High Assurance Computer Systems: A Research Agenda

As computers and their supporting communication networks have become increasingly enmeshed in our national technological fabric, we have become increasingly dependent on high assurance computer systems, i.e., computer systems for which compelling evidence is required that the system delivers its services in a manner that satis es certain critical properties. Obvious examples of high assurance systems include military systems (e.g., weapon systems, CI systems, etc), ight programs for both commercial and military aircraft, air tra c control systems, nancial and commerce systems, medical systems (including medical databases and medical equipment), etc. Less obvious examples are the various components of the information infrastructure that supports such systems and their communications (e.g., the NII). These systems are extremely complicated and the science and engineering principles that underlie them are yet to be completely worked out. Nevertheless, our national well-being depends upon these systems satisfying certain critical properties including: