search menu icon-carat-right cmu-wordmark

Grace A. Lewis

Principal Researcher

Grace A. Lewis is the principal investigator for two research projects related to IoT Security:

High-Assurance Software-Defined IoT Security
is creating an IoT framework that operates, with high assurance, in a resilient and trustworthy manner even in the presence of a powerful and realistic attacker who can compromise IoT devices, control nodes, and other intermediaries. The software-defined IoT infrastructure is composed of (i) a high-assurance control node that monitors security-relevant events and alters the "security postures" of IoT devices to enforce specific policies; (ii) trusted data nodes that execute these security postures for each IoT device using "micro-middleboxes"; and (iii) firmware-hardened IoT device nodes, which can be untrusted (e.g., commodity), or trusted (e.g., custom-built by a trusted contractor) but have verifiably secure communication with the control node and data nodes.
Authentication and Authorization of IoT Devices in Tactical Environments
is evaluating, adapting, and implementing an IETF proposal for authentication and authorization in constrained environments (ACE) such that it is resilient to high-priority threats of tactical environments (e.g., node impersonation and capture) that are currently not addressed in ACE.

She also led the work in Tactical Computing and Communications (TCC) that developed tactical cloudlets. The tactical cloudlet software is available as KD-Cloudlet on GitHub.

Areas of expertise: edge computing, cloud computing, software architecture, service-oriented architecture, technology evaluation, IoT security

Professional Background

Grace Lewis is a Principal Researcher at the Software Engineering Institute at Carnegie Mellon University. Lewis has over 25 years of professional software development experience in industry and research environments. Her main areas of expertise and interest include edge computing, cloud computing, software architecture, service-oriented architecture, IoT security, and technology evaluation.

Before joining the SEI, Lewis was Chief of Systems Development for Icesi University, where she served as project manager and technical lead for the university-wide administrative systems. Other work experience includes Design and Development Engineer for the Electronics Division of Carvajal S.A. where she developed software for communication between PCs and electronic devices and embedded software on devices microcontrollers.

At the SEI she has worked in the area of Commercial-of-the-Shelf (COTS) Based Systems, Legacy System Modernization, Systems of Systems Engineering, and Service-Oriented Architecture (SOA), where she has a vast number of publications. Her current areas of work are secure and efficient computing and communications in resource-constrained environments and IoT security.

Lewis has teaching experience at the graduate and undergraduate level. She serves various roles in the Master of Software Engineering professional programs at Carnegie Mellon University.

Lewis hold a BSc in Software Systems Engineering from Icesi University in Cali, Colombia; a Post-Graduate Specialization in Business Administration from Icesi University; a Master of Software Engineering from Carnegie Mellon University in Pittsburgh, PA USA; and a PhD in Computer Science from Vrije Universiteit Amsterdam, Netherlands.



Grace Alexandra Lewis. Software Architecture Strategies for Cyber-Foraging Systems. June 2016. ISBN: 978-94-6295-483-0

Selected External Publications

SEI Publications


Additional Publications by Grace A. Lewis


Tactical Technologies Group (TTG)

High-Assurance Software-Defined IoT Security

Authorization and Authentication of IoT Devices in Tactical Environments


  • PhD, Computer Science, Vrije Universiteit Amsterdam
  • MS, Software Engineering, Carnegie Mellon University
  • Post-Graduate Specialization, Business Administration, Icesi University
  • BS, Software Systems Engineering, Icesi University

Professional Memberships

  • IEEE Technical Council on Software Engineering, Executive Vice Chair
  • IEEE Computer Society Technical & Conference Activities Board (T&C) Executive Committee, Treasurer
  • IEEE - Senior Member
  • CMU MSE Executive Committee

Current Professional Activities

Conference Organization

Early Career Researchers Forum Co-Chair
ICSA 2018 - IEEE International Conference on Software Architecture - April 30 - May 4, 2018 - Seattle, WA USA
Technical Program Co-Chair
MobileSoft 2018 - 5th IEEE/ACM International Conference on Mobile Software Engineering and Systems - co-located with the 40th International Conference on Software Engineering (ICSE 2018) - May 27-28, 2018 - Gothenburg, Sweden
Industrial Co-Chair
ECSA 2018 - 12th European Conference on Software Architecture - September 24-28, 2018 - Madrid, Spain

Current Program Committees

ICSA 2018
International Conference on Software Architecture - April 30 - May 4, 2018 - Seattle, WA USA
ICT4S 2018
5th International Conference on ICT for Sustainability - May 14-18, 2018 - Toronto, Canada
ICSE 2018
40th International Conference on Software Engineering - Software Engineering in Society (SEIS) Track - May 27 - June 3, 2018 - Gothenburg, Sweden
ICDCS 2018
38th IEEE International Conference on Distributed Computing Systems - Edge Computing Track - July 2-6, 2018 - Vienna, Austria
8th International Conference on Mobile Services, Resources, and Users - July 22-26, 2018 - Barcelona, Spain