1 / 12

Bundesamt für Sicherheit in der Informationstechnik (BSI)

Bundesamt für Sicherheit in der Informationstechnik (BSI). Bundesamt für Sicherheit in der Informationstechnik. BSI. Motivation und Zielsetzung des VSE-Projektes Markus Ullmann Bundesamt für Sicherheit in der Informationstechnik Postfach 200363 53133 Bonn ullmann/vse@bsi.de.

phuoc
Télécharger la présentation

Bundesamt für Sicherheit in der Informationstechnik (BSI)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bundesamt für Sicherheitin der Informationstechnik (BSI) Bundesamt für Sicherheitin der Informationstechnik BSI Motivation und Zielsetzung des VSE-Projektes Markus Ullmann Bundesamt für Sicherheit in der Informationstechnik Postfach 200363 53133 Bonn ullmann/vse@bsi.de

  2. Policy of the BSI IT-Sicherheit im Sinne des BSIG • Promotion of IT-security • Tasks • evaluation and certification of it-systems • fundamentals (evaluation-criteria, development- and evaluation methods, etc.) • design of cryptograhic devices for national use • advisory services in all security-areas

  3. Dependability of Systems • Problems • reliable, available, safe and secure systems • Areas with high dependability demands and system approval • security • safety (avionics, nuclear powerplants, control systems, railway systems,etc.)

  4. Security Criteria (and Safety-Standards) for Systems • IT-security (history) • USA 1980: Trusted Computer System Evaluation Criteria ("Orange Book") • BRD 1989: IT-Security-Criteria ("Green Book") • EC/BRD 1991: Information Technology Security Evaluation Criteria (ITSEC) • EC/USA/CAN 1997: Common Criteria (CC) • IT-safety • MSR: Functional Safety: safety related systems (IEC 1508) • Railway systems: Railway applications software for railway control and protection systems (prEN 50128) • ...

  5. Demands of the Security Criteria in the highest Assurance Level

  6. Verification Support Environment (VSE) • VSE-method and tool development, casestudies, pilot projects • Project duration: 1991-1995 VSE 1.0 • Consortium • DASA • Deutsches Forschungszentrum für Künstliche Intelligenz • innovative software technologie • Universität Ulm

  7. Demands for VSE (1) • Development process • uniform development method (top down development structured specification with stepwise implementation based on preliminary specification) [specification language VSE-SL] • generation of proof obligations • deduction support (heuristics) • code generation • reusability of specifications

  8. VSE Development Method

  9. Demands for VSE (2) • Industrial requirements • uniform graphical user interface • documentation (development and verification) • management of the verification process -------------------------------------------------------------- • commercial availiability • technical support (evaluation license, guarantee, debugging), training etc.

  10. Demands for VSE (3) • Security evaluation requirements • formalisation and proof of security properties • support of refinement steps • replay of proofs

  11. VSE- Perspective (1) • Industry takes formal methods more serious -> real industrial projects (security/safety) • Specification and verification technology • project "VSE-II" (reactive and concurrent systems, reuse of proof) • Integration • project "Quest": combination of the VSE verification technology (theorem proving) with model checking and validation technologies

  12. VSE- Perspective (2) • VSE-research license • VSE-support • Deutsches Forschungszentrum für Künstliche Intelligenz (Dr. Stephan) • innovative software technologie (Dr. Baur) • Universität Ulm (Prof. Reif)

More Related