1 Reducing the Software Impact to System Safety Paul Mayo – SafeEng Limited.

Slides:



Advertisements
Similar presentations
Module 1 Evaluation Overview © Crown Copyright (2000)
Advertisements

Chapter 4 Quality Assurance in Context
Chapter 2 – Software Processes
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
Define & Compare Flowcharts of Each Method Tom Delong.
1 Basic Definitions: Testing What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults.
Developing safety critical systems
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.
1 Software Testing and Quality Assurance Lecture 38 – Software Quality Assurance.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
1 Software Testing and Quality Assurance Lecture 39 – Software Quality Assurance.
(c) 2007 Mauro Pezzè & Michal Young Ch 1, slide 1 Software Test and Analysis in a Nutshell.
Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.
The Systems Assurance Group Dr Jaspal Sagoo Systems Assurance Group QinetiQ Trusted Information Management Malvern Technology Centre.
Implementation. We we came from… Planning Analysis Design Implementation Identify Problem/Value. Feasibility Analysis. Project Management. Understand.
Software Quality Assurance
Testing safety-critical software systems
Software Safety Chloe Sanderson CNS07U. Overview What is software safety? What are its causes? How can it be overcome? Example of analysis technique Example.
What Exactly are the Techniques of Software Verification and Validation A Storehouse of Vast Knowledge on Software Testing.
Software Considerations in Airborne Systems
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
BS3909 Week 8 1 Self-Study: Safety-critical systems l Wide range of equipment now computer-controlled »Machine could injure operator if certain faults.
Ethical and Social...J.M.Kizza 1 Module 8: Software Issues: Risks and Liabilities Definitions Causes of Software Failures Risks Consumer Protection Improving.
SEC835 Database and Web application security Information Security Architecture.
Introduction to Software Quality Assurance (SQA)
Software Quality Assurance Lecture #8 By: Faraz Ahmed.
University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.
-Nikhil Bhatia 28 th October What is RUP? Central Elements of RUP Project Lifecycle Phases Six Engineering Disciplines Three Supporting Disciplines.
Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.
Safety-Critical Systems 6 Certification
©Ian Sommerville 2000, Mejia-Alvarez 2009 Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing and testing.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 3 Slide 1 Software Processes l Coherent sets of activities for specifying, designing,
1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.
Protecting the Public, Astronauts and Pilots, the NASA Workforce, and High-Value Equipment and Property Mission Success Starts With Safety Believe it or.
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
Risk & Liability in Engineering. Source: On September 11, 2001, terrorists attacked the Twin Towers by flying two hijacked 727’s into them.
Intent Specification Intent Specification is used in SpecTRM
Software Testing and Quality Assurance Software Quality Assurance 1.
University of Sunderland COM369 Unit 6 COM369 Project Quality Unit 6.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.
Quality Assurance.
Safety-Critical Systems 7 Summary T V - Lifecycle model System Acceptance System Integration & Test Module Integration & Test Requirements Analysis.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.
PLC Workshop at ITER, 4-5 th of December 2014 A. Nordt, ESS, Lund/Sweden.
Fault Tolerance Benchmarking. 2 Owerview What is Benchmarking? What is Dependability? What is Dependability Benchmarking? What is the relation between.
Chapter 2 – Software Processes Lecture 1 Chapter 2 Software Processes1.
LECTURE 20 26/11/15. Summary - Testing ◦ Testing affects all stages of software engineering cycle ◦ One strategy is a bottom-up approach – class, integration,
Introduction to Software Engineering Syed Salman Ali B.E, MBA ( MIS, Mktg), PMP.
MEM 604: Social, Legal and Ethical Considerations for Engineering Managing Safety and Liability.
Ensuring the Safety of Future Developments
1 Software Testing and Quality Assurance Lecture 38 – Software Quality Assurance.
About Us! Rob StockhamBA IEng MIEE General Manager Moore Industries-Europe, Inc MemberIEE Honorary Secretary ISA England Institute of Directors DirectorThe.
Slide #18-1 Introduction to Assurance CS461/ECE422 Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and Science.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
An Integrated Model-Based Approach to System Safety and Aircraft System Architecture Development Eric Villhauer – Systems Engineer Brian Jenkins – System.
SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.
Software Engineering (CSI 321)
Integration Testing.
Ensuring the Safety of Future Developments
CIF301 Project Quality Unit 6
Preventing Medical Device Recalls
Baisc Of Software Testing
Software Verification and Validation
Software Verification and Validation
Software Verification and Validation
System analysis and design
CACHE L3 Supporting Teaching & Learning in Schools
Presentation transcript:

1 Reducing the Software Impact to System Safety Paul Mayo – SafeEng Limited

4 Contents System safety engineering Software’s contribution to system safety Software safety techniques

5 Safety –Ability of a system to avoid causing an accident Accident –Unintended event or sequence leading to harm Hazard –Situation that can lead to an accident Risk –Product of severity and likelihood of an undesired event Some Definitions

