Accelerating Time-to-Market
Second , in current design and development practices , even when cryptography is correctly applied , the message-based communication model still poses significant technical challenges in that each application / module will have to understand data , information and context separately , usually after receiving a sequence of messages . All of the knowledge of what is flowing over the network is opaque in message-based communications . So , while this model makes sense in the traditional context of protocol development , it does not suit the needs of building assured systems where mission and application contexts are ubiquitous . In other words , it is not the raw “ message ” that matters ; it is the data and information in context that ultimately matter . That is , we need to know what data is moving over the network . Therefore , a data-centric approach ( as opposed to message-centric ) is more desirable because it provides critically needed network packet transparency . This approach needs to be real-time , secure , and efficient .
Building high assurance systems will require deep expertise , a lot of patience , and substantial funding . Multiply that by a factor of three if your system needs to be certified to some standard : you will need in-house expertise in software certification along with an outside certification partner ; and , the path to market will be on the order of years . In our experience , you should expect certification costs alone to range from $ 5- $ 300 per single line of code ( SLOC ) depending upon the level of certification needed .
For the reasons just enumerated , it is simply too costly in terms of funding and time to build a high assurance system from top to bottom . On the contrary , the goal should be to develop as little code as possible . The more proven / certifiable code that one can acquire or license , the less one will need to design , develop , maintain , and certify . This will expedite development efforts and significantly lower costs . A high assurance software stack provides this ( as depicted in the Figure 3-1 . High assurance stack .).
In this paper we do not review , compare , or debate alternative stacks . Rather , we delve into a high Figure 3-1 . High assurance stack . assurance software stack that was developed in a DARPA funded effort over the last five years by RTI Research . We have designed and implemented architectures for secure medical systems and defense applications . It is suitable for both embedded systems with tight resources and more capable hardware .
The role of this stack is to provide a proven foundation . It is composed of a real-time operating system ( RTOS ) that has been verified or certified ( a safety RTOS ), and a distributed communications middleware . In our stack , for the Safety RTOS we chose the open source seL4
88 July 2022