Skip to Main Content
The constructive security philosophy is based on the assumption that that for certain critical operations, a system always must do the "right thing". What the "right thing" is depends on the intended security policy, but we need assurance that the system will not do something else. Thus, we must demonstrate the absence of unspecified functionality - manifestation of security's negative requirement. Because we must demonstrate the absence of something in a way that will promote user confidence, it is necessary to build systems to demonstrably meet the negative requirement.