Trustworthy Software Initiative T S I Consensus Approach

  • Slides: 20
Download presentation
Trustworthy Software Initiative (T S I) Consensus Approach to Software Trustworthiness Panel: Growing the

Trustworthy Software Initiative (T S I) Consensus Approach to Software Trustworthiness Panel: Growing the Skills Required for Trustworthy Software 5 December 2012, Orlando FL US Ian Bryant TSI Technical Director © Copyright 2003 -2012 DMU/CSC/TS/2012/290 -B v 1. 0 2012 -12 -05 1

Or … a British View on TEA Training Education Awareness T S I :

Or … a British View on TEA Training Education Awareness T S I : UK’s public-private partnership for Making Software Better 2 [TSI/2012/183] © Copyright 2003 -2012

UK Trustworthy Software Initiative (TSI) • UK initiative to coalesce previous ad hoc activities:

UK Trustworthy Software Initiative (TSI) • UK initiative to coalesce previous ad hoc activities: “A public-private partnership for enhancing the overall software and systems culture, with the objective that software should become designed, implemented and maintained in a trustworthy manner” • Renamed from SSDRI in September 2012, with planned Outcomes: – Availability of versions of the Body Of Knowledge (BOK) in a means appropriate to varying audiences – Availability of a Training, Education and Awareness (TEA) options to help improve the skills base – Availability of independent Verification options to allow the supply-side to demonstrate capability and the demand-side to discriminate during acquisition – Availability of options to facilitate international collaboration and standardisation T S I : UK’s public-private partnership for Making Software Better 3 [TSI/2012/275] © Copyright 2003 -2012

Software and ICT Context T S I : UK’s public-private partnership for Making Software

Software and ICT Context T S I : UK’s public-private partnership for Making Software Better 4 [TSI/2012/183] © Copyright 2003 -2012

Facets of Trustworthiness • Explicit (Functional) Requirements for Trustworthiness • Implicit (Non Functional) Requirements

Facets of Trustworthiness • Explicit (Functional) Requirements for Trustworthiness • Implicit (Non Functional) Requirements (NFR) for Trustworthiness • Direct NFR for software under consideration • As Collateral NFR from other software in environment T S I : UK’s public-private partnership for Making Software Better 5 [TSI/2012/275] © Copyright 2003 -2012

Appropriate Conduct ? • Babylonian Code of Hammurabi (~1780 BCE) is earliest known example

Appropriate Conduct ? • Babylonian Code of Hammurabi (~1780 BCE) is earliest known example of code of conduct for craftsmen, engineers and builders • Hippocrates - ancient Greek philosopher and “father of medicine” lays out the Oath - a moral framework for the conduct of doctors and other healthcare professionals in late 5 th Century BCE • 1907 collapse of 1 st Quebec Railway Bridge was traced to lack of due diligence in design, implementation and compliance § Emergence of Codes of Ethics in Professional Engineering bodies, which typically includes Risk and Trustworthiness § UK’s Royal Academy of Engineering and Engineering Council now maintain core Statement of Ethical Principles T S I : UK’s public-private partnership for Making Software Better 6 [TSI/2012/253] © Copyright 2003 -2012

Engineering Principles • UK’s Royal Academy of Engineering and Engineering Council publish consolidated Statement

Engineering Principles • UK’s Royal Academy of Engineering and Engineering Council publish consolidated Statement of Ethical Principles • This includes: – Acting in a reliable and trustworthy manner – Giving due weight to all relevant facts and published guidance, and the wider public interest – Identifying, evaluating, and quantifying risks – Being alert to ways in which work might affect others, holding health and safety paramount T S I : UK’s public-private partnership for Making Software Better 7 [TSI/2012/183] © Copyright 2003 -2012

TSI Audiences Where Supply-side: – Mainstream = “The Industry” (e. g. Microsoft, Oracle, .

