School of Computing


ConForm - Comparison of Conventional and Formal Methods in the Development of a Secure System

The ConForm Project aims to contribute evidence on the costs and benefits of the modest application of formal methods to the development of a small security-critical system. Within British Aerospace (Systems and Equipment) Ltd (BASE), two teams of engineers are independently developing a security-critical device called a trusted gateway to the level of software prototype. One team uses the BASE development methodology, supported by RTM for requirements tracing and Teamwork for data-flow-based system description; the other team uses the same techniques plus formal specification in the Vienna Development Methods specification language VDM-SL . Through the development process, we are able to compare the progress of the two teams in terms of the effort required to complete each development phase, and in terms of the characteristics of each of the design artifacts produces (system specifications, test plans etc.).