6

7 Accidents Highly Publicised System Failures Chernobyl Challenger Zeebrugge Piper Alpha Clapham / Southall / Ladbroke Grove Highly Publicised Software Failures Ariane 5 USS Yorktown V22 Osprey Patriot

8 Standards and Guidance Fundamental rethink Why comply with the standards? –To gain certification –Protection against personal liability –Protection against product liability –Protection against criminal law –To produce a safe system

9 Defence Standard History First standard in series was (begun in 1987) Developed because of concerns over emergence of safety-critical software Formal methods were receiving much support at the time So 00-55/1 was “technology forcing” FM standard

10 But when is software safety-critical? developed to answer this But safety is a SYSTEM property –so covered whole system and hardware as well and were first published as a pair of interim standards in 1991 Defence Standard History

11 The new standard is goal based That is, it says what you must do, not how you must do it The top-level goals are: 1. Identify the safety requirements 2. Show that the safety requirements are met Defence Standard - Current

12 Safety Requirements

13 So What’s Different About Software? Software doesn’t kill…. –Causes other devices to do it instead!

14 So What’s Different About Software?

15 So What’s Different About Software? Software doesn’t kill…. –Causes other devices to do it instead!

16 So What’s Different About Software? Software doesn’t kill…. –Causes other devices to do it instead!

17 Scope Safety related software –Concentrates on safety related software –Equal applicability to other critical software: Mission Security Business –Sometimes referred to as High Integrity Software –Safety should have the lead, but mission critical software may be the downfall of a major project

18 Scope All software of all provenance: –Bespoke –Legacy –SOUP –COTS –ASICs

19 So What’s Different About Software? Difficult to predict and quantify failure rates –Hardware - random failure –Software - systematic errors

20 Time Failures Random Failures

21 Time Failures Systematic Failures

22 Overview - key requirements All credible hazards and accidents are identified, the associated accident sequences are defined and the risks associated with them are determined Defect/failure reports and incident/accident/near-miss reports are monitored and remedial actions identified and implemented

23 Platform Systems Units Requirements Design & Decomposition Implementation Integration and Test Delivered Product Preliminary Hazard Analysis System Hazard Analysis System Safety Assessment Safety Case System Hazard Analysis V Life Cycle

24

25 Errors, Faults and Failures We want predictable software In designing and developing software, humans make errors These errors result in faults in the software If the faulty code is executed, this results in a failure

26 Software Assurance Primary causes of control system failure

27 What’s Different About Software? Why use it? –Flexibility –Functionality boom – complex systems –It’s (almost) free to reproduce Software is… –Inclusive of the design –A non tangible artefact

28 Software Assurance So how do you know the software is correct? –How do you stop faults manifesting themselves? Either –Don’t put the faults in (process)

29 Process Assurance The more rigorous the development, the less likely errors are Design reviews throughout ensure correct transition between phases Includes the use of formal methods to ensure correctness Extends to choice of language

30 Process Assurance Various ‘schemes’ attempt to provide an assurance of process –ISO , certification of QA process for software –Capability maturity model (CMM) –ARPs and DO178b, DO254...etc Aim to give a level of confidence about ability to develop a product –Not a guarantee about a specific product Need to back these up with involvement in product reviews

31 Software Assurance So how do you know the software is correct? –How do you stop faults manifesting themselves? Either –Don’t put the faults in (process) –Stop faults causing problem (fault tolerance)

32 Fault Tolerance Design system such that faults do not result in critical failures Use hardware to guard against software failure Design the software to tolerate faults –N-version programming –Recovery blocks –Exception handling –Defensive programming –Graceful Degradation –Fail-safe Design

33 Critical Failure

34 Software Assurance So how do you know the software is correct? –How do you stop faults manifesting themselves? Either –Don’t put the faults in (process) –Stop faults causing problem (fault tolerance) –Take them out at the end (test/analysis)

35 Software Testing/analysis Can not test every possible state of complex software Satisfactory operation for 1000 hrs gives –50% confidence of a further 1000 hrs operation –90% confidence of 100 hrs satisfactory operation To test complex software to 90% confidence of 1x10-6 per year failure rate would take approximately yrs

36 Software Testing/analysis Design out hazards through iterative analysis process at the earliest stages Testing/analysis of modules & integration Formal proof Static code analysis Black box / white box testing Accept that 100% testing of software is infeasible

37 Software Assurance So how do you know the software is correct? –How do you stop faults manifesting themselves? Either –Don’t put the faults in (process) –Stop faults causing problem (fault tolerance) –Take them out at the end (test/analysis) –Or all of the above...

38 What if you get it WRONG?

39 Safety Analysis is required to: –Underpin the safe development of a safe product –Provide process guidelines Variety of tools and techniques but be aware… Conclusion

40 Conclusion results of testing may not always be as they seem…

41 Paul Mayo Safety Consultant SafeEng Limited Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.