search menu icon-carat-right cmu-wordmark

Grace A. Lewis

Principal Researcher

Grace A. Lewis is the principal investigator for two research projects related to IoT Security:

High-Assurance Software-Defined IoT Security
is creating an IoT framework that operates, with high assurance, in a resilient and trustworthy manner even in the presence of a powerful and realistic attacker who can compromise IoT devices, control nodes, and other intermediaries. The software-defined IoT infrastructure is composed of (i) a high-assurance control node that monitors security-relevant events and alters the "security postures" of IoT devices to enforce specific policies; (ii) trusted data nodes that execute these security postures for each IoT device using "micro-middleboxes"; and (iii) firmware-hardened IoT device nodes, which can be untrusted (e.g., commodity), or trusted (e.g., custom-built by a trusted contractor) but have verifiably secure communication with the control node and data nodes.
Authentication and Authorization of IoT Devices in Tactical Environments
is evaluating, adapting, and implementing an IETF proposal for authentication and authorization in constrained environments (ACE) such that it is resilient to high-priority threats of tactical environments (e.g., node impersonation and capture) that are currently not addressed in ACE.

She also led the work in Tactical Computing and Communications (TCC) that developed tactical cloudlets. The tactical cloudlet software is available as KD-Cloudlet on GitHub.

Areas of expertise: edge computing, cloud computing, software architecture, service-oriented architecture, technology evaluation, IoT security

Professional Background

Grace Lewis is a Principal Researcher at the Software Engineering Institute at Carnegie Mellon University. Lewis has over 25 years of professional software development experience in industry and research environments. Her main areas of expertise and interest include edge computing, cloud computing, software architecture, service-oriented architecture, IoT security, and technology evaluation.

Before joining the SEI, Grace was Chief of Systems Development for Icesi University, where she served as project manager and technical lead for the university-wide administrative systems. Other work experience includes Design and Development Engineer for the Electronics Division of Carvajal S.A. where she developed software for communication between PCs and electronic devices and embedded software on devices microcontrollers.

At the SEI she has worked in the area of Commercial-of-the-Shelf (COTS) Based Systems, Legacy System Modernization, Systems of Systems Engineering, Service-Oriented Architecture (SOA), and Cloud Computing, where she has a vast number of publications. Her current areas of work are secure and efficient computing and communications in resource-constrained environments and IoT security.

Grace has teaching experience at the graduate and undergraduate level. She serves various roles in the Master of Software Engineering professional programs at Carnegie Mellon University.

Grace hold a BSc in Software Systems Engineering from Icesi University in Cali, Colombia; a Post-Graduate Specialization in Business Administration from Icesi University; a Master of Software Engineering from Carnegie Mellon University in Pittsburgh, PA USA; and a PhD in Computer Science from Vrije Universiteit Amsterdam, Netherlands.



Grace Alexandra Lewis. Software Architecture Strategies for Cyber-Foraging Systems. June 2016. ISBN: 978-94-6295-483-0

Selected External Publications

SEI Publications


Additional Publications by Grace A. Lewis


Tactical Technologies Group (TTG)

High-Assurance Software-Defined IoT Security

Authorization and Authentication of IoT Devices in Tactical Environments


  • PhD, Computer Science, Vrije Universiteit Amsterdam
  • MS, Software Engineering, Carnegie Mellon University
  • Post-Graduate Specialization, Business Administration, Icesi University
  • BS, Software Systems Engineering, Icesi University

Professional Memberships

  • IEEE Technical Council on Software Engineering, Executive Vice Chair
  • IEEE Technical Council on Software Engineering, Member-at-Large (2018 - 2020)
  • IEEE Computer Society Technical & Conference Activities Board (T&C) Executive Committee, Treasurer
  • IEEE - Senior Member
  • CMU MSE Executive Committee

Current Professional Activities

Conference Organization

Steering Committee Member
MobileSoft - IEEE/ACM International Conference on Mobile Software Engineering and Systems

Current Program Committees

31st Conference on Software Engineering Education and Training - Invited Track at HICSS-52 - January 8-11, 2019 - Maui, HI USA
ICSA 2019
IEEE International Conference on Software Architecture - March 25-29, 2019 - Hamburg, Germany
ICSE 2019 - Technical Track
41st ACM/IEEE International Conference on Software Engineering - Technical Track - May 25-31, 2019 - Montreal, QC Canada
ICSE 2019 - Doctoral Symposium
41st ACM/IEEE International Conference on Software Engineering - Doctoral Symposium - May 25-31, 2019 - Montreal, QC Canada
MobileSoft 2019
6th IEEE/ACM International Conference on Mobile Software Engineering and Systems - co-located with ICSE 2019 - May 25-26, 2019 - Montreal, QC Canada
ICT4S 2019
6th International Conference on ICT for Sustainability - June 10-16, 2019 - Lappeenranta, Finland