![Page 1: Towards Higher Assurance Software Construction via Aspects Thomas Llansó, Inventor](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813f86550346895daa7418/html5/thumbnails/1.jpg)
Towards Higher Assurance Software Construction via Aspects
Thomas Llansó, Inventor
![Page 2: Towards Higher Assurance Software Construction via Aspects Thomas Llansó, Inventor](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813f86550346895daa7418/html5/thumbnails/2.jpg)
Background
• Software is ever more complex– Determining correctness very challenging
• What about software security functions?– Are they correct and properly integrated?
– Often we hire independent labs to find out• Employ an evaluation process (e.g., “Common Criteria”)
• Can be slow and costly (>6 months, >$100k)
![Page 3: Towards Higher Assurance Software Construction via Aspects Thomas Llansó, Inventor](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813f86550346895daa7418/html5/thumbnails/3.jpg)
Roots of the Problem
• Painful Integration–Security code…
• cuts across systems• mixed in with application code• hard to evolve over time
–Integration via non-specialists
• Painful Evaluation–Manual, slow tracing–Extra scrutiny due to pedigree–Repeat as system evolves
![Page 4: Towards Higher Assurance Software Construction via Aspects Thomas Llansó, Inventor](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813f86550346895daa7418/html5/thumbnails/4.jpg)
• What we want1. improved security2. easier integration
• What if we had a tool that could...– Automatically integrate security code– Enforce separation of duties– Allow automated tracing
3. faster evaluations4. lower costs
…even as software changes over time?
requirements ↔ security code ↔ application code
![Page 5: Towards Higher Assurance Software Construction via Aspects Thomas Llansó, Inventor](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813f86550346895daa7418/html5/thumbnails/5.jpg)
Underlying TechnologyKey technologies/techniques in tool
– Requirements Taxonomy
– Aspects (from Aspect-Oriented programming)
– Marker Annotations
– XML for mappings / representation
![Page 6: Towards Higher Assurance Software Construction via Aspects Thomas Llansó, Inventor](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813f86550346895daa7418/html5/thumbnails/6.jpg)
Tool (“SRTD”)
![Page 7: Towards Higher Assurance Software Construction via Aspects Thomas Llansó, Inventor](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813f86550346895daa7418/html5/thumbnails/7.jpg)
Technology Applications• Many stakeholders may find use for the tool
Stakeholder ApplicationSecurity Developers Build and map security code
Application Developers Verify mapping correctness
Test Personnel Verify code meets requirements
System Evaluators Requirements ↔ Code tracing
![Page 8: Towards Higher Assurance Software Construction via Aspects Thomas Llansó, Inventor](https://reader036.vdocuments.us/reader036/viewer/2022062723/56813f86550346895daa7418/html5/thumbnails/8.jpg)
Commercial Opportunities• For technical information contact:
Thomas Llanso, [email protected]
• For licensing information contact:
Norma Lee Todd, Technology ManagerOffice of Technology TransferThe Johns Hopkins UniversityApplied Physics Laboratory11100 Johns Hopkins RoadLaurel, MD [email protected]/ott