top - download
⟦1d4f537a4⟧ Wang Wps File
Length: 10697 (0x29c9)
Types: Wang Wps File
Notes: ESPRIT - WORKPLAN 1984
Names: »4537A «
Derivation
└─⟦61f87be83⟧ Bits:30006024 8" Wang WCS floppy, CR 0420A
└─ ⟦this⟧ »4537A «
WangText
ESPRIT - WORKPLAN 1984 SYS/840130
SW TECHNOLOGY/ADV. INFO. PROC. Page
#
S̲u̲b̲j̲e̲c̲t̲ ̲A̲r̲e̲a̲:̲ ̲ ̲A̲d̲v̲a̲n̲c̲e̲d̲ ̲I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲ ̲P̲r̲o̲c̲e̲s̲s̲i̲n̲g̲
TOPIC: A̲r̲t̲i̲f̲i̲c̲i̲a̲l̲ ̲I̲n̲t̲e̲l̲l̲i̲g̲e̲n̲c̲e̲ ̲w̲i̲t̲h̲i̲n̲ ̲A̲i̲r̲ ̲T̲r̲a̲f̲f̲i̲c̲ ̲C̲o̲n̲t̲r̲o̲l̲
The importance of efficient Air Traffic Control procedures is
well established in society today. Many of these procedures
are dependant on human resources, but could be automated in
order to releave the human role for supervision and emergency
interceptions.
S̲y̲s̲t̲e̲m̲ ̲D̲e̲s̲c̲r̲i̲p̲t̲i̲o̲n̲
The use of reporting of flight schedules leading to update of
a data base and followed by a scheduling of all events could
be automated and implemented on highly reliable systems using
dublication or redundancy techniques. This type of information
could be automatically compared to radar output information
in order to alarm on any discrepancies between planned data
and actual data for a management by exception concept.
An Air Traffic Control system which uses AI could be coupled
directly with the radio communication system and give verbal
directions to the airplane crew in or before emergency situations.
The result of a calculated collision course could be to send
an order directly to the autopilot on the airplane, in order
to provide fast and adequate reaction to any emergency situations.
Another area of great importance is the optimisation of flight
routes in order to minimize fuel usage. If the normally fixed
flight routes could be modified dynamically depending on weather
condition, (wind) great savings in fuel could be obtained. The
study could demonstrate if it is feasable to have dynamic routing.
S̲u̲b̲j̲e̲c̲t̲ ̲A̲r̲e̲a̲:̲ ̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲ ̲T̲e̲c̲h̲n̲o̲l̲o̲g̲y̲
TOPIC: R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲ ̲S̲p̲e̲c̲i̲f̲i̲c̲a̲t̲i̲o̲n̲ ̲L̲a̲n̲g̲u̲a̲g̲e̲
The System Requirements Specification of any planned system,
represents the first complete description of all the functions
to be performed by the planned system. Desirable properties
of a Requirement Specification includes completeness, consistency,
comprehensibility, traceability, unambiguity (testability and
verifiability), modifiability and writeability.
Today, no complete set of tools exist which will assist users
and designers in descriptions of a new system to the extend
desirable.
S̲y̲s̲t̲e̲m̲ ̲D̲e̲s̲c̲r̲i̲p̲t̲i̲o̲n̲
The Requirements Specification of a planned system is a contract
between the receiver and the supplier of a system. Suppliers
are technically skilled people, who may be trained in using
any new tool, while the receiver or user must not be expected
to adapt difficult new techniques, because that is normally
just not acceptable. Hence, a formal Requirements Specification
Language must have an apparent plain language interface to the
receiver of a new system. This means that an end user of a planned
system must accept any formal requirements language on a readable
and understandable level after af very short training, while
the designer of a planned system must be able to use a Requirements
Language in a more active fashion.
Good specifications are the baseline for all the following phases
like design, coding, testing and acceptance. The better the
baseline is, the better the total result will be.
Considering that a Requirements Specification Language needs
an apparent natural language interface, main technique that
are candidates for using in a Requirements Specification Language
are for instance natural language translations, where a text
is analysed and broken down in components. This analysis could
cover areas like sentence length, special ambiguity constructions
and context apprehension, e.g. locate verb and noun of a sentence.
These techniques could be combined with cross reference techniques
by identifying similar nouns in different parts of the specifications
in order to highlight any possible ambiguities.
Using a formal Specification Language might also improve the
planning of resources for the following phases, because a formal
evaluation can be evaluated qualitatively.
1̲ ̲ ̲A̲B̲S̲T̲R̲A̲C̲T̲
The public opinion seems to be very concerned about
the rapid growth of computerized information systems
because of the inherent threats to individual privacy.
In areas such as financial or corporate information
systems these is also a gracing concern about security
problems. These concerns may very will be one of the
limiting factors in the introduction of computerized
information processing.
For these reasons it is important that future systems
focus very much upon protecting of information against
unauthorized leakage and modification. New standards
and technologies must be developed for maintaining
information security, and the mechanisms used must
be provable in order to be convincing.
The secure system project will develop technologies
an standards for information security in single system
components such as workstations, data base machines
and general purpose mainframes as well as in the total
integrated information system.
