59-555 Security Assurance Principles

Security enforcement rests upon three principles: policy, mechanism, and assurance. Policy specifies the permitted use of an information system. The security policy defines the rules by which the trusted system governs access to its resources, and thus all information and services controlled by the trusted system. Mechanisms within the information system enforce the policy. Cryptographic protocols, audit logs, and access controls are examples of security mechanisms. Assurance is the basis for believing that the implementation of an information system enforces the policy as completely as necessary. This course investigates fundamental assurance technologies that can be applied to interface specifications, architectures, and implementations of information security mechanisms. Formal security models are discussed and applied. Formal and semiformal specification techniques are investigated and applied. Principles of testing are discussed and applied to demonstrative and vulnerability testing.