MF1

Abstract

Practising software engineers, programme managers, and those involved with procurement of high-integrity software systems might attend this tutorial. Some background in the development of safety- or security-critical software might be useful, but not essential. This tutorial will cover the use of "Correctness by Construction" (CbyC) techniques in the development of highly secure software systems. While the use of CbyC is well-known in the development of safety-related systems, it has also been deployed in the domain of highly secure systems. The software world seems plagued by security problems caused by basic mistakes in software design and construction, but this tutorial will show how practices from the safety-critical domain can be used to tackle these problems. In particular, the role of formal methods, programming language design, and strong static verification will be covered. The tutorial will be illustrated with reference to CbyC security projects such as the MULTOS CA and the NSA Tokeneer system. Software security is one of the highest-profile and most important topics facing researchers today. The plague of "buffer overflow" and similar attacks that we read about every day seem almost endemic, yet these are problems that have been faced (and solved) by the safety-critical community for many years. This tutorial will recount our experience in building high-grade secure systems using the CbyC approach developed by Praxis over the last 15 years.