TSI Audiences Where Supply-side: – Mainstream = “The Industry” (e. g. Microsoft, Oracle, . . . ) – Niche = Specialist Industries (e. g. Aviation, “Security”) – Disbursed = Small scale developers (e. g. Smart. Phone Apps) – Collateral = Developers don’t consider themselves as such (e. g. Embedded components, website CMS users, spreadsheets, …) T S I : UK’s public-private partnership for Making Software Better 8 [TSI/2012/253] © Copyright 2003 -2012

Trustworthy Software Levels (TSL) • Risk-based approach to select appropriate effort in making software

Trustworthy Software Levels (TSL) • Risk-based approach to select appropriate effort in making software trustworthy • Effort defined in 5 Trustworthy Software Levels (TSL): – (TSL 0 = No Requirement) – TSL 1 = Due Diligence – TSL 2 = Baseline Trustworthy Practices – TSL 3 = Enhanced Trustworthy Practices – TSL 4 = Specialist Trustworthy Practices T S I : UK’s public-private partnership for Making Software Better 9 [TSI/2012/275] © Copyright 2003 -2012

TSL Technology Profiles DRAFT TSL Software Packages per Device Market Size Examples 0 No

TSL Technology Profiles DRAFT TSL Software Packages per Device Market Size Examples 0 No Requirement Very Large Most Smart. Phone Apps 1 Due Diligence Large Mainstream COTS 2 Baseline Trustworthy Varies Practices Varies Cloud Services 3 Enhanced Varies Trustworthy Practices Varies m. Finance Apps 4 Specialist Very Small Safety or Security Trustworthy Practices Critical T S I : UK’s public-private partnership for Making Software Better 10 [TSI/2012/275] © Copyright 2003 -2012

TSI Philosophy • Many of concepts and practices needed for Trustworthy Software have existed

TSI Philosophy • Many of concepts and practices needed for Trustworthy Software have existed for many years • “Due Diligence” implies software should be reasonably trustworthy, although implementations vary with Audiences and Assurance Requirements • TSI focuses on Pareto (“ 80: 20”) approaches to Making Software Better, iteratively using existing learnings and interpreting them for Common Good – e. g. Switching on an acting on Compiler Warning Flags obviates many common “repeat offender” weaknesses that plague many Facets of Trustworthiness T S I : UK’s public-private partnership for Making Software Better 11 [TSI/2012/183] © Copyright 2003 -2012

Trustworthy Software Framework (TSF) T S I : UK’s public-private partnership for Making Software

Trustworthy Software Framework (TSF) T S I : UK’s public-private partnership for Making Software Better 12 [TSI/2012/275] © Copyright 2003 -2012

Trustworthy Software Framework Level 1/2 Summary – Areas and Groups Governance (9) General Environment

Trustworthy Software Framework Level 1/2 Summary – Areas and Groups Governance (9) General Environment (5) Trust Environment (3) Management regime (2) Risk (12) General Risks (6) Personnel Controls (8) Practitioner Competence (4) Trustworthiness Producer Risks (4) Organisation Competence (2) Plan for Assurance (2) Management Organisation Competence (2) Physical Procedural Controls Technical Controls (66) Controls (5) (21) Protect Physical Project Management Architecture-driven Environment (1) (4) Implementation (4) Provide Artefact Supplier Protection (4) Management (1) Compliance (10) Independent Verification (5) Appropriate tool choices (3) Situational Awareness (4) Understand Requirements (5) Configuration Management (6) Structured Design (3) Ongoing Review (4) Trusted Software Asset Management (3) Fault Management (2) Trustworthy Realisation (19) Structured Implementation (5) Minimise risk exposure (4) Hygienic Coding (10) Methodological Implementation (7) Internal Pre-release Review (4) Internal Verification (5) Dependable Deployment (2) T S I : UK’s public-private partnership for Making Software Better 13 [TSI/2012/253] © Copyright 2003 -2012

Examples of Using Trustworthy Software Framework (TSF) Audience General Specialist Niche - Telecoms Level

