Sectors : Security
Pedigree
Throughout its history, Altran Praxis has been involved in the development of systems where security has been the key requirement.
The Praxis approach of Correctness by Construction is fundamental to both software correctness and security. This advanced software engineering capability has evolved from early pioneering work in information security, coupled with many years of practical experience on both software and systems engineering.
Our ability to deliver highly classified systems is now recognised globally. We continue to participate in industry bodies and enjoy established links with government agencies and regulators.
Focus
The Praxis focus in security is to:
- Support government agencies and their prime contractors to ensure the security of software and systems, particularly large, complex or innovative engineering projects.
- Support the Biometrics and Information Assurance sectors with our expertise in ultra-low defect software development.
- Deliver secure, right first time solutions, project after project, bringing time and cost savings for our customers.
- Manage security risks with consideration to other regulatory frameworks (such as safety or reliability) to enable customers to reduce overall costs without compromising compliance.
Example Security projects
- System development of the Multos Global Key Centre (MGKC), a highly secure digital certificate key management system for the financial sector, meeting ITSEC E6 requirements.
- Common security and safety assurance guidance (SafSec) for UK MoD.
- Review of Common Criteria-compliant development techniques for a government agency.
- Advice on security issues relating to process plant for a regulatory body.
- Support for the development of a high-integrity, high-grade cryptographic engine achieving NSA type 1 certification.
- Security risk assessment for a government agency.
Why Altran Praxis for Security?
The security sector encompasses a large range of disciplines and organisations, all requiring some form of security assurance. Failure of systems can endanger life, information, identity, economics or property.
Praxis has a global reputation for its transparent, repeatable, and auditable software development. We were recognised by the US White House National Strategy, Secure Cyberspace Report as possessing one of the top three global best practice software development processes.
You can rely on Praxis to deliver secure systems.
Case reference
Tokeneer
Challenge
Tokeneer is a protected enclave system for use within classified buildings. Enclave protection is provided by a multi-modal biometric access control system. The US National Security Agency (NSA) wanted to determine how to build systems that are cost-effective, ultra-secure and certifiable to EAL5. Praxis worked alongside SPRE Inc. to build a Tokeener ID System to meet these requirements.
The Praxis'
Correctness By Construction approach was applied. Praxis’
REVEAL method was used to capture the requirement, and the system was specified in the Z
formal computing notation. The implementation was in Ada, and the
SPARK static analysis tools were used. As the project was security-critical, a Security Target and Security Policy model was derived from the Tokeneer Protection Profile, in line with the Common Criteria. Proofs of security policy were carried out for the Z and the annotated SPARK code.
Outcome
Around 10,000 lines of Ada were produced, at an average rate of 38 lines of code per day, across the full development lifecycle. SPRE Inc. conducted an independent assessment and found zero defects post-delivery. A 90 per cent confidence level was agreed against a reliability of 0.999. Whilst overall EAL5 was set as the target, the specification design and coding exceeded this level.
A full tutorial and access to the Tokeneer source code can be downloaded.