Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Engineering for Safety: a Roadmap

Published by冲 麻 Modified over 5 years ago

Similar presentations

Presentation on theme: "Software Engineering for Safety: a Roadmap"— Presentation transcript:

1 Software Engineering for Safety: a Roadmap
Ahmad Alsawi Dapeng Xie Vladimir Jakobac

2 Motivation Software become an integral part of many safety-critical systems “The Nation depends on fragile software”… more work needed More and more safety-critical systems are built Motivation for software engineering for safty The demand is increasing as the number of embedded software in safety-critical system increases 4/18/2019

3 You Can’t Compromise 4/18/2019

4 Some Issues in SE4Safty Hazard analysis
Safety requirement specifications Designing for safety Testing Certifications & standards 4/18/2019

5 Hazard Analysis Core of safe systems development Analysis
severity of effects Likelihood of occurrence Decide which hazard to avoid or handled Identify s/w component that can contribute or prevent hazards Generate a set of safety constraints and requirements Hazards: states that can lead to an accident Accident: unplanned events Forward analysis methods to identify the possibly hazardous effects of failure Backward analysis mehtods to investigate if the hypothesized failure is credible 4/18/2019

6 Req. Specification and Analysis
Check safety properties are preserved Formal specification (allow automation) Req. are internally consistent All data are used, all states are reachable Interactive theorem provers, model checkers [wrong] 1st identify critical s/w component then analyze if hazard level acceptable 4/18/2019

7 Designing for Safety Design trade offs:
Time to market, features, budget, … Will fault tolerant feature causes another hazardous condition? Vulnerability to simple design errors Tend to neglect small errors “small errors have small consequences” is not true in s/w Limited use of known design techniques Practitioners are not disciplined! Small error e.g. Mars climate orbiter spacecraft Do not follow the rules: Aegis missiles cruiser, avoid bad data by operator manual intervention 4/18/2019

8 Current State Testing: It is very important in both:
. Development of safe system . Certification of safe system Assumption: . About environment . About users . About operation A new approach 4/18/2019

9 Current State (cont.) Certification and Standards: Certification:
. More complicated . Less well-defined Standards: . Issue: what standards are appropriate for large, safety-critical systems composed of subsystem from different domains. . Problems: a.) lack of guidance in existing standards b.) poor integration of software issues with system safety c.) heavy burden of making a safety case for certification . Recommendation: a.) classifying and evaluating standards according to products, process and resources b.) constructing domain specific standards for products. 4/18/2019

10 Current State (cont.) Resources: . Book a.) Safeware by N. Leveson
b.) Software Safety and Reliability by D.S. Hermann . Website a.) Bowen’s website “Safety-Critical Systems” b.) a recent IEEE video on the subject: “Developing software for safety critical systems” 4/18/2019

11 Directions for future work
Integration of informal and formal methods . Three important working area a.) automatic translation of informal notation into formal models. b.) lightweight formal methods. c.) integration of previously distinct formal methods. 4/18/2019

12 Directions… (cont.) Constraints on safe product families and safe reuse . Two research areas. a.) Safety analysis of product families. . A major goal. b.) Safe reuse of COTS software . Two problems. 4/18/2019

13 Directions… (cont.) Testing and evaluation Runtime monitoring
use of requirements-based testing evaluation from multiple sources model consistency testing virtual environment simulations Runtime monitoring Improve the testing and evaluation through: the use of reqs. Often, in practice, additional safety requirements are discovered during design or integration testing, especially from testing of prototypes Include Domain Experts, Independent Verification and Validation. Not only that software does what it is supposed to do, but that it cannot do what it is not supposed to do. Use runtime monitoring - Detection of hazardous states Well suited to monitoring for known, hazardous conditions Remote agent software can diagnose broader mismatches between expected and actual behavior and recommend recovery action (figure) 4/18/2019

14 Directions… (cont.) Education Related areas
more scientific university courses textbooks Related areas safety – a subset of survivability, security? software architecture human factors engineering safety - freedom from accidents or losses; threats to life or property; focuses on well intended actions; preventing more general malicious activities; security - threats to privacy or national security; focuses on malicious actions; preventing unauthorized access. survivability - is the ability to satisfy certain specified critical requirements (for example, security, reliability, real-time responsiveness, and correctness), in the face of adverse conditions. In some cases, survivability may require reconfigurability, interoperability, etc. Software architecture: safety consequences of product lines Human factors: formal specification of mental models in order to have more accurate safety requirements… 4/18/2019

15 Software Fault Tree Analysis
hazard events represented by nodes AND/OR gates domino effect errors in the requirements phase automated analysis with human interaction example taken from: 4/18/2019

16 The Way Forward Placing too much reliance on probabilistic risk assessment is unwise Building safety into a system instead of adding protection devices Safety is a system problem Automate the process of safety analysis Tools able to evolve dynamically over time Building safety into a system will be much more effective than adding protection devices onto a completed design. The earlier safety is considered in the development process, the better will be the results. Safety is a system problem and can only be solved by experts in different disciplines working together. Software engineers must understand SYSTEM safety concepts and techniques. 4/18/2019

Download ppt "Software Engineering for Safety: a Roadmap"

Similar presentations

What is software? Computer programs and associated documentation

What is software? Computer programs and associated documentation
Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
Software Processes Coherent sets of activities for specifying, designing, implementing and testing software systems.

Software Processes Coherent sets of activities for specifying, designing, implementing and testing software systems.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
Software Testing and Quality Attributes Software Testing Module (0721430) Dr. Samer Hanna.

Software Testing and Quality Attributes Software Testing Module ( ) Dr. Samer Hanna.
1 Independent Verification and Validation Current Status, Challenges, and Research Opportunities Dan McCaugherty IV&V Program Manager Titan Systems Corporation.

1 Independent Verification and Validation Current Status, Challenges, and Research Opportunities Dan McCaugherty IV&V Program Manager Titan Systems Corporation.
Software Engineering for Real- Time: A Roadmap H. Kopetz. Technische Universitat Wien, Austria Presented by Wing Kit Hor.

Software Engineering for Real- Time: A Roadmap H. Kopetz. Technische Universitat Wien, Austria Presented by Wing Kit Hor.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 4 Slide 1 Software Process Models.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 4 Slide 1 Software Process Models.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.

Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
1 Software Testing and Quality Assurance Lecture 1 Software Verification & Validation.

1 Software Testing and Quality Assurance Lecture 1 Software Verification & Validation.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Software Quality Assurance For Software Engineering && Architecture and Design.

Software Quality Assurance For Software Engineering && Architecture and Design.
Introduction to Software Testing

Introduction to Software Testing
Chapter 3 Software Processes.

Chapter 3 Software Processes.
What Exactly are the Techniques of Software Verification and Validation www.softwaretestinggenius.com A Storehouse of Vast Knowledge on Software Testing.

What Exactly are the Techniques of Software Verification and Validation A Storehouse of Vast Knowledge on Software Testing.
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.

Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Problems with reuse – Increased maintenance costs; lack of tool support; not-invented- here syndrome; creating, maintaining, and using a component library.

Problems with reuse – Increased maintenance costs; lack of tool support; not-invented- here syndrome; creating, maintaining, and using a component library.

Similar presentations

Ads by Google