The Systems Assurance Group

1
The Systems Assurance Group
Dr Jaspal SagooSystems Assurance GroupQinetiQ
Trusted Information ManagementMalvern Technology
Centre
2
QinetiQ

• Defence Technology
• Security Dual Use
• US

3
QTIM
4
The Systems Assurance Group

• Dependability of systems
• Safety , Security, fault tolerance
• Provide assurance that systems are dependable
• Formal modelling and analysis
• CSP, Z , Model Checking, Theorem Proving,
  Refinement
• Assessment of systems
• Safety analysis techniques
• Type of Work
• Research
• Project Support
• Defence
• Commercial

5
Systems Assurance Group Structure
6
Development and application of software analysis
techniques

• Language development
• development of safe language subsets
• typically considers Ada and C
• new languages like C, Java, SOAR and JACK
• Assessment tools
• compliance analysis
• Malporte analysis

7
Software Analysis

• Compliance analysis
• shows correctness of code wrt specification
• translate informal spec into Z
• refinement argument supported by formal proof
  assisted by a theorem prover

8
Overview of the Control Laws in Z (ClawZ) Process
Simulink
Refinement Script Generator
Z Producer
Compliance Notation Tool
Supertac
ProofPower
9
Static code analysis

• Malporte (MALvern Predictor Of Run-Time Errors)
• statically checks for integrity properties such
  as
• Run-time errors
• Undefined behaviour
• Run-time exceptions
• Checks Ada, C, C code
• Checks for error such as
• Buffer over-runs
• Divide by zero
• Use of pointers and unions in C
• Integer and floating point over/under flow

10
Used on

• Numerours MoD projects such as Eurofighter
  Typhoon Nimrod
• Secure webserver application
• Trial carried out with an automotive supplier
• Security analysis of SendMail server

11
Safety Assurance

• Hazard identification and Safety case review
• Generation of HAZOPs, PHA
• Review of delivered safety evidence
• Safety case methods
• development and use of tools to manage the
  integration of evidence from diverse sources
• compilation of safety cases
• Modular safety cases
• Advice to policy bodies on standards for safety
  critical systems
• MoDs review of standards
• secretary of RTCA committee developing future
  Avionics standards
• reports to the European Commission on the
  requirements for future air traffic management
  (Ariba) and healthcare standards
• Advice to MoD projects on high integrity software

12
Security Assurance

• Security of Pervasive computing systems
• FORWARD project funded by DTI
• Authentication key management
• Securing blue tooth
• Interoperability of devices
• Quality of service
• Quantum Cryptography
• ESPIRIT Framework VI
• Development of techniques to produce security
  arguments
• Irish E-voting
• MAFTIA (Malicious Accidental Fault Tolerant
  Internet Applications)
• ESPIRIT Framework V
• Verifying security mechanisms/schemes

13
Development and application of system analysis
techniques

• Formal modelling and analysis of communicating
  systems
• verification of security and safety properties
• can be applied to legacy and COTS products
• Formal modelling and analysis techniques applied
  to digital hardware
• verification of critical ASIC design
• processor obsolescence issues
• ASIC audits
• Assessment of the impact of emerging technology
  on system safety
• the impact of neural networks and agent
  technology on system safety
• effect of move to IMA on certification
• Robust System Of Systems (RSOS)

14
Student recruitment

• Firm foundations in traditional areas
• Computer Science
• Formal techniques
• Software Engineering