Reusable components equipped with strict guarantees of quality can help reestablish software development on a stronger footing, by taking advantage of the scaling effect of reuse to justify the extra effort of ensuring impeccable quality. This discussion examines work intended to help the concept of Trusted Component brings its full potential to the software industry, along two complementary directions: a "low road" leading to qualification of existing components, and a "high road" aimed at the production of components with fully proved correctness properties.

Global networking has brought with it both new opportunities and new security threats on a worldwide scale. Since the Internet is inherently insecure, secure cryptographic protocols and a public key infrastructure are needed. In this paper we introduce a protocol component architecture that is well suited for the implementation of telecommunications protocols in general and cryptographic protocols in particular. Our implementation framework is based on the Java programming language and the Conduits+ protocol framework. It complies with the Beans architecture and security API of JDK 1.1, allowing its users to implement application specific secure protocols with relative ease. Furthermore, these protocols can be safely downloaded through the Internet and run on virtually any workstation equipped with a Java capable browser * . The framework has been implemented and tested in practice with a variety of cryptographic protocols. The framework is relatively independent of the actual crypto...

This paper presents a logical analysis of a typical argument favoring the use of formal methods for software development, and suggests an alternative argument that is simpler and stronger than the typical one.

This paper presents an approach to formal requirements specification of embedded systems. The specific demands of a specification for command and control systems are addressed. The proposed method allows various views of a system, like conventional methods. The added value lies in the fact that the relationship between the views is specified formally, and consistency between views can be analyzed formally. As a case study, we develop and analyze a formal requirements specification for a subsystem of a realistic command and control system. Specification and verification are carried out using the language and proof checker of PVS. 1 Introduction Command and control systems. The general task of a command and control system is to support a team of operators in monitoring and controlling the environment in order to accomplish a mission. Commonly, these systems support tasks like navigation, observation, communication, defense, and training. Command and control systems are equipped with va...

Components must be trustworthy if they are worth deploying at all. In this position paper, we identify some ingredients that we think are essential for enabling components to be trustworthy.

Starting from an analysis of the situation of a software developer using pre-fabricated components, it is investigated in which form techniques and formalisms from the area of formal specification can provide practical aid in development. Several different dimensions of precise component specification are identified. While formal specifications can be helpful for several of these dimensions, it is argued that the most relevant application area may be a flexible mechanism for creating different but consistent views on a complex system. Ideas for concrete tool support based on the Object Constraint Language (OCL) are sketched. 1

This report presents the results of the first year of my Ph.D. investigating the use of assertion-based Object-Oriented techniques to produce reliable software and enable software components to be reused safely. I start by discussing these motivations and presenting five goals that an ideal solution will meet. I then assess whether a widerange of state of the art projects meet these goals. My conclusion is that none of the existing projects satisfy all of the goals. The body of the report consists of the presentation of a language that I have developed called Omnibus and a discussion of the current efforts towards supporting the verification of programs written in the language. I also briefly mention steps being taken to allow Omnibus to be used in realistic commercial software projects. The report concludes by proposing a new approach to the use of assertion-based techniques in software development, evaluating the Omnibus language, discussing both the achievements of the project so far and future aims for it and, finally, giving some personal reflections on the year. Acknowledgements