Software Integrity

             
             
  Home About Gamma Tour our Web Site Events White Papers Services Visitors' Book How to contact us
        IMS Internal Control ISMS Smart Cards Common Criteria
                 

There is more to information security than just confidentiality.  Most people now accept that integrity and availability are just as important.  But there is more to integrity than just that information held in databases is correct.  For example, how do you know that your software not only does what it is supposed to do but also doesn't do what it is not supposed to do?

Your response - choose from any of the Gamma  Software Integrity Services

Gamma has always been an innovator in the development of better ways to prove software functionality, and the Gamma Software Integrity services offers a series of complementary modules to help your organisation produce better software, and  answer questions such as these.

  • System Commissioning:  We can help you devise techniques to confirm that your new software system actually meets your true business requirements.  Our methodology will also find typical software engineering errors that are not found by conventional testing, and may be combined with tests to examine the overall usability of the system and its performance when under stress.
  • Rigorous System Design:  We can help you to formulate a system design based on  mathematical principles concerning concurrency and pre/post conditions.    These “paper” designs can be animated using appropriate software to further test the quality of the design and subsequently these tests can be used to verify the correctness of the implementation.
The GlobalPlatform Card Security Requirements Specification is a publicly available example of our work
  • Formal Code Analysis:  There are a variety of formal code analysis techniques that we can use to assist you to verify the correctness of software and prove that it does not do what it is not supposed to do.   
In the case of an analysis for a bank, we constructed the analysis engine in such a way as to allow senior non-IT bankers to correctly interpret the results of the analysis directly from the analysis tool output.  On first inspection of the results they were able to identify a “Trojan Horse” and solve a programming error that had eluded the IT department for years.
  • Software design: We can assist you to develop innovative approaches to writing high assurance program code.  For example, why not use the desired code analysis results as the program specification, and use the analyser's directed-graph code transformations  in reverse to construct the program code?
In the case of some programming work for which system accreditation was conditional on program correctness, we started with a specification in the form of a case statement, showing what the program should do under all  circumstances.   This is the output format for a "semantic " code analyser. We then carried out, but in reverse order, the same transformations that the analyser performs to create the required UNIX code.  Naturally, when the code was analysed the analysis results exactly corresponded to the specification.  Our results were confirmed by an ITSEC evaluation facility in the UK.
  • Design and Code Reviews: We can assist you to establish the practice of code/design reviews and show you how they work by acting as moderator. 
Effective design/code reviews use the synergetic effect of team work to discover errors that individual members may never spot on their own.

Simply choose the elements that best suit your organisation's needs.  If you have a problem gaining assurance in software, and conventional approaches are either inappropriate or too expensive, we can help.   If you are not sure what you need, we will be happy to advise you.

Your next move

... simply contact David Brewer. Why not do it now!
             
             
             
 
Gamma is an ISO/IEC 27001:2005 and BS EN ISO 9001: 2000 registered company, certified for the provision of information security consultancy.  BSI certificate numbers IS 85916 and FS  30710.  Please send comments to webmaster@gammassl.co.uk or complete our Visitors'Book. Gamma Secure Systems, Diamond House, Frimley Road, Camberley, Surrey, GU15 2PS, UK Tel: +44 1276 702500 - Fax: +44 1276 692903Copyright © Gamma Secure Systems Limited 2006
 
 
Page last updated: 29 June, 2006