A structure approach to code correspondence analysis

Abstract

Results from a code correspondence analysis task for the trusted computing base of an internet gateway system are reported. Analysis placement within the context of the overall assurance demonstration for the system is described, and the definition and employment of a method to increase the credibility of the code correspondence effort as compared with previous efforts are discussed. The method described is a refinement of the approach promulgated by a US Department of Defense standard. The integrated assurance demonstration approach is presented in a manner that is applicable to requirements that may be identified as critical, though not necessarily security related. The results obtained from applying specific techniques that make the integrated assurance demonstration real within a development project are summarized.<>