WoSoCer 2013 Program

The 3rd International Workshop on Software Certification

Tuesday 5, 2013, 11:00 AM - 5:30 PM

Part 1: Safety evidences and assurance cases

1. Invited talk Martin Feather (principal at the Jet Propulsion Laboratory, California Institute of Technology) “How the Fundamental Assurance Question Pervades Certification” Talk Presentation

2. E. Denney and G. Pai (SGT/NASA Ames) Evidence Arguments for Using Formal Methods in Software Certification Abstract - Talk Presentation - Article

3. S. Grigorova and T.S.E. Maibaum (McMaster University) Taking a Page from the Law Books: Considering Evidence Weight in Evaluating Assurance Case Confidence Abstract - Talk Presentation - Article

4. N. Silva, A. Esper, R. Barbosa (Critical Software), J. Zandin (RUAG Space AB), C. Monteleone (ESA) Reference Architecture for High Dependability On-Board Computers Abstract - Talk Presentation - Article

Part 2: Third-party software and component reuse

1. Invited talk Jeffrey Voas (Computer Scientist at the US National Institute of Standards and Technology) "Information Assurance Considerations for Software Supply Chains and 3rd Parties" Talk Presentation

2. I. Sljivo, B. Gallina, J. Carlson and H. Hansson (Mälardalen University) Strong and Weak Contract Formalism for Third-Party Component Reuse Abstract - Talk Presentation - Article

3. A. Söderberg and R. Johansson (SP Technical Research Institute of Sweden) Safety Contract Based Design of Software Components Abstract - Talk Presentation - Article

4. N. Antunes (U. of Coimbra), F. Brancati (ResilTech), A. Ceccarelli, Andrea Bondavalli (U. of Florence) and Marco Vieira (U. of Coimbra) A Monitoring and Testing Framework for Critical Off-The-Shelf Applications and Services Abstract - Talk Presentation - Article

Part 3: Software certification practices

1. A. Ceccarelli (U. of Florence) and Nuno Silva (Critical Software) Qualitative comparison of aerospace standards: an objective approach Abstract - Talk Presentation - Article

2. M. Roth and P. Liggesmeyer (Technical University of Kaiserslautern) Qualitative Analysis of State/Event Fault Trees for Supporting the Certification Process of Software-Intensive Systems Abstract - Talk Presentation - Article

3. X. Lili and Z. Hong (Beihang University) An Improved SFMEA Method Integrated with Assistive techniques Abstract - Talk Presentation - Article

4. Q. Li, L. Luo, J. Wang (Beihang University) Accelerated reliability testing approach for high-reliable software based on the reinforced operational profile Abstract - Talk Presentation - Article

5. Fernanda Buonanno (AnsaldoBreda), Domenico Di Leo (Critiware), Paolo Di Paolo (AnsaldoBreda), Roberto Pietrantuono and Stefano Russo (Federico II University of Naples) Requirements Engineering in Rail Transit Production: an Experience Report Abstract - Talk Presentation - Article

Session 37: Safety evidences and assurance cases

Evidence Arguments for Using Formal Methods in Software Certification

E. Denney and G. Pai (SGT/NASA Ames)

We describe a generic approach for automatically integrating the output generated from a formal method/tool into a software safety assurance case, as an evidence argument, by (a) encoding the underlying reasoning as a safety case pattern, and (b) instantiating it using the data produced from the method/tool. We believe this approach not only improves the trustworthiness of the evidence generated from a formal method/tool, by explicitly presenting the reasoning and mechanisms underlying its genesis, but also provides a way to gauge the suitability of the evidence in the context of the wider assurance case. We illustrate our work by application to a real example–-an unmanned aircraft system–-where we invoke a formal code analysis tool from its autopilot software safety case, automatically transform the verification output into an evidence argument, and then integrate it into the former.

