A description of a formal verification and validation (FVV) process

Abstract: The Department o f Defense Trusted Computer System Evaluation C r i t e r i a (TCSEC) establishes a requirement f o r formal v e r i f i c a t i o n a c t i v i t i e s o f a TCB designed f o r Mandatory o r V e r i f i e d Protection [l]. As a r e s u l t , formal v e r i f i c a t i o n has become an i n t e g r a l p a r t o f todays t r u s t e d systems development w i t h i n t h e DoD C31 community. Design engineers must commit t o a broader understanding o f v e r i f i c a t i o n issues and be a c t … Show more

“…From our perspective, the reports in [26] and [30] are interesting contrasts. The report in [26] concentrates on kinds of proof failures with HDM methodology and does not include enough information on the formal specification process to determine the level of its attributes.…”

“…Because the process characteristics defining the generic strategies (Figure 1, left panel) often relate to the techniques and methods that are the subject of the report, classification on the strategy dimension should not be as difficult as on the process attributes dimension. The report [30] that was just quoted is an example. Nevertheless key words and phrases may be helpful in some cases and will standardize the process.…”

“…For example, the paper [26] gives enough information to identify the generic strategy as at least Level 2 (the computer assistance discussed is tool support for verification, not computer assistance for generating formal specifications from semi-formal specifications). But the information in [30] is more detailed and clearly shows the strategy is Transitional-Assisted:…”

“…This report is not classifiable on the PAD, and therefore is not usable for validation of FSSM. However, the same project is described more broadly in [30] where there is enough information to determine that the process attributes are FSM Level 3:…”

“…For example, in [30], the KPAs "organization process focus" and "organization process definition" point to the process information given in the description: 'Our FW process uses an automated tool to generate most of the SPECIAL FILS." The KPA "intergroup coordination" points to "The FVV process aims...to provide the system designers with feedback."…”

A validation framework for a maturity measurement model for safety-critical software systems

“…From our perspective, the reports in [26] and [30] are interesting contrasts. The report in [26] concentrates on kinds of proof failures with HDM methodology and does not include enough information on the formal specification process to determine the level of its attributes.…”

“…Because the process characteristics defining the generic strategies (Figure 1, left panel) often relate to the techniques and methods that are the subject of the report, classification on the strategy dimension should not be as difficult as on the process attributes dimension. The report [30] that was just quoted is an example. Nevertheless key words and phrases may be helpful in some cases and will standardize the process.…”

“…For example, the paper [26] gives enough information to identify the generic strategy as at least Level 2 (the computer assistance discussed is tool support for verification, not computer assistance for generating formal specifications from semi-formal specifications). But the information in [30] is more detailed and clearly shows the strategy is Transitional-Assisted:…”

“…This report is not classifiable on the PAD, and therefore is not usable for validation of FSSM. However, the same project is described more broadly in [30] where there is enough information to determine that the process attributes are FSM Level 3:…”

“…For example, in [30], the KPAs "organization process focus" and "organization process definition" point to the process information given in the description: 'Our FW process uses an automated tool to generate most of the SPECIAL FILS." The KPA "intergroup coordination" points to "The FVV process aims...to provide the system designers with feedback."…”

A validation framework for a maturity measurement model for safety-critical software systems