2̲ ̲ ̲P̲r̲o̲j̲e̲c̲t̲ ̲C̲o̲n̲t̲e̲n̲t̲s̲
2.1 I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲ ̲S̲e̲c̲u̲r̲i̲t̲y̲ ̲i̲n̲ ̲S̲y̲s̲t̲e̲m̲ ̲C̲o̲m̲p̲o̲n̲e̲n̲t̲s̲
Information processing systems will be built as large
networks of cooperating system components, ranging
from small personal systems to large mainframes. Each
component manages its own local data and controls the
access to those data by other components.
One area of Information Security considers the techniques
by which each local component can control access to
its data from local users or from other components.
The following topies are important in this area:
a) S̲e̲c̲u̲r̲i̲t̲y̲ ̲C̲o̲n̲c̲e̲p̲t̲s̲ ̲a̲n̲d̲ ̲S̲e̲c̲u̲r̲i̲t̲y̲ ̲P̲o̲l̲i̲c̲i̲e̲s̲
The project will develop a set of fundamental security
concepts which are suited to describe security
attributes of data items and access control rules
by individuals to those data items. An example
of such a concept is the separation of data info
compartments such as taxation data, social wellfare
data, medical data etc., with individual access
limited to a subset of the complete set of compartments.
A Security Policy for a specific system is the
specification of the security concepts and access
control rules to be enforced by the system.
The project will develop standards and tools for
defining the security concepts and the security
policy applicable to a system.
b) S̲e̲c̲u̲r̲i̲t̲y̲ ̲R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲ ̲A̲n̲a̲l̲y̲s̲i̲s̲ ̲a̲n̲d̲ ̲M̲a̲p̲p̲i̲n̲g̲
The initial specification of security requirements
will be informal using daily language terms. These
informal requirements must be analyzed and reformulated
in terms of the accepted security concepts. The
final result of this process must be a formal specification
of the security policy for the system.
The project will develop techniques for identification
of the security relevant part of the total set
of system requirements and for mapping the security
requirements on a set of security concepts and
a security policy.
c) S̲e̲c̲u̲r̲i̲t̲y̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲ ̲D̲e̲v̲e̲l̲o̲p̲m̲e̲n̲t̲ ̲a̲n̲d̲ ̲V̲e̲r̲i̲f̲i̲c̲a̲t̲i̲o̲n̲
In order that a computer system can be trusted
to handle security data properly, the security
properties of the system must be verified in a
more rigid manner than the functional properties.
For such a verification to be feasible, the security
relevant parts of the software must be small, well
structured and protected against tampening or by
passing by other software components. These rewuirements
have much influence upon the development cycle
of the software. In addition the security software
must take full advantage of available hardware
protection feature.
A number of different levels of ambitions must
be defined for the rigidness of security verification,
ranging from formal specification of the security
policy and automated verification that the system
design in consistent with the policy to an informal
description and verification of the security properties
of the system.
The project will develop standards and description
tools for design and implementation of the security
software and investigate the feasibility of formal
specification.
d) H̲a̲r̲d̲w̲a̲r̲e̲ ̲S̲u̲p̲p̲o̲r̲t̲ ̲f̲o̲r̲ ̲S̲e̲c̲u̲r̲e̲ ̲S̲y̲s̲t̲e̲m̲
There are two separate areas of the hardware architecture
which are of particular importance for support
of security:
- Hardware reliability.
The hardware must have extensive mechanisms
for detection of hardware malfunctions, such
that no errors can occur without detection.
- Protection mechanisms.
The hardware must offer extensive facilities
for small protection domains and for fast domain
swithching. It will thereby be possible to
structure the security software into small,
verifiable modules, which can only interfere
with each other and with the rest of the software
via the information channels specified in the
software design.
The project will design hardware architectures
with the specified properties.
2.2 I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲ ̲S̲e̲c̲u̲r̲i̲t̲y̲ ̲i̲n̲ ̲T̲o̲t̲a̲l̲ ̲S̲y̲s̲t̲e̲m̲s̲
While the technologies for development of secure system
components have been evolving for some years, very
little has been done in the area of interconnecting
secure system components to form a secure total information
system. International standards for systems interconnection
do not mention security at all.
There are two important topics to be covered:
- Standards for interconnection of secure system
components which cooperate in forming a secure
total information system.
- Migration of current systems into secure systems.
The investments in current information system are
so immense that one cannot expect a new secure
system simply to replace an existing system. Techniques
must thus be developed which allow an existing
system to gradually evolve into a secure system.
This shall be done by insertion of secure system
components for support of new functions and gradually
replacing existing system components. During the
transition period, the insecure system components
may be encapsulated by front end processors acting
as security filters.
3̲ ̲ ̲B̲E̲N̲E̲F̲I̲T̲S̲
Due to differences in political structures and in the
power of unions, it is likely that european countries
will place more emphasis upon security and privacy
than USA and Japan. This will in particular be the
case for government information systems.
Manufacturers which can produce information systems
with verifiable security properties will thus be likely
to obtain an increased market share.
