Abstract
This paper reports on a project to exercise, evaluate and enhance a methodology for developing high assurance software for an embedded system controller. In this approach, researchers at the National Security Agency capture system requirements precisely and unambiguously through functional specifications in Z. Rockwell Collins then implements these requirements using an integrated, model-based software development approach. The development effort is supported by a tool chain that provides automated code generation and support for formal verification. The specific system is a prototype high speed encryption system, although the controller could be adapted for use in a variety of critical systems in which very high assurance of correctness, reliability, and security or safety properties is essential.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
AdaCore Inc, Tokeneer product description at AdaCore, http://www.adacore.com/home/products/sparkpro/tokeneer/
Barnes, J., Chapman, R., Johnson, R., Widmaier, J., Cooper, D., Everett, W.: Engineering the Tokeneer Enclave Protection Software. In: Proceedings of IEEE International Symposium on Secure Software Engineering (ISSSE) (2006)
Esterel Technologies, Inc., SCADE Suite product description, http://www.esterel-technologies.com/products/scade-suite
Greve, D., Richards, R., Wilding, M.: A Summary of Intrinsic Partitioning Verification. In: Proceedings of ACL 2004, Austin, TX (November 2004)
Hardin, D.: Invited Tutorial: Considerations in the Design and Verification of Microprocessors for Safety-Critical and Security-Critical Applications. In: Cimatti, A., Jones, R. (eds.) Proceedings of the Eighth International Conference on Formal Methods in Computer-Aided Design (FMCAD 2008), pp. 1–8 (November 2008)
McComb, T., Wildman, L.: Verifying Abstract Information Flow Properties in Fault Tolerant Security Devices. In: Liu, Z., He, J. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 621–638. Springer, Heidelberg (2006)
Prover Technologies, Inc. Prover SL/DE plug-in product description, http://www.prover.com/products/prover_plugin
Reactive Systems, Inc. Reactis product description, http://www.reactive-systems.com
Saaltink, M.: The Z/EVES System. In: Bowen, J.P., Hinchey, M.G., Till, D. (eds.) ZUM 1997. LNCS, vol. 1212, pp. 72–86. Springer, Heidelberg (1997)
Spivey, J.M.: The Z Notation: A Reference Manual, 2nd edn. International Series in Computer Science. Prentice Hall, Englewood Cliffs (1992)
The Mathworks, Inc., Simulink product description, http://www.mathworks.com/Simulink
Whalen, M., Cofer, D., Miller, S., Krogh, B.H., Storm, W.: Integration of formal analysis into a model-based software development process. In: Leue, S., Merino, P. (eds.) FMICS 2007. LNCS, vol. 4916, pp. 68–84. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hardin, D., Hiratzka, T.D., Johnson, D.R., Wagner, L., Whalen, M. (2009). Development of Security Software: A High Assurance Methodology. In: Breitman, K., Cavalcanti, A. (eds) Formal Methods and Software Engineering. ICFEM 2009. Lecture Notes in Computer Science, vol 5885. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10373-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-10373-5_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10372-8
Online ISBN: 978-3-642-10373-5
eBook Packages: Computer ScienceComputer Science (R0)