Softwares Inoperable Interoperability Problem Jeffrey Voas, PhD - - PowerPoint PPT Presentation

software s inoperable interoperability problem
SMART_READER_LITE
LIVE PREVIEW

Softwares Inoperable Interoperability Problem Jeffrey Voas, PhD - - PowerPoint PPT Presentation

Sep 09, 2023 238 likes •570 views

Softwares Inoperable Interoperability Problem Jeffrey Voas, PhD President, IEEE Reliability Society, 2003-2004 IT Professional Associate Editor-in-Chief, IEEE IT Pro Magazine IT What is a Standard? Simply a line in the sand from

slide-1
SLIDE 1

Software’s “Inoperable” Interoperability Problem

Jeffrey Voas, PhD President, IEEE Reliability Society, 2003-2004 Associate Editor-in-Chief, IEEE IT Pro Magazine

IT IT Professional

slide-2
SLIDE 2

Simply a line in the sand from which a certificate of compliance or non-compliance can occur. Standards and Certification are inseparable. What is a Standard?

slide-3
SLIDE 3

Premise for Software Certification Standards

Third party software should be tagged with some guarantee (or at least a “warm fuzzy”) as to how “good” the software is, i.e., a certificate Problem: Software Of Unknown Pedigree (SOUP) Goal of Certification: Software of Known Pedigree Problem: What is “good enough” software?

slide-4
SLIDE 4

Three Key Messages That a Certificate Can Convey

n

Compliance with standards vs.

n

Fitness for purpose vs.

n

Compliance with the requirements

slide-5
SLIDE 5

Information to Support Certificates

Information to support the creation of certificates should be based on an claims-evidence-arguments framework, much as is done in courts of law.

slide-6
SLIDE 6

Standards are Not Perfect

n Vague: Develop software that only does "good" things n Common sense "dos" and "don'ts" - Very watered done by

voting time

n Disclaimers by publishing organizations n Profitable to organization that publishes them n Used only if mandated n Return-on-investment is un-quantified n Thwart intellectual creativity n "Protectionist" legislation n Paperwork n 2167A: ~400 English words per Ada code statement n "Old news" before being ratified n Relating one to another is very hard n Hundreds in existence

slide-7
SLIDE 7

Standards are Not Perfect (cont)

n Different interpretations n Process certifications are just documentation checks unless

personnel remain on site during the project

n Re-certification n Client: over 300 mods to a safety-critical medical device that

never requested re-certification for any of those mods.

n Cannot be easily tested for compliance n Mis-certifications are common n Lack of fairness during certification judgment n FDA Center for Devices and Radiological Health (CDRH) n So much legacy functionality exists that complies with no

standards yet still gets integrated, making it’s impact to the system unknown.

n WAAS

slide-8
SLIDE 8

“A consumer [patient] may not be able to assess accurately whether a particular drug is safe, but [they] can be reasonably confident that drugs obtained from approved sources have the endorsement of the U.S. Food and Drug Administration (FDA) which confers important safety information. Computer system trustworthiness has nothing comparable to the FDA. The problem is both the absence of standard metrics and a generally accepted organization that could conduct such

  • assessments. There is no Consumer Reports for

Trustworthiness.”

[Source: “Trust in Cyberspace,” National Academy of Sciences report, National Academy Press, 1998.]

State-of-the-Practice/Art

slide-9
SLIDE 9

All cert. standards incorporate

  • ne or more
  • f these

perspectives All cert. standards incorporate

  • ne or more
  • f these

perspectives

Three Schools of Thought

Processes Products People

slide-10
SLIDE 10
  • 1. Process: Clean Pipes, Dirty Water?

Certifying that you know how to do things correctly does not mean that you do them correctly! Certifying that you Certifying that you know how to do know how to do things correctly does things correctly does not mean that you do not mean that you do them correctly! them correctly!

slide-11
SLIDE 11

On a positive note, process improvement schemes at least, from an acquisition standpoint, alleviate some of the concerns associated with SOUP

slide-12
SLIDE 12

The IEEE Computer Society has developed a program to certify software engineering

  • professionals. This program provides

formal recognition of professionals who have successfully achieved a level of proficiency commonly accepted and valued by the industry.

  • 2. People
slide-13
SLIDE 13

What does process maturity and personnel accreditation say specifically about how the software will behave in the future?

Serious Question

slide-14
SLIDE 14
  • 3. Product: The Software Itself

Spectrum of possibilities as to what a certificate proclaiming that some “quantified” level of quality has been built in could state --- it could say anything in the range between “Nothing” (e.g., “here is a piece of software”, etc.) to “This software will always work perfectly under all conditions” (i.e., a 100% guarantee of perfection).

0% 0% confidence confidence 100% 100% confidence confidence

slide-15
SLIDE 15

And So How Should a Certification

Standard Be Created?

slide-16
SLIDE 16

What Attribute is Being Certified?

n

Reliability?

n RTCA’s DO178B (FAA) n

That the degree of testing done was appropriate?

n RTCA’s DO178B (FAA) n

Safety?

n System (process) vs. component (product) safety n IEC 61508 vs. UL 1998 n

Security?, Availability?, Fault Tolerance? Performance?, etc.

n

That certain development procedures were followed?

n SEI Capability Maturity Model n ISO 900x

slide-17
SLIDE 17

Interoperability

Attribute #1

slide-18
SLIDE 18

QoS Attributes

Reliable/ Accurate Secure/ private Timeliness Software Interoperability

reliability security performance availability privacy fault tolerance fault tolerance confidentiality intrusion tolerance testability

Non-functional QoS attributes (“ilities”) Functional Attributes

slide-19
SLIDE 19

Position Statement

Software’s Interoperability is some combination of: (1) the degree to which the functional requirements are met, as well as, (2) the degree to which the non-functional requirements are met.

slide-20
SLIDE 20

Two Components

ξ

ψ

slide-21
SLIDE 21

With Attributes

ξ

ψ

ξ has the following properties:

(

(a aR R, , b bP P, , c cF F, , d dSa Sa, , e eSe Se, , f fA A, , g gT T, , h hM M) )

ψ has the following properties:

(

(i iR R, , j jP P, , k kF F, , l lSa Sa, , m mSe Se, , n nA A, , o

  • T

T, , p pM M) )

slide-22
SLIDE 22

What Have You Got?

