CHAPTER 77

THE FUTURE OF INFORMATION ASSURANCE¹

Peter G. Neumann

77.1 INTRODUCTION

77.2 VIEW OF THE FUTURE

77.3 FOUNDATIONS OF ASSURANCE

77.3.1 Methodology

77.3.2 Guarantees

77.3.3 Pervasively Integrated Assurance

77.3.4 Analysis of Requirements

77.3.5 Analysis of Compositions

77.3.6 Analysis of Property Transformations

77.3.7 Analysis of Dependencies

77.3.8 Detecting and Eliminating Vulnerabilities

77.3.9 Software and Hardware Consistency Analysis

77.3.10 System-Oriented Analyses

77.3.11 Development Tools

77.3.12 Measures of Assurance

77.3.13 Risk Analysis and Risk Abatement

77.3.14 System Evaluation and Certification

77.4 BEST PRACTICES FOR INCREASING ASSURANCE

77.5 ASSURANCE-BASED RISK REDUCTION

77.5.1 Security

77.5.2 Human Safety

77.5.3 Reliability, Availability, and Survivability

77.5.4 Operational Assurances

77.5.5 Sound User Interfaces

77.6 ILLUSTRATIVE APPLICATION: COMPUTER-AIDED VOTING

77.6.1 Election Process

77.6.2 Voting-Related Requirements

77.7 CONCLUSIONS

77.8 FURTHER READING

77.9 NOTES

77.1 INTRODUCTION

Although this chapter is at the end of the Handbook, we are still only at the beginning of the quest for meaningfully trustworthy systems. We begin by asserting that there are no easy answers, although some potentially worthy approaches are outlined here. Nevertheless, the reader must bear in mind that the problems of obtaining trustworthy systems are inherently complex, and thus it is important to approach this complexity ...