Introduction

ORA Canada is no longer active. This site is mostly an archive—but see what's new.

For over twenty years, the key personnel of ORA Canada operated primarily as a government and commercially funded think tank and research center. The company's focus on high assurance technology and information security is founded upon its intellectual capital and technology that was the result of millions of dollars of R&D investment (primarily sponsored by the defence departments of the U.S. and Canada).

Formal Methods/High Assurance Technology

ORA Canada's roots are in the early eighties, when its key personnel were members of an Ottawa-based contract R&D group within I. P. Sharp Associates. From its onset, the group focused on formal methods, the application of mathematical logic to the specification, design and development of Information Technology (IT) systems. The principal value proposition underlying the R&D is the heightened predictability of functional behavior supported by sound mathematical and engineering reasoning. U.S. and Canadian defence requirements for high assurance of security- and safety-critical systems were a primary motivator for the R&D. Furthermore, various international standards require or suggest the use of formal methods to achieve higher levels of certification.

Under Canadian and U.S. government sponsorship, the company's principals have developed software systems, in particular EVES and Z/EVES, that support the formal specification, design, development and logical analysis of IT systems. As of July 2002, these systems have been distributed, under R&D licenses, to sites in 59 countries, where they are being primarily used for research and teaching purposes.

Information Security

The company has acquired extensive experience with Information Security. ORA's experiences in computer security started in the early 1980s, when the company became one of the first companies to design and implement a packet filtering device (for the United States Navy) in which only permitted data was allowed to flow between machines and networks of different security classification. More recently, the company has worked extensively with information security technologies. Our information security background includes installation and analysis of soundness of various Public Key Infrastructures (PKI). For example, ORA Canada has experience with Entrust, openSSL and PGP. It includes in-depth analysis of various authentication protocols and the use of state-of-the-art products to secure our own network resources. ORA Canada has been investigating the use of international security standards (FIPS 140-1 and the Common Criteria) for the application of ORA's high assurance products to third party cryptographic products. Our experiences have demonstrated that the application of rigorous mathematical modeling techniques to information security artifacts is highly effective in identifying flaws. Recent work has focused on automated security policy management and advanced analyses of IP-enabled networks (and firewalls) for security and functionality requirements.