Home > About Us > Markets > Security > More information

Register

Introduction

The current political and economic environment has dictated that security related issues are at the forefront of decision making for systems development managers in industries as varied as transportation, defense, financial, and energy. Software developed for these markets often requires systems to mitigate the risk of one component of the software affecting another. Often, these components operate at different security or trust levels, and the separation of these components must be assured. An architecture that assures these levels of separation is the Multiple Independent Levels of Security (MILS) architecture (Figure 1). MILS takes the software engineering best practice of componentization, originally intended to support software reuse, to an entirely new level.

Figure 1: MILS architecture diagram

What is Common Criteria?

Along with an architecture that supports separation, the LDRA tool suite provides processes that must be used in the development of these systems to ensure rigorous static and dynamic analysis and verification in support of IEC/ISO Common Criteria for Information Technology Security Evaluation. Using the Common Criteria certification process, systems can be evaluated to a certain assurance level based on specified security requirements and properties.

The Common Criteria standard provides detailed guidelines for the production of software to provide a level of assurance from the lowest levels of security (unclassified) to the highest (top secret). This includes the complete software lifecycle: planning, development and integral processes to ensure correctness, control and confidence in the software. The integral processes include requirements traceability, software design, coding, and software verification.

LDRA’s Software Development Process

As part of the software development process, the Common Criteria standard specifies that software must meet certain software development process requirements. These include adherence to a set of programming standards, software verification activities, and traceability from high- to low-level design requirements and then down to the resulting source code and object code, all of which are provided by the LDRA tool suite.

Using the latest source code analysis technology LDRA provides code analysis features to enable programming standards compliance and detailed source code documentation.

Structural Coverage Analysis

Through LDRA’s requirements traceability tool, TBreq we are able to provide evidence that security requirements are satisfied by a particular system. Documentation of the correlation between stated requirements and the operation of code running on the host or target system is provided. Structural coverage analysis is used to establish a correlation between the requirements that were tested and the code structures exercised by the test.

Structural coverage analysis involves the synthesis of requirements coverage (traceability) analysis and code coverage, or the actual quantification of this analysis at runtime measuring both source code and object-code execution. LDRA is able to provide an independent analysis of structural coverage from the high-level software requirements through the design (low level requirement) to the source code and into the object code.

Control Coupling

The LDRA tool suite can graphically indicate control coupling via the control flow graph, which visually represents the dependence of a given software component on the components that call it or are called from it. From the control flow graph, certain tools target specific instances of control coupling by selecting an individual software component (procedural node) and providing an option to navigate a graphical representation of both the immediate control coupling and the extended or hierarchical control coupling.

The LDRA tool suite maps back directly to the source code by drilling-down to the specific predicates within the source code which must be satisfied in order to affect the call. This can be achieved directly from a control flow graph containing source code annotations that allows efficient navigation between flow graph elements and the related source or object code segments. Analyzing control coupling with the LDRA tool suite allows developers and Q/A departments to concentrate only on the code that affects current verification efforts.

Data Coupling

In addition to control coupling, data coupling analysis is another important component which the LDRA tool suite can assist with certification of security-critical systems. The data coupling functionality is accessed via data flow graphs that correspond to the control flow graphs described in the previous section.

More specifically, the LDRA tool suite employs data object analysis that provides all instances of the data items accessed by a software component, including local variables declared within the scope of the component and global variables accessed by the component, but declared elsewhere.

In the dynamic domain LDRA’s dynamic data flow coverage facility provided by these analysis tools indicates which data components have been accessed at run time. In so doing, it uses the execution trace associated with a specific test data set and thereby provides the data coupling for that particular test case.

Requirements Coverage (Traceability)

The correctness of requirements-based development and verification process mandated by the Common Criteria standard is determined by requirements coverage or traceability. This analysis assures that software requirements are properly associated with the requisite test cases and can be traced from their highest level through the design to the final implementation and deployment of the software on the hardware target system (Figure 2).

The LDRA tool suite requirements coverage tool capabilities are integrated with code review, data and control coupling and code coverage capabilities. The integration of the LDRA tool suite offers the best possible support for Common Criteria certification.

Testing and Structural Code Coverage Measurement

The Common Criteria standard imposes strict structural coverage analysis objectives on the software. The LDRA tool suite is able to monitor code coverage to identify where possible errors may be present in the code that have not been executed by any of the test data. Through automatic source code instrumentation the LDRA tool suite report on the areas of code not executed at run time and therefore facilitates quick identification of missing or inadequate test data. When an error has been identified by the test data the LDRA tool suite shows exactly which code areas were executed through textual and graphical reports. These features save time in fixing the error and re-testing.

The LDRA tool suite provides the capabilities to measure coverage metrics. Furthermore testing strategies can be implemented and enhanced to meet the required degree of coverage appropriate to the security assurance level of the software. This greatly increases confidence in the tested code.

Summary

Organisations that target security-related development and certifications in the MILS and Common Criteria areas, software process and automated tools supporting that process, such as the LDRA tool suite are critical in providing the proper analysis and verification artifacts for certification authorities. The LDRA tool suites automation in the static analysis, dynamic analysis, test, and requirements traceability areas significantly reduces resource requirements and reduces cost and schedule risks when implementing software processes targeting security-related certifications (Figure 3).

Specific analyses in the areas of structural coverage, control coupling, data coupling, and requirements traceability provides the required information to generate the appropriate artifacts when engaging with certification organizations. Without leveraging the LDRA tool suite, security-related development and verification activities are a much more onerous proposition.

For more information

For more information concerning support for your security-critical software development process please complete the LDRA Information Request Form or email