©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

Slides:



Advertisements
Similar presentations
©Ian Sommerville 2000CS 365 Critical Systems ValidationSlide 1 Chapter 21 Critical Systems Validation.
Advertisements

1 Note content copyright © 2004 Ian Sommerville. NU-specific content copyright © 2004 M. E. Kabay. All rights reserved. Critical Systems Validation IS301.
Configuration management
Chapter 15 Dependability and Security Assurance Lecture 1 1Chapter 15 Dependability and Security Assurance.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.
Software system modeling
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation.
Critical Systems Validation CIS 376 Bruce R. Maxim UM-Dearborn.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
©Ian Sommerville 2000Software Engineering. Chapter 22Slide 1 Chapter 22 Verification and Validation.
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
Soft. Eng. II, Spr. 02Dr Driss Kettani, from I. Sommerville1 CSC-3325: Chapter 6 Title : The Software Quality Reading: I. Sommerville, Chap: 24.
Critical systems development
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 10 Slide 1 Formal Specification.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Verification and Validation.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems.
Chapter 24 - Quality Management 1Chapter 24 Quality management.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management 1.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
 Lionel Briand Safety Analysis.  Lionel Briand Safety-critical Software Systems whose failure can threaten human life or cause serious.
1CMSC 345, Version 4/04 Verification and Validation Reference: Software Engineering, Ian Sommerville, 6th edition, Chapter 19.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 8 Slide 1 Software Prototyping l Rapid software development to validate requirements l.
Software Reliability Categorising and specifying the reliability of software systems.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 1.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Verification and Validation.
1 Testing and Verification Class Verification and Validation u Assuring that a software system meets a user's needs.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 2.
Software Engineering DKT 311 Lecture 11 Verification and critical system validation.
Verification and Validation Chapter 22 of Ian Sommerville’s Software Engineering.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Requirements Engineering Processes l Processes used to discover, analyse and.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 22 Slide 1 Verification and Validation Slightly adapted by Anders Børjesson.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 7 Slide 1 Requirements Engineering Processes.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems 1.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Chapter 19 Verification and Validation.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Chapter 19 Verification and Validation.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Bzupages.com Verification and Validation.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.
Software Safety Case Why, what and how… Jon Arvid Børretzen.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 7 Slide 1 Requirements Engineering Processes.
Figures – Chapter 15. Figure 15.1 Model checking.
SAFEWARE System Safety and Computers Chap18:Verification of Safety Author : Nancy G. Leveson University of Washington 1995 by Addison-Wesley Publishing.
©Ian Sommerville 2000Dependability Slide 1 Chapter 16 Dependability.
1 Software Engineering, 8th edition. Chapter 3 Courtesy: ©Ian Sommerville 2006 Sep 16, 2008 Lecture # 3 Critical Systems.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 3 Slide 1 Critical Systems.
Verification vs. Validation Verification: "Are we building the product right?" The software should conform to its specification.The software should conform.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
EKT421 SOFTWARE ENGINEERING
Chapter 12 – Safety Engineering
Verification and Validation
Critical Systems Validation
Chapter 12 – Safety Engineering
Presentation transcript:

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 2 Safety assurance l Safety assurance and reliability measurement are quite different: Within the limits of measurement error, you know whether or not a required level of reliability has been achieved; However, quantitative measurement of safety is impossible. Safety assurance is concerned with establishing a confidence level in the system.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 3 Safety confidence l Confidence in the safety of a system can vary from very low to very high. l Confidence is developed through: Past experience with the company developing the software; The use of dependable processes and process activities geared to safety; Extensive V & V including both static and dynamic validation techniques.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 4 Safety reviews l Review for correct intended function. l Review for maintainable, understandable structure. l Review to verify algorithm and data structure design against specification. l Review to check code consistency with algorithm and data structure design. l Review adequacy of system testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 5 Review guidance l Make software as simple as possible. l Use simple techniques for software development avoiding error-prone constructs such as pointers and recursion. l Use information hiding to localise the effect of any data corruption. l Make appropriate use of fault-tolerant techniques but do not be seduced into thinking that fault-tolerant software is necessarily safe.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 6 Safety arguments l Safety arguments are intended to show that the system cannot reach in unsafe state. l These are weaker than correctness arguments which must show that the system code conforms to its specification. l They are generally based on proof by contradiction Assume that an unsafe state can be reached; Show that this is contradicted by the program code. l A graphical model of the safety argument may be developed.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 7 Construction of a safety argument l Establish the safe exit conditions for a component or a program. l Starting from the END of the code, work backwards until you have identified all paths that lead to the exit of the code. l Assume that the exit condition is false. l Show that, for each path leading to the exit that the assignments made in that path contradict the assumption of an unsafe exit from the component.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 8 Insulin delivery code

