Transforming Software and System Development and Analysis
For years the National Information Assurance Research Laboratory has supported research in high confidence software and systems (HCSS) technologies with the goal of improving the assurance of security critical algorithms, protocols, software and hardware. The research has focused upon the development of foundational technology as well as techniques to apply that technology to specific problem areas. The approaches that have been pursued have included analytic techniques to help assess and improve the quality of existing code, specifications, etc., as well as design and development techniques to produce systems that are “correct by construction.” Over the years research projects in the HCSS program have provided for considerable advances within both analytic and developmental areas, yet substantial questions remain, such as:
This address will put forward an evidence-based approach to assurance in the hopes of approaching these tough questions. In short, the approach will require better evidence, evidence allowing improvements in the assurance of dependability and security to be objectively assessed. As well, with this dependence on evidence, the construction and analysis of the same will need to be pursued.