Abstract
Within the context of this chapter, high-integrity software will be taken as meaning software which must satisfy the integrity requirements of an external body: this could be an aviation authority for safety-critical software in an aircraft, security authorities for software protecting classified data, or the safety boards in the various industries where computers are used to control hazardous processes. Procedures in these various fields are far from being fixed, let alone standardized, but inevitably there are factors which are common to the production of approved software for no matter what application. In particular, the roles played by the interested parties will be similar. As we are concerned with the contractual situation, there will always be a procurer and an implementor for the software. For high-integrity software, there must always be an approver who is responsible for allowing the system to be used. In most situations, neither the procurer nor the approver will have enough detailed knowledge about a system to decide whether it is trustworthy or not. Consequently, from the contractual point of view, the problem is not so much a question of producing high-integrity software as of demonstrating its integrity to the approver. The system must not only be trustworthy, but must be seen to be trustworthy in the approver’s eyes. In cases where the public is at risk from the incorrect operation of software, accountability requires that approvers should be able to demonstrate their mechanisms of approval and the evidence on which a given approval was based.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bell, D. E. and LaPadula, L. J., Secure Computer System: Unified Exposition and Multics Interpretation, Technical Report ESD-TR-75-306, Mitre Corporation, Bedford, Massachusetts, USA (March 1976).
Clark, D. D. and Wilson, D. R., “A comparison of commercial and military computer security policies”, Proc. 1987 IEEE Symposium on Security and Privacy, Oakland, California, USA.
Goguen, J. A. and Meseguer, J., “Security policies and security models”, Proc. 1982 Berkeley Conference on Computer Security, IEEE Computer Society Press (1982).
Goguen, J. A. and Meseguer, J., “Unwinding and inference control”, Proc. 1984 IEEE Symposium on Security and Privacy, Oakland, California, USA.
Hayes, I. Specification Case Studies, Prentice Hall (1987).
Karger, P. A. and Herbert, A. J., “An augmented capability architecture to support lattice security and traceability of access”, Proc. 1984 IEEE Symposium on Security and Privacy, Oakland, California, USA.
Landwehr, C. E., “Formal models for computer security”, Computing Surveys, 13, 247 (1981).
Morris, R. and Thompson, K., “Password security: a case history”, Comm. ACM, 22, 11, 594 (1979).
Neely, R. B. and Freeman, J. W., “Structuring systems for formal verification”, Proc. 1985 IEEE Symposium on Security and Privacy, Oakland, California, USA.
Rushby, J. M. and Randell, B., “A distributed secure system”, IEEE Computer, 16, pp. 55–67 (1983).
Sufrin, B., “Formal system specification—notation and examples”, Tools and Notations for Program Construction” (Ed. Neel), Cambridge University Press (1983).
Wiseman, S. R., “A secure capability computer system”, Proc. 1986 IEEE Symposium on Security and Privacy, Oakland, California, USA.
Wood, H. M., “The use of passwords for controlling access to remote computer systems and services”, Proc. 1977 National Computer Conference, AFIPS Press (June 1977).
Wood, J., “A practical distributed secure system”, Proc. 2nd International Conference on Secure Communications Systems, IEE, London (October 1986).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1989 Crown Copyright
About this chapter
Cite this chapter
Sennett, C.T. (1989). Contractual specification of reliable software. In: Sennett, C.T. (eds) High-Integrity Software. Software Science and Engineering. Springer, Boston, MA. https://doi.org/10.1007/978-1-4684-5775-9_12
Download citation
DOI: https://doi.org/10.1007/978-1-4684-5775-9_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4684-5777-3
Online ISBN: 978-1-4684-5775-9
eBook Packages: Springer Book Archive