Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Acceptance: Direct Artifact Assurance William L. Scherlis Carnegie Mellon University Professor, School of Computer Science Director, CMU/NASA.

Published byElmer Russell Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Acceptance: Direct Artifact Assurance William L. Scherlis Carnegie Mellon University Professor, School of Computer Science Director, CMU/NASA."— Presentation transcript:

1 Software Acceptance: Direct Artifact Assurance William L. Scherlis Carnegie Mellon University Professor, School of Computer Science Director, CMU/NASA High Dependability Computing Program Director, CMU PhD Program in Software Engineering scherlis@cmu.edu 412-268-8741

2 Outline Problems Software test and inspection inadequate to assure dependability and security  Barriers in IT supply chain: off-the-shelf, outsourcing, etc.  Example: the real story of Ariane-5  Example: Windows device drivers and blue-screens Software acceptance Direct assurance of software Contrast: CMM and NIAP-CC Examples: MSR SLAM, CMU Fluid What’s new:  Deep technical results informed by engineering pragmatism  Focus on scalability, decomposition, usability

3 Assurance of critical properties— today’s best practice Interface barriers exist between producers * and consumers at all stages of an IT supply chain *Producers: Internal development groups; subcontractors/outsources/offshore; off-the-shelf; open source; etc. Problem: Testing, inspection, and design analysis are inadequate to assure security and dependability Symptom: Software failures and security defects Challenges: Subsystem decomposition, critical properties with non-locality in code, concurrency and non-determinism Some examples… Four barriers Contractor qualification Requirements definition Engineering acceptance “Second” sourcing Mitigation (today’s best practice) CMM / CMMI Close relationships Testing, inspection, design analysis API conventionalization

4 Examples: The inadequacy of test and inspection Ariane 5—mission critical Ariane 5 veered off course and exploded 40 seconds into its maiden flight due to software failure The failure was due to a known unhandled exception in the software—cost $1 billion Why? “Heritage Ariane 4 code” Trust in the legacy…it worked for Ariane 4 Distrust in defined criteria…too risky to modify “working” software even when it is known to be broken “Blue screen”—desktop Most occur due to faulty 3 rd party device driver code—but Microsoft “blamed” by users Reputational cost to Microsoft Windows OS 3 rd party device driver OS API with associated integrity constraints

5 Problem: Software acceptance in today’s practice Sources of software Internally developed Mission- or security-critical Differentiating capability Business logic Outsourced custom Whole solutions Separable subsystems Off-the-shelf components Windows, OS X, Office, Oracle Open source components Apache, Linux, Tomcat, etc Mobile code JavaScript in a web page MS Word document Free players, plug-ins “Cool screensaver” virus mail Spoofed executable enclosure Basis for accepting software Trust the source “Always trust content from __” Chain of trust – certificates Explicit test and inspection Custom and outsourced May be more costly than code development itself Limited privilege – containment Sandboxing for Java, scripts Verification of safety attributes Ada/Java type integrity Assert (often based on testing) Lack of awareness Spyware and adware Configuration mgt failures Little focus on direct assurance of software code and design artifacts …

6 Focus—direct assurance and evaluation best practice What’s needed: Direct assurance ( focused tools and ongoing research ) (technology-dependent; attribute focused) Assure the software itselfQuality, dependability, security ( objective analysis ) Contrast with accepted best practices for evaluation: CMM/CMMI ( ISO 9001x ) (timeless; comprehensive) Evaluate the teamCost and schedule predictability Evaluate the process( correlates with bug reduction ) NIAP/CC ( ISO 15408 ) ( including potential EAL 7 ) (timeless; comprehensive) Evaluate the processSecurity policy definition Evaluate the designDesign compliance Sample the product* (*sampled – no direct assurance )

7 Direct assurance—industry example: Microsoft SLAM for Windows XP http:// research.microsoft.com/slam /

8 Direct assurance—research example: CMU Fluid Assure diverse “mechanical” program properties for dependability and security E.g., race conditions, locking policy, unaliased references Detected numerous race conditions (and developed assured fixes) for widely used production software code E.g., Sun Java 1.4 library BufferedInputStream http://www.fluid.cs.cmu.edu Provide Java programmers with direct positive assurance of design intent Focused on incrementality of work and programmer early gratification

9 Direct assurance—conclusion Today’s software evaluation practices (testing, inspection, design analysis) are necessary but not sufficient to provide guarantees critical dependability and security attributes. Industry and lab evidence suggests that S&T focus on defect avoidance can yield useful results New analytical techniques for assurance are starting to emerge in research and industry The most recently developed industry tools are based on technical results of early 6.1 and 6.2 lab projects Focus on specific engineering attributes related to dependability and security A priori emphasis on scalability, component decomposition, and harmony with engineering best practices.