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 9 Safety argument model

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 10 Program paths l Neither branch of if-statement 2 is executed Can only happen if CurrentDose is >= minimumDose and <= maxDose. l then branch of if-statement 2 is executed currentDose = 0. l else branch of if-statement 2 is executed currentDose = maxDose. l In all cases, the post conditions contradict the unsafe condition that the dose administered is greater than maxDose.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 11 Process assurance l Process assurance involves defining a dependable process and ensuring that this process is followed during the system development. l As discussed in Chapter 20, the use of a safe process is a mechanism for reducing the chances that errors are introduced into a system. Accidents are rare events so testing may not find all problems; Safety requirements are sometimes ‘shall not’ requirements so cannot be demonstrated through testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 12 Safety related process activities l Creation of a hazard logging and monitoring system. l Appointment of project safety engineers. l Extensive use of safety reviews. l Creation of a safety certification system. l Detailed configuration management (see Chapter 29).

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 13 Hazard analysis l Hazard analysis involves identifying hazards and their root causes. l There should be clear traceability from identified hazards through their analysis to the actions taken during the process to ensure that these hazards have been covered. l A hazard log may be used to track hazards throughout the process.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 14 Hazard log entry

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 15 Run-time safety checking l During program execution, safety checks can be incorporated as assertions to check that the program is executing within a safe operating ‘envelope’. l Assertions can be included as comments (or using an assert statement in some languages). Code can be generated automatically to check these assertions.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 16 Insulin administration with assertions

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 17 Security assessment l Security assessment has something in common with safety assessment. l It is intended to demonstrate that the system cannot enter some state (an unsafe or an insecure state) rather than to demonstrate that the system can do something. l However, there are differences Safety problems are accidental; security problems are deliberate; Security problems are more generic - many systems suffer from the same problems; Safety problems are mostly related to the application domain

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 18 Security validation l Experience-based validation The system is reviewed and analysed against the types of attack that are known to the validation team. l Tool-based validation Various security tools such as password checkers are used to analyse the system in operation. l Tiger teams A team is established whose goal is to breach the security of the system by simulating attacks on the system. l Formal verification The system is verified against a formal security specification.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 19 Security checklist

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 20 Safety and dependability cases l Safety and dependability cases are structured documents that set out detailed arguments and evidence that a required level of safety or dependability has been achieved. l They are normally required by regulators before a system can be certified for operational use.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 21 The system safety case l It is now normal practice for a formal safety case to be required for all safety-critical computer-based systems e.g. railway signalling, air traffic control, etc. l A safety case is: A documented body of evidence that provides a convincing and valid argument that a system is adequately safe for a given application in a given environment. l Arguments in a safety or dependability case can be based on formal proof, design rationale, safety proofs, etc. Process factors may also be included.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 22 Components of a safety case

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 23 Argument structure

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 24 Insulin pump argument

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 25 Claim hierarchy

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 26 Key points l Safety arguments or proofs are a way of demonstrating that a hazardous condition can never occur. l It is important to have a dependable process for safety-critical systems development. The process should include hazard identification and monitoring activities. l Security validation may involve experience-based analysis, tool-based analysis or the use of ‘tiger teams’ to attack the system. l Safety cases collect together the evidence that a system is safe.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.