Transforming Software and System Development and Analysis

William B. Martin

Abstract

For years the National Information Assurance Research Laboratory has supported research in high confidence software and systems (HCSS) technologies with the goal of improving the assurance of security critical algorithms, protocols, software and hardware. The research has focused upon the development of foundational technology as well as techniques to apply that technology to specific problem areas. The approaches that have been pursued have included analytic techniques to help assess and improve the quality of existing code, specifications, etc., as well as design and development techniques to produce systems that are “correct by construction.” Over the years research projects in the HCSS program have provided for considerable advances within both analytic and developmental areas, yet substantial questions remain, such as:

• How can software and systems be made dependable and secure in a more cost-effective manner?
• How can one obtain assurance that dependability and security have been achieved?
• Given the issues inherent in the development and assessment of today’s systems, what hope do we have of building and assessing the systems of the future, systems that are likely to have billions of lines of code?

This address will put forward an evidence-based approach to assurance in the hopes of approaching these tough questions. In short, the approach will require better evidence, evidence allowing improvements in the assurance of dependability and security to be objectively assessed. As well, with this dependence on evidence, the construction and analysis of the same will need to be pursued.