Trustworthy Information Systems
The Trustworthy Information Systems (TIS) program is one of eight broad program areas within the Information Technology Laboratory of the National Institute of Standards and Technology (NIST) that conduct research and development to accelerate the development and deployment of information and communication systems that are reliable, usable, interoperable, and secure. These programs seek to develop the measurements and standards infrastructure for emerging information technologies and applications, and aim to advance the measurement science through innovations in mathematics, statistics, and computer science.
Ensuring that our nation's information systems are trustworthy is becoming increasingly important as we become more dependent on them for reliable, secure, and safe operation in nearly all sectors of our economy, national defense, homeland security, healthcare, and personal life. As systems grow in size and complexity, and become increasingly interconnected through networks and communication links, their vulnerability to attack from hostile elements, or failures due to inherent defects or exploited vulnerabilities, increase their risk of failure or compromise with significant impacts to businesses, services, equipment or users depending on them.
The aim of the TIS program is to reduce the risk and uncertainty associated with information systems by improving the capability to design, build and assess trustworthy systems. The program focuses principally on software in computer-based information systems and seeks to advance and apply innovative practices, technologies, tools, measurements and testing methods that can reduce software errors, defects, and vulnerabilities that occur during software development.
Note, however, that achieving trustworthy systems goes beyond the efforts of the TIS program to include many other factors, such as, quality development practices, processes and procedures, testable specifications that address both functional and non-functional requirements, including potential threats, attacks, hazards, and other aspects of the operational environment, and use of both manual and automated assurance methods and tools throughout the development lifecycle. Only through a comprehensive and collective effort that integrates best practices with advanced methods, technology and tools can we hope to assure systems as trustworthy.
In aligning with the NIST role of the nation's measurement, testing, and standards laboratory, the goals of the TIS program are to:
- Enable a scientific foundation for trustworthy system measurements.
- Improve capabilities for designing, constructing, and assuring trustworthy systems.
In the first goal, we seek to increase our knowledge and understanding of trustworthiness in systems by developing the measurement science needed to quantify and measure properties of trustworthy systems. An objective is to develop measurable models that both describe and predict system properties and behaviors related to requirements for trustworthiness. The approach will investigate software properties and their relationship to trustworthiness, and examine the use of existing software metrics and measures as a basis for deriving trustworthy metrics that indicate the degree of trustworthiness in systems.
In the second goal, we seek to improve software assurance by reducing or eliminating software defects, weaknesses and vulnerabilities through improvements in automated test methods, measurement methods, technology and tools, and guidance and standards that support development of trustworthy systems.
The current TIS projects, listed to the right, address these goals by focusing on trustworthy modeling, metrology, and methods for improving software assurance during the development process. An emphasis has been placed on improving automated test methods and tools since the scale of testing today's large and complex systems exceeds manual methods and requires the adoption and use of automated testing and analysis tools. Further details for each project can be found by following the link to each project's web page.