The technology for building dependable computing systems has advanced dramatically. Nevertheless, there is still no complete solution to building software for critical systems in which every aspect of software dependability can be demonstrated with high confidence. In this paper, we present the results of a case study exploration of the practical limitations on software dependability. We analyz...

Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including s...

................................................................................................................................................... II DECLARATION ...........................................................................................................................................III ACKNOWLEDGEMENT ..............................................................................

Internet and World Wide Web appearance in people ́s life has lead to a significant change in their habits, leading to a new situation that must be faced up by the software community. Now, previous acting forms in software assurance are not yet viable leading to a development of applications that has not been accompanied by the needed mechanism to guarantee the systems quality. This lack of guara...

The overall safety integrity of a safety critical system, comprising both software and hardware, is typically specified quantitatively, e.g., in terms of failure rates. However, for software, it is widely accepted that there is a limit on what can be quantitatively demonstrated, e.g., by means of statistical testing and operational experience. To address this limitation, many software standards...

Measuring information security has traditionally been daunting task due to the lack of proper tools. Even more, organizations are concerned about suffering security breaches but, most of the time, justifying security investment is a tough task in the absence of a tangible measurement. In this paper, we propose an approach to quantitatively measure different aspects of information security. The ...

We demonstrate, by a number of examples, that informationflow security properties can be proved at a level of abstraction that describes only the causal structure of a system and local properties of trusted components. We specify these architectural descriptions of systems using a generalization of intransitive noninterference policies that admit the ability to filter information passed between...

This paper discusses the complementary role of software assurance arguments and formal mathematical arguments in justifying the achievement of safety and reliability properties within critical applications. This paper reviews the theoretical foundation of this area and proposes a way forward for combining the use of these two forms of arguments in systems and software engineering.

There are a number of similarities between our work at the Software Assurance Forum for Excellence in Code (SAFECode) and the BSIMM effort. Both SAFECode and the BSIMM are focused on improving software security. Both have published documents1 about software security practices that offer approaches to advancing secure software development. And both the SAFECode and BSIMM papers can be used as pa...