Contractual specification of reliable software

  • C. T. Sennett
Part of the Software Science and Engineering book series (SSEN)


Within the context of this chapter, high-integrity software will be taken as meaning software which must satisfy the integrity requirements of an external body: this could be an aviation authority for safety-critical software in an aircraft, security authorities for software protecting classified data, or the safety boards in the various industries where computers are used to control hazardous processes. Procedures in these various fields are far from being fixed, let alone standardized, but inevitably there are factors which are common to the production of approved software for no matter what application. In particular, the roles played by the interested parties will be similar. As we are concerned with the contractual situation, there will always be a procurer and an implementor for the software. For high-integrity software, there must always be an approver who is responsible for allowing the system to be used. In most situations, neither the procurer nor the approver will have enough detailed knowledge about a system to decide whether it is trustworthy or not. Consequently, from the contractual point of view, the problem is not so much a question of producing high-integrity software as of demonstrating its integrity to the approver. The system must not only be trustworthy, but must be seen to be trustworthy in the approver’s eyes. In cases where the public is at risk from the incorrect operation of software, accountability requires that approvers should be able to demonstrate their mechanisms of approval and the evidence on which a given approval was based.


Access Control Security Policy Security Level Security Model Formal Verification 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Bell/LaPadula 1976]
    Bell, D. E. and LaPadula, L. J., Secure Computer System: Unified Exposition and Multics Interpretation, Technical Report ESD-TR-75-306, Mitre Corporation, Bedford, Massachusetts, USA (March 1976).Google Scholar
  2. [Clark/Wilson 1987]
    Clark, D. D. and Wilson, D. R., “A comparison of commercial and military computer security policies”, Proc. 1987 IEEE Symposium on Security and Privacy, Oakland, California, USA.Google Scholar
  3. [Goguen/Meseguer 1982]
    Goguen, J. A. and Meseguer, J., “Security policies and security models”, Proc. 1982 Berkeley Conference on Computer Security, IEEE Computer Society Press (1982).Google Scholar
  4. [Goguen/Meseguer 1984]
    Goguen, J. A. and Meseguer, J., “Unwinding and inference control”, Proc. 1984 IEEE Symposium on Security and Privacy, Oakland, California, USA.Google Scholar
  5. [Hayes 1987]
    Hayes, I. Specification Case Studies, Prentice Hall (1987).Google Scholar
  6. [Karger/Herbert 1984]
    Karger, P. A. and Herbert, A. J., “An augmented capability architecture to support lattice security and traceability of access”, Proc. 1984 IEEE Symposium on Security and Privacy, Oakland, California, USA.Google Scholar
  7. [Landwehr 1981]
    Landwehr, C. E., “Formal models for computer security”, Computing Surveys, 13, 247 (1981).CrossRefGoogle Scholar
  8. [Morris/Thompson 1979]
    Morris, R. and Thompson, K., “Password security: a case history”, Comm. ACM, 22, 11, 594 (1979).CrossRefGoogle Scholar
  9. [Neely/Freeman 1985]
    Neely, R. B. and Freeman, J. W., “Structuring systems for formal verification”, Proc. 1985 IEEE Symposium on Security and Privacy, Oakland, California, USA.Google Scholar
  10. [Rushby/Randell 1983]
    Rushby, J. M. and Randell, B., “A distributed secure system”, IEEE Computer, 16, pp. 55–67 (1983).CrossRefGoogle Scholar
  11. [Sufrin 1983]
    Sufrin, B., “Formal system specification—notation and examples”, Tools and Notations for Program Construction” (Ed. Neel), Cambridge University Press (1983).Google Scholar
  12. [Wiseman 1986]
    Wiseman, S. R., “A secure capability computer system”, Proc. 1986 IEEE Symposium on Security and Privacy, Oakland, California, USA.Google Scholar
  13. [Wood 1977]
    Wood, H. M., “The use of passwords for controlling access to remote computer systems and services”, Proc. 1977 National Computer Conference, AFIPS Press (June 1977).Google Scholar
  14. [Wood 1986]
    Wood, J., “A practical distributed secure system”, Proc. 2nd International Conference on Secure Communications Systems, IEE, London (October 1986).Google Scholar

Copyright information

© Crown Copyright 1989

Authors and Affiliations

  • C. T. Sennett
    • 1
  1. 1.Royal Signals and Radar EstablishmentUK

Personalised recommendations