whether a system meets its goals of safe and secure operation.
This curation platform is developed under the DARPA ARCOS program. There are multiple technical areas (TAs) on the research program. The performer teams that generate evidence are known as TA1s and those that use the evidence to assemble assurance cases are known as TA3s. The performer team that provides the use case for ARCOS is known as TA4. The RACK Project Team and the curation effort is known as TA2. RACK is used by all performer teams on ARCOS.
See our release schedule here.
RACK-in-a-Box (RiB) is a fully functional version of RACK which can be run using a Linux container with Docker or a virtual machine with VirtualBox. Most RACK users run RiB using a Linux container because they already have Docker installed on their machine but not VirtualBox which would require additional effort by the user to install VirtualBox and run RiB using a virtual machine.
RiB runs on Windows, Linux, and MacOS host platforms. We know of no significant resource requirements or version constraints (assuming that your host platform is reasonably current).
- Instructions for running RiB using a Linux container
- Instructions for installing RiB using a virtual machine
Note that there are some differences between using a Linux container and a virtual machine. Linux container images are faster to transfer and easy to start, but they do not persist RiB state across restarts. In contrast, virtual machine images tend to be very large and somewhat more complex to bring up, but they do persist RiB state across restarts with no lost context. We provide both options. See the section on How to save your changes to your RACK box container here for instructions on how to save RiB state across restarts if you choose our Linux container image.
You can get started with RACK by following the steps on the Getting Started page which walks you through how to load and query data using a simple example that provides a small set of "realistic" evidence. The Turnstile describes a small system that you may see at a security gate. This example is created as a living system and as such is expected to change and evolve with the development of the RACK tool suite. The data is part of the RACK repo and includes CSV files, ingestion templates, and ontology overlays.
Users may also wish to familiarize themselves with RACK's graphical interface called SPARQLgraph. Review the generic SemTK wiki.
We provide the following interfaces to RACK. We also provide some tooling to help the end user.
- CLI: Command-line interface can initialize RiB, import data into RiB from CSV files, and export data from RiB to CSV files. Other useful features are also available. CLI should meet most high-level needs for interacting with the RACK system.
- ASSIST
- ASSIST bin tools
- REST API Swagger: REST calls are available if none of the other interfaces meet your needs. Swagger is one of the many ways a REST API can be explored.
- RITE: An Eclipse-based IDE that connects to RACK's triplestore, allows for easy ingestion, integrates with SADL for data model development, and more.
- RACK UI page (http://localhost:8050/): Loads an ingestion package with one click
Here are some useful topics to help users prepare their own data.
- Create an ingestion package that can
be shared for others to load into RiB.
- Note: at present, the recommended order of operation is to first clear existing data in RACK, then ingest an entire set of instance data. This is reflected in the instructions on how to create an ingestion package. In the future, we will support the ability to update and "fit" new data into RACK.
- Several methods to verify the data in RACK
RACK represents instances of things that have happened, rather than things that might happen or the ways in which things happen in general. That's why activities or entities in RACK typically contain timestamps: they say when things happened or were created (or deleted), for example. When you create data to ingest into RACK, or when you query RACK data to construct an assurance case, remember that it's all about the past.
RACK is built on a data model with a core ontology. The data model includes a way to capture the software structure of a system. There is also a MODEL class that can be used on performer-specific ontology overlays.
The core RACK ontology is subject to change. We provide the following changelog to assist with forward compatibility.
Copyright (c) 2021-2024, General Electric Company, Galois, Inc.
All Rights Reserved
This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. FA8750-20-C-0203.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Defense Advanced Research Projects Agency (DARPA).
Distribution Statement "A" (Approved for Public Release, Distribution Unlimited)