Development Environment for Secure Software,
Abstract
The role of the development environment has not hitherto received a great deal of attention within the security community: the US Trusted Computer System Evaluation Criteria DoD 1983 for example, clearly states the need for features within the development environment, but is not very specific about what they should be, apart from the requirement for generation and comparison tools. The controls exerted at the development state are very important for security: as far as the threat to the operational system is concerned it is arguable that the greatest vulnerability occurs while it is under development. If the software can be attacked at this stage, particularly if it can be attacked after the completion of the evaluator's work, the fact of evaluation counts for nothing. It is also the case that software may be attacked most easily at this stage: the development tools are available; the attacker, if he is a member of the development team, will have intimate knowledge of the software and he may not be required to have the clearances needed to access the operational system. One final motivation for reviewing the role of the development environment is the current interest in project support environments for Ada. This is now coming to fruition in the form of specifications for preferred forms of APSE, for example CAIS Dod 1986 and the similar European activity on a portable common tool interface, and it will be desirable to ensure that these accurately reflect the security requirements.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 1987
- Accession Number
- ADA191889
Entities
People
- C. T. Sennett
Organizations
- Royal Signals and Radar Establishment