Design and assurance strategy for the NRL pump

Author

Kang, Myong H. ; Moore, Andrew P. ; Moskowitz, Ira S.

Author_Institution

Center for High Assurance Comput. Syst., Naval Res. Lab., Washington, DC, USA

fYear

1997

Firstpage

64

Lastpage

71

Abstract

Developing a trustworthy system is difficult because the developer must construct a persuasive argument that the system conforms to its critical requirements. This assurance argument, as well as the software and hardware, must be evaluated by an independent certification team. We present the external requirements and logical design of a specific trusted device, the NRL Pump, and describe our plan, called the assurance strategy, to create the eventual assurance argument. Our assurance strategy exploits currently available graphical specification, simulation, formal proof, and testing coverage analysis tools. Portions of the design are represented by figures generated by the Statemate toolset, and we discuss how those tools, and covert channel analysis will be used to show that the logical design conforms to its external requirements. We conclude with some remarks on a possible physical architecture

Keywords

formal specification; program verification; safety-critical software; software fault tolerance; software quality; NRL pump; Statemate toolset; assurance argument; assurance strategy; covert channel analysis; critical requirements; external requirements; formal proof; graphical specification; independent certification team; logical design; physical architecture; testing coverage analysis tools; trusted device; trustworthy system; Certification; Computer architecture; Data security; Distributed computing; Hardware; Information security; Laboratories; Multilevel systems; Postal services; Timing;

fLanguage

English

Publisher

ieee

Conference_Titel

High-Assurance Systems Engineering Workshop, 1997., Proceedings

Conference_Location

Washington, DC

Print_ISBN

0-8186-7971-9

Type

conf

DOI

10.1109/HASE.1997.648040

Filename

648040