Back to Top

Taking a Page from the Law Books: Considering Evidence Weight in Evaluating Assurance Case Confidence

S. Grigorova and T.S.E. Maibaum (McMaster University)

This brief report is a contribution to discussions of the notion of confidence in the context of assurance cases. In this work, we draw a parallel between the concepts of assurance case confidence and evidence weight in the legal domain, and explore the practical ramifications of this idea. We first establish what factors influence assurance case confidence, and propose a definition. Then, through a comparison with the legal domain (following the discussions of Jonathan Cohen, Keynes and Nance) we submit that confidence can be seen as composed of two distinct aspects, and we proceed to contend that it is beneficial to consider these aspects separately when performing an evaluation. One of the greatest advantages of doing so would be providing a separate measure for assurance case “ripeness” for review (to be used by assurance case developers, as well as regulators).

Back to Top

Reference Architecture for High Dependability On-Board Computers

N. Silva, A. Esper, R. Barbosa (Critical Software), J. Zandin (RUAG Space AB), C. Monteleone (ESA)

The industrial process in the area of on-board computers is characterized by small production series of on-board computers (hardware and software) configuration items with little recurrence at unit or set level (e.g. computer equipment unit, set of interconnected redundant units). These small production series result into a reduced amount of statistical data related to dependability, which influence on the way on-board computers are specified, designed and verified. In the context of ESA harmonization policy for the deployment of enhanced and homogeneous industrial processes in the area of avionics embedded systems and on-board computers for the space industry, this study aimed at rationalizing the initiation phase of the development or procurement of on-board computers and at improving dependability assurance. This aim was achieved by establishing generic requirements for the procurement or development of on-board computers with a focus on well defined reliability, availability, and maintainability requirements, as well as a generic methodology for planning, predicting and assessing the dependability of on-board computers hardware and software throughout their life cycle. It also provides guidelines for producing evidence material and arguments to support dependability assurance of on-board computers hardware and software throughout the complete lifecycle, including an assessment of feasibility aspects of the dependability assurance process and how the use of computer-aided environment can contribute to the on-board computer dependability assurance.

Back to Top

Session 42: Third-party software and component reuse

Strong and Weak Contract Formalism for Third-Party Component Reuse

I. Sljivo, B. Gallina, J. Carlson and H. Hansson (Mälardalen University)

Our aim is to contribute to bridging the gap between the justified need from industry to reuse third-party components and skepticism of the safety community in integrating and reusing components developed without real knowledge of the system context. We have developed a notion of safety contract that will help capture safety-related information for supporting the reuse of software components in and across safety-critical systems. In this paper we present our extension of the contract formalism for specifying strong and weak assumption/guarantee contracts for out-of-context reusable components. We elaborate on notion of satisfaction, including refinement, dominance and composition check. To show the usage and the expressiveness of our extended formalism, we specify strong and weak safety contracts related to a wheel braking system.

Back to Top

Safety Contract Based Design of Software Components

A. Söderberg and R. Johansson (SP Technical Research Institute of Sweden)

In this paper we discuss how to use a modified design methodology for contract based design (CBD) intended for development of software and component based systems by use of so called safety contracts. The primary purpose is to make a proposal on how to integrate safety contracts in a, for a tool, implementable way for automatic safety contract verification. This development technique is called safety contract based design (SCBD) in this paper. Focus is to discuss the similarities and differences between the actual contents in conventional CBD-contracts and safety contracts, and rules for how to verify agreements of safety contracts and how to ensure safety contract validity.

Back to Top

A Monitoring and Testing Framework for Critical Off-The-Shelf Applications and Services

N. Antunes (U. of Coimbra), F. Brancati (ResilTech), A. Ceccarelli, Andrea Bondavalli (U. of Florence) and Marco Vieira (U. of Coimbra)

One of the biggest verification and validation challenges is the definition of approaches and tools to support systems assessment while minimizing costs and delivery time. This includes the integration of OTS software components in critical systems that must undergo proper certification or approval processes. In the particular case of testing, due to the differences and peculiarities of components, developers often build ad-hoc and poorly-reusable testing tools, which results in increased time and costs. This paper introduces a framework for testing and monitoring of critical OTS applications and services. The framework includes i) a box that is instrumented for monitoring OS and application level variables, ii) an adaptable toolset for testing the target components and iii) tools for data storing, retrieval and analyzes. A prototype that shows the applicability of the framework is described, and future testing scenarios are designed.

