Trust Relationship Modeling for Software Assurance

Software assurance, as practiced through the Common Criteria, is a mixture of processes, heuristics, and lessons learned from earlier failures. At the other end of the spectrum, formal methods establish rigorous mathematical properties of portions of code. By themselves, neither of these practices are scalable to software systems with millions or billions of lines of code. We propose a framework that enables the collection and analysis of many disparate types of information to be applied to the issue of software assurance. Trust relationship modeling enables stakeholders to decompose the overall security policies into security obligations throughout a system, and then to reason about the consequences.