[SystemSafety] Collected stopgap measures

John Howard john.howard at ieee.org
Fri Nov 2 15:57:09 CET 2018 

I too am just beginning and would find something like this useful.
Just for a point of reference. I am currently taking a "Software Systems
Engineering" class towards my Masters in Systems Engineering, and here are
some notes I captures from our one and only lesson on V&V for Safety
Critical Software.

I'd be interested to know what the experts on this list think of this (how
complete is it?).

Also, does anyone know of good courses that teach this stuff?

V&V Methods for Software in Safety Critical Systems

Static Analysis

-        Formal methods (Mathematical Proof)

o   Need specialized notations, and can be very expensive

o   May be able achieve same level of rigor without such expensive methods

-        Model Checking

o   Use a state machine model of the system

o   Valuable for concurrent systems

o   Tools today are practical for small to medium systems

-        Automated static analysis

o   Tools which analyze source code

o   Code as a supplement to but not a replacement for code inspections

o   Can add your own rules and for enforcing coding styles

o   Valuable for identifying specific security issues

Reliability Testing

-        Four validation activities:

o   Establish the operational profile for the system

§  Identify classes of system inputs and the probability that these inputs
will occur in normal use

o   Construct test data reflecting this operational profile

o   Test the system and observe the number of failures and the times of
these failures

o   Compute the reliability after a statistically significant number of
failures have been observed

Security Testing

-        Experience Based validation testing (against known attacks)

-        Tiger-teams (a form of experience based testing)

-        Tool based validation testing (experience is embodied in the tools
themselves)

-        Formal verification

-        Static analysis can be used to supplement security testing

Process assurance

-        Dependability is assured because the processes which ensure
dependability are followed throughout software development.

o   Do we have the right process?

o   Are we doing the process right?

-        Generated a lot of documentary evidence

-        Examples include:

o   Creation of a hazard monitoring and logging system that traces hazards
through analysis, testing, and V&V

o   Appointment of project safety engineers that have explicit
responsibility for the safety of the system

o   Extensive use of safety reviews

o   Creation of a safety certification system where safety critical
components are formally verified

o   Detailed Configuration Management




On Thu, Nov 1, 2018 at 1:37 PM Tim Schürmann <
tschuerm at techfak.uni-bielefeld.de> wrote:

> From the viewpoint of somebody still in the beginning:
>
> I wold love to have something like this.
>
> May it even be just a list of references, papers, "does and don't does"
> or alike..
>
> Kind regards
>
> Tim
>
>
> On 01.11.2018 16:34, Olwen Morgan wrote:
> >
> > One thing that I sense (maybe wrongly?) from recent traffic is that a
> > goodly few of us use our own favourite techniques to help plug the
> > holes in weak development practices. Cut-down structured and OO
> > methods seem to be a case in point. I'm sure there are others.
> >
> > Might there be some benefit in gathering here the tricks that many of
> > us may have used when faced with inadequate processes. Call me
> > simple-minded (many have called me worse) but I'm wondering if there
> > would be value in what might be called a "Software Process Cookbook"
> > of "Software Process Checklists" for high-integrity developments.
> >
> > True, I'd prefer something direct, technical and possibly rather dry
> > but I'm thinking here about an appealing format. I'm wondering if
> > something like a cookbook or "for Dummies" format would appeal to
> > people who would otherwise never go near the sources that they need to
> > be accessing to help them do the job better.
> >
> >
> > Just a thought,
> >
> > Olwen
> >
> >
> > _______________________________________________
> > The System Safety Mailing List
> > systemsafety at TechFak.Uni-Bielefeld.DE
> > Manage your subscription:
> > https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription:
> https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>


-- 
John Howard
Sr. Systems Engineer
Robotic Research LLC <https://www.roboticresearch.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181102/3015952a/attachment-0001.html>

More information about the systemsafety mailing list