SRL Publications Projects Courses







600.436: High Assurance Systems

Jonathan S. Shapiro
David Chizmadia


This course focuses on the evaluation and construction of design, implementation, and evaluation of high assurance (i.e. certifiably secure) systems. It examines the history of high assurance standards and system building, the state of current standards, and the motivations behind them. It discusses the objectives of high-assurance software construction and the methods by which high-assurance is achieved, and tests these methods against an actual high-assurance software system. In the process, it challenges the assumptions that underly high assurance software processes, and investigates how these assumptions and methods may need to change in the face of open source and/or collaborative software development. Finally, it looks at research topics in high assurance systems.


Permission of the instructor is required.

While the course is not programming-oriented, it does require a certain degree of experience and maturity in reading and understanding the code of large software systems. Students should therefore have taken at least one of the following courses:

600.318/418 Operating Systems
600.321 Object-Oriented Systems
600.333/444 Computer Networks
600.446 Distributed Computing
600.467 Fault-Tolerant and Reliable Systems


Limited to approximately 20 students.

Fall 2001:

This year, the high-assurance system we will examine is the EROS system. The course will provide an introduction to the EROS system, a characterization of the security-critical components of EROS, and a discussion of the assurance process that has been used for EROS to date. We will critique both the EROS system and the EROS assurance process, with the goal of understanding how it should have been done better and where the deviations from standard processes may have yielded *higher* confidence in the resulting software.



Recommended (Strongly):


Syllabus for Fall 2001