15th Annual Computer Security Applications Conference
December 6-10, 1999
Phoenix, Arizona

SCR: A Practical Approach to Building a High Assurance COMSEC System

James Kirby, Jr., kirby@itd.nrl.navy.mil
Myla Archer, archer@itd.nrl.navy.mil
Constance Heitmeyer, heitmeyer@itd.nrl.navy.mil

Code 5546
Naval Research Laboratory
Washington, DC 20375

To date, the tabular-based SCR (Software Cost Reduction) method has been applied to the development of embedded control systems. This paper describes the successful application of the SCR method, including the SCR* toolset, to a different class of system, a COMSEC (Communications Security) device called CD that must correctly manage encrypted communications. The paper summarizes how the tools in SCR* were used to validate and to debug the SCR specification and to demonstrate that the specification satisfies a set of critical security properties. The development of the CD specification involved many tools in SCR*: a specification editor, a consistency checker, a simulator, the TAME interface to the theorem prover PVS, and various other analysis tools. Our experience provides evidence that use of the SCR* toolset to develop high-quality requirements specifications of moderately complex COMSEC systems is both practical and low-cost.