Examples of Using Trustworthy Software Framework (TSF) Audience General Specialist Niche - Telecoms Level 1 TE: Technical PR: Procedural RI: Risks Level 2 TE. 02: Appropriate PR. 01: Project tool choice Management RI. 02: Understand Trust Risks TE. 03: Structured Design Level 3 TE. 02. 10: Selection of Appropriate Programming Language(s) PR. 01. 10: Produce and Maintain a Project Plan RI. 02. 10: Maintaining understanding of current weaknesses TE. 03. 10: Produce High Level Design Level 4 Citation: ISO/IEC 24772 “Guidance on language selection” Method: PRINCE 2 Data Sharing: Common Weakness Enumeration (CWE) Citation: ITU-T Z. 100 “Specification & Description Language “ TE: Technical T S I : UK’s public-private partnership for Making Software Better 14 [TSI/2012/253] © Copyright 2003 -2012

Training, Education and Awareness (TEA) • Training – Aimed at the current workforce across

Training, Education and Awareness (TEA) • Training – Aimed at the current workforce across the whole ICT domain • Education – Aimed at the future workforce across the whole ICT domain • Awareness – For everyone involved in, or using, any ICT who would not be covered by Training and/or Education • Working with the Professional Bodies – British Computer Society (BCS – equivalent of ACM) and Institute of Engineering and Technology (IET – equivalent of IEEE) – Accreditation of Degrees, issue of Chartered Status, Continuing Professional Development (CPD) • Led by Coordination Group (CG) including Academics T S I : UK’s public-private partnership for Making Software Better 15 [TSI/2012/275] © Copyright 2003 -2012

Training • • • T. 1 - General overview T. 2 - Specialism customised

Training • • • T. 1 - General overview T. 2 - Specialism customised guidance T. 3 - Verification of Skills T. 4 - Chartered Status T. 5 - Continuing Professional Development (CPD) T. 6 - Executive Course T S I : UK’s public-private partnership for Making Software Better 16 [TSI/2012/275] © Copyright 2003 -2012

Education • E. 1 - Primary Education • E. 2. A - Secondary Education

Education • E. 1 - Primary Education • E. 2. A - Secondary Education – A: IT GCSE – B: E. Bac • E. 3 - Further Education • E. 4 - Higher Education (Bachelor) – A: Technical – Existence – B: Technical - Examinable – C: Non-technical - Existence • E. 5 - Higher Education (Taught Masters) • E. 6 - Higher Education (Post-graduate Research) T S I : UK’s public-private partnership for Making Software Better 17 [TSI/2012/275] © Copyright 2003 -2012

Awareness • A. 0 - Existence of TSI – Website – Green Papers –

Awareness • A. 0 - Existence of TSI – Website – Green Papers – White Papers • A. 1 - Audience specific overviews • A. 2 - Audience customised guidance T S I : UK’s public-private partnership for Making Software Better 18 [TSI/2012/275] © Copyright 2003 -2012

Training, Education & Awareness Current Priorities • 1 st tranche of activity is the

Training, Education & Awareness Current Priorities • 1 st tranche of activity is the longest lead time items: – Input into new IT GCSE /E. Bac in Information Technology (E. 2) – High-level overview of Trustworthy Software for undergraduates (E. 4. A): • Not just those in specialisms such as Security and Dependability • Rather all “technical” - Computer Science & Electronic Engineering • TSI will provide Courseware for those not able to produce their own • BCS and IET looking into Degree Accreditation as incentive • 2 nd tranche of activity: – More detailed Trustworthy Software education for “technical” undergraduates (E. 4. B) – Other undergraduate areas (E. 4. C) that influence future organisational contexts (e. g. Business Studies, Law, Accountancy) – Training of current workforce (T. 1) T S I : UK’s public-private partnership for Making Software Better 19 [TSI/2012/275] © Copyright 2003 -2012

Contact Ian Bryant Technical Director T S I TSI Office Gateway House pp 4.

Contact Ian Bryant Technical Director T S I TSI Office Gateway House pp 4. 30 De Montfort University - Cyber Security Centre The Gateway, Leicester, LE 1 9 BH, England ian. bryant@uk-tsi. org +44 79 7312 1924 www. uk-tsi. org (Twitter: @uktsi) T S I : UK’s public-private partnership for Making Software Better 20 [TSI/2012/275] © Copyright 2003 -2012