High Assurance System Engineering Techniques (HASET) Publications

There is also a master index of publications for our branch.

1995

McHugh, J., C.N. Payne and C. Martin ``Assurance Mappings, a chapter of the Handbook for the Computer Security Certification of Trusted Systems'', NRL Technical Memorandum 5540:081A, 24 January 1995, Naval Research Laboratory, Washington, DC. PostScript, PDF

Payne, C.N. ``Security Policy Model, a chapter of the Handbook for the Computer Security Certification of Trusted Systems'', NRL Technical Memorandum 5540:080A, 24 January 1995, Naval Research Laboratory, Washington, DC. PostScript, PDF

1994

Landwehr, C. E., "Hidden Safety Requirements in Large-scale Systems," in Proc. 13th World Computer Congress, IFIP Congress 94, Vol. 3, K. Duncan and K. Krueger, eds., Elsevier Science B.V. (North-Holland) pp.295-302. PostScript

To avoid hidden safety problems in future large scale systems, we must be able to identify the crucial assumptions underlying the development of their components and to enunciate straightforward rules for safe component interconnection.

1993

Landwehr, C.E., "How far can you trust a computer?" SAFECOMP'93, Proc. of the 12th International Conf. on Compute Safety, Reliability, and Security, Poznan-Kiekrz, Poland, Oct., 1993, Janusz Gorski, ed., ISBN 0-387-19838-5, Springer-Verlag, New York, 1993. PostScript

The history of attempts to secure computer systems against threats to confidentiality, integrity, and availability of data is breifly surveyed, and the danger of repeating a portion of that history is noted. Areas needing research attention are highlighted, and a new approach to developing certified systems is described.

Payne, C., J.N. Froscher, and C. E. Landwehr, "Toward a comprehensive INFOSEC certification methodology," Proc. Sixteenth National Computer Security Conference, Baltimore, MD, Sept., 1993. pp. 165-172. PostScript

Accreditors want to know what vulnerabilities will exist if they decide to turn on a system. TCSEC evaluations address products, not systems. Not only the hardware and software of a system are of concern; the accreditor needs to view the system components in relation to the environment in which they operate and in relation to the system's mission. This paper proposes an informal but comprehensive approach that can provide the accreditor with the necessary information. First, we discuss the identification of assumptions and assertions that reflect system INFOSEC requirements. Second, we propose the definition of an assurance strategy to integrate security engineering and system engineering. The assurance strategy initially documents the set of assumptions and assertions derived from the requirements It is elaborated and refined throughout the development, yielding the assurance argument, delivered with the system, which provides the primary technical basis for the certification decision. With the assurance strategy in place, certification of the trusted system can become an audit of the development process.

1992

Froscher, J.N., and Charles N. Payne, Jr., "The handbook for the computer security certification of trusted systems", in Proc. for MILCOM, San Diego, CA, October 1992. PostScript

The Navy has designated the Naval Research Laboratory (NRL) as its Center for Computer Security Research and Evaluation. NRL is actively developing a Navy capability to certify trusted systems. This paper describes the NRL effort to understand assurance, certification, and trusted system certification criteria through the production of the Handbook for the Computer Security Certification of Trusted Systems. Through this effort, NRL hopes to discover new and more efficient ways of satisfying the assurance requirement for a high assurance system.