next up previous
Next: Network-Operating System Interaction Up: DARPA/NSA/DISA Joint Technology Office: Previous: Security Policy

Assurance

The new paradigm in software engineering, creating independent components, leads to new challenges in assuring safety, security, timeliness, reliability, and other properties. It is necessary to extend the known methods of assuring these properties. The authors talk about the importance of assurance metrics as a standard for the degree to which a system can provide the desired properties. Although the so-called Orange Book defines several classes of requirements to ensure security, those requirements can not be a measure of the security of a resulting operating system. Additional metrics are needed, for example, for the development process or the use of the system. Different methods exist to assure the properties of a system. These methods include verification by formal reasoning of the program code. Similar techniques can be applied for the information flow in the system or to generate tests from formal specifications. A particular problem are covert channels. These channels normally use shared resources to transfer data in a way that was not intended by the designers. Therefore, these channels work outside any specification. Such a channel might be, for example, an artificial delay in a computation which is supposed to take a specific time under normal conditions. Finding and removing these channels is a big problem that still has to be addressed.
next up previous
Next: Network-Operating System Interaction Up: DARPA/NSA/DISA Joint Technology Office: Previous: Security Policy
Tim Wellhausen
2000-01-20