Presentation is loading. Please wait.

Presentation is loading. Please wait.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

Published byKristin Hawks Modified over 9 years ago

Similar presentations

Presentation on theme: "©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2."— Presentation transcript:

1 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2

2 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 2 Safety assurance l Safety assurance and reliability measurement are quite different: Within the limits of measurement error, you know whether or not a required level of reliability has been achieved; However, quantitative measurement of safety is impossible. Safety assurance is concerned with establishing a confidence level in the system.

3 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 3 Safety confidence l Confidence in the safety of a system can vary from very low to very high. l Confidence is developed through: Past experience with the company developing the software; The use of dependable processes and process activities geared to safety; Extensive V & V including both static and dynamic validation techniques.

4 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 4 Safety reviews l Review for correct intended function. l Review for maintainable, understandable structure. l Review to verify algorithm and data structure design against specification. l Review to check code consistency with algorithm and data structure design. l Review adequacy of system testing.

5 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 5 Review guidance l Make software as simple as possible. l Use simple techniques for software development avoiding error-prone constructs such as pointers and recursion. l Use information hiding to localise the effect of any data corruption. l Make appropriate use of fault-tolerant techniques but do not be seduced into thinking that fault-tolerant software is necessarily safe.

6 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 6 Safety arguments l Safety arguments are intended to show that the system cannot reach in unsafe state. l These are weaker than correctness arguments which must show that the system code conforms to its specification. l They are generally based on proof by contradiction Assume that an unsafe state can be reached; Show that this is contradicted by the program code. l A graphical model of the safety argument may be developed.

7 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 7 Construction of a safety argument l Establish the safe exit conditions for a component or a program. l Starting from the END of the code, work backwards until you have identified all paths that lead to the exit of the code. l Assume that the exit condition is false. l Show that, for each path leading to the exit that the assignments made in that path contradict the assumption of an unsafe exit from the component.

8 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 8 Insulin delivery code

9 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 9 Safety argument model

10 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 10 Program paths l Neither branch of if-statement 2 is executed Can only happen if CurrentDose is >= minimumDose and <= maxDose. l then branch of if-statement 2 is executed currentDose = 0. l else branch of if-statement 2 is executed currentDose = maxDose. l In all cases, the post conditions contradict the unsafe condition that the dose administered is greater than maxDose.

11 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 11 Process assurance l Process assurance involves defining a dependable process and ensuring that this process is followed during the system development. l As discussed in Chapter 20, the use of a safe process is a mechanism for reducing the chances that errors are introduced into a system. Accidents are rare events so testing may not find all problems; Safety requirements are sometimes ‘shall not’ requirements so cannot be demonstrated through testing.

12 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 12 Safety related process activities l Creation of a hazard logging and monitoring system. l Appointment of project safety engineers. l Extensive use of safety reviews. l Creation of a safety certification system. l Detailed configuration management (see Chapter 29).

13 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 13 Hazard analysis l Hazard analysis involves identifying hazards and their root causes. l There should be clear traceability from identified hazards through their analysis to the actions taken during the process to ensure that these hazards have been covered. l A hazard log may be used to track hazards throughout the process.

14 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 14 Hazard log entry

15 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 15 Run-time safety checking l During program execution, safety checks can be incorporated as assertions to check that the program is executing within a safe operating ‘envelope’. l Assertions can be included as comments (or using an assert statement in some languages). Code can be generated automatically to check these assertions.

16 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 16 Insulin administration with assertions

17 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 17 Security assessment l Security assessment has something in common with safety assessment. l It is intended to demonstrate that the system cannot enter some state (an unsafe or an insecure state) rather than to demonstrate that the system can do something. l However, there are differences Safety problems are accidental; security problems are deliberate; Security problems are more generic - many systems suffer from the same problems; Safety problems are mostly related to the application domain

18 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 18 Security validation l Experience-based validation The system is reviewed and analysed against the types of attack that are known to the validation team. l Tool-based validation Various security tools such as password checkers are used to analyse the system in operation. l Tiger teams A team is established whose goal is to breach the security of the system by simulating attacks on the system. l Formal verification The system is verified against a formal security specification.

19 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 19 Security checklist

20 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 20 Safety and dependability cases l Safety and dependability cases are structured documents that set out detailed arguments and evidence that a required level of safety or dependability has been achieved. l They are normally required by regulators before a system can be certified for operational use.

21 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 21 The system safety case l It is now normal practice for a formal safety case to be required for all safety-critical computer-based systems e.g. railway signalling, air traffic control, etc. l A safety case is: A documented body of evidence that provides a convincing and valid argument that a system is adequately safe for a given application in a given environment. l Arguments in a safety or dependability case can be based on formal proof, design rationale, safety proofs, etc. Process factors may also be included.

22 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 22 Components of a safety case

23 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 23 Argument structure

24 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 24 Insulin pump argument

25 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 25 Claim hierarchy

26 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 26 Key points l Safety arguments or proofs are a way of demonstrating that a hazardous condition can never occur. l It is important to have a dependable process for safety-critical systems development. The process should include hazard identification and monitoring activities. l Security validation may involve experience-based analysis, tool-based analysis or the use of ‘tiger teams’ to attack the system. l Safety cases collect together the evidence that a system is safe.

Download ppt "©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2."

Similar presentations

©Ian Sommerville 2000CS 365 Critical Systems ValidationSlide 1 Chapter 21 Critical Systems Validation.

©Ian Sommerville 2000CS 365 Critical Systems ValidationSlide 1 Chapter 21 Critical Systems Validation.
1 Note content copyright © 2004 Ian Sommerville. NU-specific content copyright © 2004 M. E. Kabay. All rights reserved. Critical Systems Validation IS301.

1 Note content copyright © 2004 Ian Sommerville. NU-specific content copyright © 2004 M. E. Kabay. All rights reserved. Critical Systems Validation IS301.
Configuration management

Configuration management
Chapter 15 Dependability and Security Assurance Lecture 1 1Chapter 15 Dependability and Security Assurance.

Chapter 15 Dependability and Security Assurance Lecture 1 1Chapter 15 Dependability and Security Assurance.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.
Software system modeling

Software system modeling
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation.
Critical Systems Validation CIS 376 Bruce R. Maxim UM-Dearborn.

Critical Systems Validation CIS 376 Bruce R. Maxim UM-Dearborn.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
©Ian Sommerville 2000Software Engineering. Chapter 22Slide 1 Chapter 22 Verification and Validation.

©Ian Sommerville 2000Software Engineering. Chapter 22Slide 1 Chapter 22 Verification and Validation.
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.

1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
Soft. Eng. II, Spr. 02Dr Driss Kettani, from I. Sommerville1 CSC-3325: Chapter 6 Title : The Software Quality Reading: I. Sommerville, Chap: 24.

Soft. Eng. II, Spr. 02Dr Driss Kettani, from I. Sommerville1 CSC-3325: Chapter 6 Title : The Software Quality Reading: I. Sommerville, Chap: 24.
Critical systems development

Critical systems development
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation.

Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 10 Slide 1 Formal Specification.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 10 Slide 1 Formal Specification.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Verification and Validation.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Verification and Validation.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems.
Chapter 24 - Quality Management 1Chapter 24 Quality management.

Chapter 24 - Quality Management 1Chapter 24 Quality management.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management 1.

Similar presentations

Ads by Google