600.436 High-Assurance Systems
Fall 01/Introduction
4
Path Chosen for this Course:
Compliance Validation
¨High assurance cannot be established only by unconstrained search for vulnerabilities
¨High assurance requires
–Security requirements that aren’t intrinsically vulnerable to threats in the intended environment
–Proof that implementation meets requirements
–Search for vulnerabilities introduced by the specific implementation of the requirements, constrained by the assumptions about the intended environment
–Minimal reliance on competence of specific evaluators