Praxis produce zero-defect security software for US National Security Agency

Recent security work carried out by Praxis has now been cleared for general publication by the US National Security Agency (NSA).

The NSA commissioned Praxis to develop secure software for an experimental biometric access control system to meet or exceed Evaluation Assurance Level (EAL) 5 (out of 7) in the Common Criteria. The Common Criteria is an international security scheme aimed at providing confidence to users of security products. EALs 5-7 represent the highest levels of security assurance.

The NSA commissioned this work to evaluate, under controlled conditions, the suitability of Praxis's Correctness by Construction (CbyC) software development method for the development of high-security systems. Praxis and its clients have used CbyC for fifteen years to develop high-integrity software, and the NSA wanted to carry out its own evaluation.

The software developed by Praxis was tested independently of both Praxis and the NSA. During independent test and subsequent use, zero defects were reported. Development costs were lower than traditional methods per line of code.

Keith Williams, Praxis Managing Director, commented “I'm delighted that we are now able to publish the results of this work, which provide further evidence for the cost-effectiveness of Praxis's software development method for high-security software”.

The work is reported in the paper “Engineering the Tokeneer Enclave Protection Software”, co-authored by Praxis and the NSA, and published in the Proceedings of the IEEE International Symposium on Secure Software Engineering, held in March 2006 in Arlington, Virginia, USA. This paper is available from the publications section of the Praxis website.