Title :
Increasing assurance with literate programming techniques
Author :
Moore, Andrew P. ; Payne, Charles N., Jr.
Author_Institution :
Naval Res. Lab., Washington, DC, USA
Abstract :
The assurance argument that a trusted system satisfies its information security requirements mast be convincing, because the argument supports the accreditation decision to allow the computer to process classified information in an operational environment. Assurance is achieved through understanding, but some evidence that supports the assurance argument can be difficult to understand. The paper describes a novel application of a technique, called literate programming (D.E. Knuth, 1984), that significantly improves the readability of the assurance argument while maintaining its consistency with formal specifications that are input to specification and verification systems. We describe an application of this technique to a simple example and discuss the lessons learned from this effort
Keywords :
formal specification; safety-critical software; security of data; accreditation decision; assurance argument; classified information; formal specifications; information security requirements; literate programming; literate programming techniques; novel application; operational environment; readability; trusted system; verification systems; Accreditation; Application software; Computer security; Documentation; Formal specifications; Information security; Lakes; Production; Specification languages; System testing;
Conference_Titel :
Computer Assurance, 1996. COMPASS '96, Systems Integrity. Software Safety. Process Security. Proceedings of the Eleventh Annual Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
0-7803-3390-X
DOI :
10.1109/CMPASS.1996.507887
