1,299 research outputs found

    Climbing the Software Assurance Ladder - Practical Formal Verification for Reliable Software

    Get PDF
    There is a strong link between software quality and software reliability. By decreasing the probability of imperfection in the software, we can augment its reliability guarantees. At one extreme, software with one unknown bug is not reliable. At the other extreme, perfect software is fully reliable. Formal verification with SPARK has been used for years to get as close as possible to zero-defect software. We present the well-established processes surrounding the use of SPARK at Altran UK, as well as the deployment experiments performed at Thales to finetune the gradual insertion of formal verification techniques in existing processes. Experience of both long-term and new users helped us define adoption and usage guidelines for SPARK based on five levels of increasing assurance that map well with industrial needs in practice

    Evaluating the stability requirements for mounting and dismounting from the top of leaning ladders

    Get PDF
    This report details the methodology and findings of an investigation into the suitability of leaning ladders as a means to access high surfaces. This work has been funded by the Health and Safety Executive to provide a factual basis on which to make recommendations regarding safe practice. In particular it addresses a gap in the knowledge generated in previous studies into safe ladder use. This gap is generated by those individuals for whom the pressures of work make use of a ladder necessary but for whom safe practice is compromised. In particular, environmental demands, multiple unpredictable locations and challenging tasks combine to make a ladder an obvious, yet arguably unsafe, choice of equipment

    Evaluating the performance and effectiveness of ladder stability devices

    Get PDF
    Evaluating the performance and effectiveness of ladder stability device

    Formally designing and implementing cyber security mechanisms in industrial control networks.

    Get PDF
    This dissertation describes progress in the state-of-the-art for developing and deploying formally verified cyber security devices in industrial control networks. It begins by detailing the unique struggles that are faced in industrial control networks and why concepts and technologies developed for securing traditional networks might not be appropriate. It uses these unique struggles and examples of contemporary cyber-attacks targeting control systems to argue that progress in securing control systems is best met with formal verification of systems, their specifications, and their security properties. This dissertation then presents a development process and identifies two technologies, TLA+ and seL4, that can be leveraged to produce a high-assurance embedded security device. The method presented in this dissertation takes an informal design of an embedded device that might be found in a control system and 1) formalizes the design within TLA+, 2) creates and mechanically checks a model built from the formal design, and 3) translates the TLA+ design into a component-based architecture of a native seL4 application. The later chapters of this dissertation describe an application of the process to a security preprocessor embedded device that was designed to add security mechanisms to the network communication of an existing control system. The device and its security properties are formally specified in TLA+ in chapter 4, mechanically checked in chapter 5, and finally its native seL4 architecture is implemented in chapter 6. Finally, the conclusions derived from the research are laid out, as well as some possibilities for expanding the presented method in the future

    Towards privacy-aware identity management

    Get PDF
    The overall goal of the PRIME project (Privacy and Identity Management for Europe) is the development of a privacy-enhanced identity management system that allows users to control the release of their personal information. The PRIME architecture includes an Access Control component allowing the enforcement of protection requirements on personal identifiable information (PII). The overall goal of the PRIME project (Privacy and Identity Management for Europe) is the development of a privacy-enhanced identity management system that allows users to control the release of their personal information. The PRIME architecture includes an Access Control component allowing the enforcement of protection requirements on personal identifiable information (PII)

    Application of goal-based standards philosophy in maintenance management of bulk carrier hull structure

    Get PDF

    Wind resource assessment handbook: Fundamentals for conducting a successful monitoring program

    Full text link
    • …
    corecore