High Assurance or Provable security refers to any type or level of computer security that can be proved. It is used in different ways in different fields.

Usually, this refers to mathematical proofs, which are common in cryptography. In such a proof, the capabilities of the attacker are defined by an adversarial model (also referred to as attacker model): the aim of the proof is to show that the attacker must solve the underlying hard problem in order to break the security of the modeled system. Such a proof generally does not consider side-channel attacks or other implementation-specific attacks, because they are usually impossible to model without implementing the system (and thus, the proof only applies to this implementation).

Outside of cryptography, the term is often used in conjunction with secure coding and security by design, both of which can rely on proofs to show the security of a particular approach. As with the cryptographic setting, this involves an attacker model and a model of the system. For example, code can be verified to match the intended functionality, described by a model: this can be done through static checking. These techniques are sometimes used for evaluating products (see Common Criteria): the security here depends not only on the correctness of the attacker model but also on the model of the code.



  • Multi-Level Security (MLS)

  • Mandatory Access Controls (MAC)

  • Trusted Computing (TCS)

  • Cross-Domain Solutions

  • Data Diode​


  • Rainbow Series (A1 through D )

    • Particularly the Orange Book 5200.28-STD “DoD Trusted Computer System Evaluation Criteria

  • Common Criteria (The EAL levels 7 through 1)​


  • Customized solutions for firewalls

  • Customized solutions for SCADA

  • Customized solutions for cellphones​