Download ppt "Software Acceptance: Direct Artifact Assurance William L. Scherlis Carnegie Mellon University Professor, School of Computer Science Director, CMU/NASA."

Similar presentations

Our Corporate Mission Quality Systems Management, Inc. (QSMI)

Our Corporate Mission Quality Systems Management, Inc. (QSMI)
Chapter 1: Introduction

Chapter 1: Introduction
Kai H. Chang COMP 6710 Course NotesSlide CMMI-1 Auburn University Computer Science and Software Engineering Capability Maturity Model Integration - CMMI.

Kai H. Chang COMP 6710 Course NotesSlide CMMI-1 Auburn University Computer Science and Software Engineering Capability Maturity Model Integration - CMMI.
Unit 2. Software Lifecycle

Unit 2. Software Lifecycle
Metrics for Process and Projects

Metrics for Process and Projects
1 Independent Verification and Validation Current Status, Challenges, and Research Opportunities Dan McCaugherty IV&V Program Manager Titan Systems Corporation.

1 Independent Verification and Validation Current Status, Challenges, and Research Opportunities Dan McCaugherty IV&V Program Manager Titan Systems Corporation.
OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 What is software? Software errors, faults and failures Classification.

OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 What is software? Software errors, faults and failures Classification.
27 September 1999 Crisis Management William L. Scherlis Carnegie Mellon University School of Computer Science.

27 September 1999 Crisis Management William L. Scherlis Carnegie Mellon University School of Computer Science.
CS 5150 1 CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.

CS CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.
Quality is about testing early and testing often Joe Apuzzo, Ngozi Nwana, Sweety Varghese Student/Faculty Research Day CSIS Pace University May 6th, 2005.

Quality is about testing early and testing often Joe Apuzzo, Ngozi Nwana, Sweety Varghese Student/Faculty Research Day CSIS Pace University May 6th, 2005.
SE 555 Software Requirements & Specification Requirements Validation.

SE 555 Software Requirements & Specification Requirements Validation.
CSE 219 COMPUTER SCIENCE III PROPERTIES OF HIGH QUALITY SOFTWARE.

CSE 219 COMPUTER SCIENCE III PROPERTIES OF HIGH QUALITY SOFTWARE.
 QUALITY ASSURANCE:  QA is defined as a procedure or set of procedures intended to ensure that a product or service under development (before work is.

 QUALITY ASSURANCE:  QA is defined as a procedure or set of procedures intended to ensure that a product or service under development (before work is.
Software Quality Assurance For Software Engineering && Architecture and Design.

Software Quality Assurance For Software Engineering && Architecture and Design.
Introduction to Software Testing

Introduction to Software Testing
IV&V Facility Model-based Design Verification IVV Annual Workshop September, 2009 Tom Hempler.

IV&V Facility Model-based Design Verification IVV Annual Workshop September, 2009 Tom Hempler.
OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality - continued So let’s move on to ‘exactly’ what we mean.

OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality - continued So let’s move on to ‘exactly’ what we mean.
Www.isealalliance.org Creating a world where environmental sustainability and social justice are the normal conditions of business www.isealalliance.org.

Creating a world where environmental sustainability and social justice are the normal conditions of business
Software Reliability: The “Physics” of “Failure” SJSU ISE 297 Donald Kerns 7/31/00.

Software Reliability: The “Physics” of “Failure” SJSU ISE 297 Donald Kerns 7/31/00.
PV213 EIS in Practice: 04 – Quality assurance1 PV213 Enterprise Information Systems in Practice 04 – Quality assurance.

PV213 EIS in Practice: 04 – Quality assurance1 PV213 Enterprise Information Systems in Practice 04 – Quality assurance.

Similar presentations

Ads by Google