ξ

ψ

Then F(ξ ο ψ) will inherit some level of Quality of Service (QoS) from the individual components. Is that level of quality an integer? Probability? An n-tuple of values? Color coded (green red yellow)? Key Point: The composite QoS must represent something from which predictions of future behavior can be made.

slide-23
SLIDE 23

Difficult Because …

QoS attributes have little meaning in terms of their ability to be measured and traded off until they are defined in the context of the target system, i.e., their environment.

slide-24
SLIDE 24

Environment E1

QoS

Input Availability Security Safety Reliability Performance Fault Tolerance Testability Maintainability

slide-25
SLIDE 25

Environment E’2

QoS?

Environment E’1

QoS

Environment E1 QoS

?

Environment E’3

QoS?

slide-26
SLIDE 26

The following 8 characteristics must be considered: (1) compos-ability, (2) predictability, (3) attribute measurement, (4) QoS attribute trade-off analysis (technical and economic), (5) fault tolerance and non- interference analysis, (6) requirements trace-ability, (7) access to pre-qualified components, and (8) precise bounding of software’s mission, environment, and threat space.

Bottom Line for Certification of Software Interoperability

slide-27
SLIDE 27

Safety

Attribute #2

slide-28
SLIDE 28

Certifying Code Safety Properties

System hazards

Top-Level Top-Level Design Design Code Code

Functional software requirements + Software output mode“must nots” (software hazards)

I dentify Critical Requirements I dentify Critical Requirements Design Critical Modules Design Critical Modules

Design Design Non-critical Modules Non-critical Modules Software Requirements Specification

Code Code Safety Firewall Safety Firewall

System Hazard Analysis System Hazard Analysis

slide-29
SLIDE 29

Top-Level Top-Level Design Design

Safety Firewall Safety Firewall

Code Code

Functional software requirements + Software output mode“must nots” (software hazards)

I dentify Critical Requirements I dentify Critical Requirements Design Critical Modules Design Critical Modules

Design Design Non-critical Modules Non-critical Modules Software Requirements Specification

Code Code

Certifying Firewall Properties

System hazards

System Hazard Analysis System Hazard Analysis

slide-30
SLIDE 30

System Hazard Analysis System Hazard Analysis

Top-Level Top-Level Design Design

Safety Firewall Safety Firewall

Code Code

Functional software requirements + Software output mode“must nots” (software hazards)

I dentify Critical Requirements I dentify Critical Requirements Design Critical Modules Design Critical Modules

Design Design Non-critical Modules Non-critical Modules Software Requirements Specification

Code Code

Certifying All Safety Properties

System hazards

slide-31
SLIDE 31

Closing Thoughts

  • 1. Standards and certification are inseparable in order to achieve the
  • 1. Standards and certification are inseparable in order to achieve the

goal of interoperable and safe behavior goal of interoperable and safe behavior

  • 2. Product certification is distinct from process certification and
  • 2. Product certification is distinct from process certification and

personnel accreditation personnel accreditation

  • 3. The blending of existing standards, collecting quantifiable metrics,
  • 3. The blending of existing standards, collecting quantifiable metrics,

defining precisely what defining precisely what QoS QoS attributes are warranted, and defining attributes are warranted, and defining what a certificate implies or does not imply is pivotal to believable what a certificate implies or does not imply is pivotal to believable certificates. certificates.

  • 4. “You cannot improve what you cannot measure” – Lord Kelvin
  • 4. “You cannot improve what you cannot measure” – Lord Kelvin
slide-32
SLIDE 32

Recommended References

  • Software Safety and Reliability

Software Safety and Reliability, Debra S. Herrmann, IEEE Computer , Debra S. Herrmann, IEEE Computer Society Press, 1999. Society Press, 1999.

  • Software Engineering Standards

Software Engineering Standards, James W. Moore, IEEE Computer , James W. Moore, IEEE Computer Society Press, 1998. Society Press, 1998.

  • Guide to Software Engineering Standards and Specifications

Guide to Software Engineering Standards and Specifications, Stan , Stan Magee and Leonard L. Tripp, Magee and Leonard L. Tripp, Artech Artech House, 1997. House, 1997.

  • UL 1998

UL 1998

  • RTCA DO-178B

RTCA DO-178B

  • J. Voas, F.
  • J. Voas, F. Charron

Charron, and L. , and L. Beltracchi Beltracchi, “Error Propagation analysis , “Error Propagation analysis studies in a Nuclear Research Code”, studies in a Nuclear Research Code”, Proceedings of the 1998 IEEE Proceedings of the 1998 IEEE Aerospace Conference Aerospace Conference, Snowmass, CO. , Snowmass, CO.

  • IEEE Educational Activities Department video: Software Reliability

IEEE Educational Activities Department video: Software Reliability

  • IEEE Educational Activities Department video: Software Safety

IEEE Educational Activities Department video: Software Safety

  • IEEE Educational Activities Department video: Software Testing

IEEE Educational Activities Department video: Software Testing