Security policies are assumed to be internally consistent and to reflect the requirements of the organization to which they apply. Similarly, security mechanisms are assumed to work correctly and to perform the functions for which they are intended. These critical aspects of trustworthiness are commonly glossed over because they are difficult to quantify or analyze. However, they speak directly to the assumptions on which all security policies and mechanisms rest. Part 6 explores the concepts and methodologies of assurance and describes the options available for receiving an evaluation of the level of trust that the assurance can provide in the system.

Chapter 18, “Introduction to Assurance,” explores and motivates the concept of security assurance, provides fundamental definitions, and presents an overview of current assurance techniques.

Chapter 19, “Building Systems with Assurance,” identifies what must be done differently to create a system that is built specifically for security by addressing life cycle issues of assurance.

Chapter 20, “Formal Methods,” provides a look at the formal techniques used today to ensure the correctness of programs and designs. These techniques include specification, proof-based verification, model checking, and protocol verification.

Chapter 21, “Evaluating Systems,” investigates the formal evaluation and certification techniques that are available today. The specific evaluation techniques and assignment of trust used in these methodologies are highlighted.