Accession Number : ADA191889

Title :   Development Environment for Secure Software,

Corporate Author : ROYAL SIGNALS AND RADAR ESTABLISHMENT MALVERN (ENGLAND)

Personal Author(s) : Sennett, C T

PDF Url : ADA191889

Report Date : Nov 1987

Pagination or Media Count : 22

Abstract : The role of the development environment has not hitherto received a great deal of attention within the security community: the US Trusted Computer System Evaluation Criteria DoD 1983 for example, clearly states the need for features within the development environment, but is not very specific about what they should be, apart from the requirement for generation and comparison tools. The controls exerted at the development state are very important for security: as far as the threat to the operational system is concerned it is arguable that the greatest vulnerability occurs while it is under development. If the software can be attacked at this stage, particularly if it can be attacked after the completion of the evaluator's work, the fact of evaluation counts for nothing. It is also the case that software may be attacked most easily at this stage: the development tools are available; the attacker, if he is a member of the development team, will have intimate knowledge of the software and he may not be required to have the clearances needed to access the operational system. One final motivation for reviewing the role of the development environment is the current interest in project support environments for Ada. This is now coming to fruition in the form of specifications for preferred forms of APSE, for example CAIS Dod 1986 and the similar European activity on a portable common tool interface, and it will be desirable to ensure that these accurately reflect the security requirements.

Descriptors :   *DATA PROCESSING SECURITY, *COMPUTER PROGRAMMING, COMPARISON, COMPUTER PROGRAMS, COMPUTERS, ENVIRONMENTS, MOTIVATION, REQUIREMENTS, SECURITY, SYSTEMS ANALYSIS, TEAMS(PERSONNEL), VULNERABILITY, GREAT BRITAIN

Subject Categories : Computer Programming and Software

Distribution Statement : APPROVED FOR PUBLIC RELEASE