BATH, UK (June 13, 2006)
—The ARA Member Praxis
High Integrity Systems
its recent security work has now been cleared for general publication by the
National Security Agency.
The NSA commissioned Praxis to develop secure software for an experimental biometric access control
system to meet or exceed Evaluation Assurance Level (EAL) 5 (out of 7) in the Common Criteria.
The Common Criteria is an international security scheme aimed at providing confidence to users
of security products. EALs 5-7 represent the highest levels of security assurance.
The NSA commissioned this work to evaluate, under controlled conditions, the suitability of Praxis's
Correctness by Construction (CbyC) software development method for the development of high-security
systems. Praxis and its clients have used CbyC for fifteen years to develop high-integrity software,
and the NSA wanted to carry out its own evaluation.
The software developed by Praxis was tested independently of both Praxis and the NSA. During independent
test and subsequent use, zero defects were reported. Development costs were lower than traditional
methods per line of code.
Keith Williams, Praxis Managing Director, commented, “I'm delighted that we are now able
to publish the results of this work, which provide further evidence for the cost-effectiveness
of Praxis's software development method for high-security software.”
The work is reported in the paper “Engineering the Tokeneer Enclave Protection Software”,
co-authored by Praxis and the NSA, and published in the Proceedings of the IEEE International Symposium
on Secure Software Engineering, held in March 2006 in Arlington, Va. This paper is available
from the publications section of
the Praxis website.
# # #