The Ada Resource Association
NSA Chooses Praxis for Secure Software
Praxis High Integrity Systems Produces Zero-defect
Security Software for National Security Agency
BATH, UK (June 13, 2006)—The ARA Member Praxis High Integrity Systems has announced that its recent security work has now been cleared for general publication by the National Security Agency.

The NSA commissioned Praxis to develop secure software for an experimental biometric access control system to meet or exceed Evaluation Assurance Level (EAL) 5 (out of 7) in the Common Criteria. The Common Criteria is an international security scheme aimed at providing confidence to users of security products. EALs 5-7 represent the highest levels of security assurance.

The NSA commissioned this work to evaluate, under controlled conditions, the suitability of Praxis's Correctness by Construction (CbyC) software development method for the development of high-security systems. Praxis and its clients have used CbyC for fifteen years to develop high-integrity software, and the NSA wanted to carry out its own evaluation.

The software developed by Praxis was tested independently of both Praxis and the NSA. During independent test and subsequent use, zero defects were reported. Development costs were lower than traditional methods per line of code.

Keith Williams, Praxis Managing Director, commented, “I'm delighted that we are now able to publish the results of this work, which provide further evidence for the cost-effectiveness of Praxis's software development method for high-security software.”

The work is reported in the paper “Engineering the Tokeneer Enclave Protection Software”, co-authored by Praxis and the NSA, and published in the Proceedings of the IEEE International Symposium on Secure Software Engineering, held in March 2006 in Arlington, Va. This paper is available from the publications section of the Praxis website.

# # #