Back to Top

Session 47: Software certification practices

Qualitative comparison of aerospace standards: an objective approach

A. Ceccarelli (U. of Florence) and Nuno Silva (Critical Software)

Aerospace development processes are regulated by hardware, software or system-level standards. These standards describe the phases of the life-cycle, and the techniques to be adopted to guarantee or assess the safety of systems and components. Standards are mostly written independently one from the others, and despite major similarities, they also include several distinctions which force companies to apply different expertise, training, personnel and procedures for each of them. This increases the difficulty in adopting new or different standards, ultimately resulting in increased costs. This paper investigates the differences between relevant aerospace standards, namely, the standards investigated include ARP4754A/4761, DO-178B/C, DO-254, ED-153, FAA HBK006A, Galileo Software Standard (GSWS) and the ECSS series, through comparison of lifecycle and major requirements. Evidence is given of relevant commonalities between the standards, but also of several, non-negligible specificities, what make it more challenging to define a uniform development processes and a uniform set of activities and competences required to achieve the standards compliance.

Back to Top

Qualitative Analysis of State/Event Fault Trees for Supporting the Certification Process of Software-Intensive Systems

M. Roth and P. Liggesmeyer (Technical University of Kaiserslautern)

For the certification of modern safety critical systems tree based failure models, like standardized fault trees (FTs), are frequently used methodologies. But when it comes to software-intensive systems these techniques have some crucial disadvantages, especially in modeling timing behavior. To deal with these weak points state/event fault trees (SEFTs) [6] were developed. However, these kind of fault trees can only be analyzed in a quantitative way. In this paper we propose an approach to analyze them qualitatively as well. This results in ordered event sequences which represent different ways for triggering a critical event of the underlying SEFTs, which can be seen as a timedependent equivalent of the minimal cut set (MCS) analysis of standardized FTs. To evaluate our approach, we implemented the SEFTAnalyzer to apply it on a software-controlled fire alert system.

Back to Top

An Improved SFMEA Method Integrated with Assistive techniques

X. Lili and Z. Hong (Beihang University)

An improved analysis process of software failure modes and effects analysis (SFMEA) is presented in this paper, to alleviate the difficulties and heavy workload while applying the traditional SFMEA approach to complex systems. By integrating the function structure, control flow diagram (CFD)/ data flow diagram (DFD), and software fault tree analysis (SFTA) into the traditional SFMEA, the improved SFMEA is easier and more convenient to conduct. At last, we took a fly-by-wire flight control system for case study to verify the feasibility of this approach. The case study shows that the improved SFMEA can help save time and effort while analyzing the complex systems, and greatly improve the reliability of software.

Back to Top

Accelerated reliability testing approach for high-reliable software based on the reinforced operational profile

Q. Li, L. Luo, J. Wang (Beihang University)

Testing under the actual operational profile (OP) for high-reliable software can be expensive, time consuming or even infeasible in situations where performance of a system is dominated by infrequent but highly critical events. To solve this problem, testing using importance sampling was put forward for usage-based software reliability demonstration testing (SRDT). An extended research based on OP for software reliability growth testing (SRGT) is proposed. Firstly, the reinforced OP based on changing the probabilities of critical operations is suggested. Secondly, the principle of accelerated SRGT is proposed. Then an implementing framework is proposed. Finally, the accelerated method is applied on a software system. The experimental results indicate: compared with the growth testing approach based on original OP, the accelerated growth testing approach based on the reinforced OP can not only significantly decrease the required testing time and the required test cases, but also obtain the same testing conclusion and the unbiased estimation result.

Back to Top

Requirements Engineering in Rail Transit Production: an Experience Report

Fernanda Buonanno (AnsaldoBreda), Domenico Di Leo (Critiware), Paolo Di Paolo (AnsaldoBreda), Roberto Pietrantuono and Stefano Russo (Federico II University of Naples)

Software is an increasing part of train control systems, calling for the integration of modern sound software engineering techniques into consolidated industrial systems engi- neering processes. We present the experience of a public-private collaboration between University of Naples and Ansaldo Breda, a leading company in the field of rail transit systems. The experience is focused on requirements engineering as a driver to improve the development process in terms of cost/quality trade- off, and to better support in the long term software quality (and safety) assurance activities.

Back to Top

Joomla templates based on a4joomla-countryside

Please be aware that this website uses cookies.