Risk analysis techniques and their application to software development

Abstract The past decade has seen a dramatic change in the emphasis of software to hardware. Whereas a project may have comprised 80% hardware and 20% software, the reverse is now generally more realistic. This has resulted in a great deal of interest focusing around the areas of quality metrics and reliability growth applied to the software lifecycle. Risk analysis has to date seen many applications in the assessment of hardware but little in the software area. This paper reviews the risk analysis techniques that have been developed in a range of industries. Progress in this area has been most apparent in the chemical and nuclear power industries where probabilistic risk assessment has been used to estimate the total risk associated with the whole plant. A discussion of the appropriateness of the techniques to software safety assessment is included together with an outline of the methods currently being used to detect software faults. Suggestions are made for a new methodology in analysing software safety.

[1]  Jonathan P. Bowen,et al.  Safety-critical systems, formal methods and standards , 1993, Softw. Eng. J..

[2]  H. I. Joschek Risk assessment in the chemical industries. Quantitative risk assessment is of little practical value to plant managers or design engineers. A German view , 1983 .

[3]  C. V. Ramamoorthy,et al.  Software Reliability—Status and Perspectives , 1982, IEEE Transactions on Software Engineering.

[4]  P. L. Goddard Validating the safety of embedded real-time control systems using FMEA , 1993, Annual Reliability and Maintainability Symposium 1993 Proceedings.

[5]  Nancy G. Leveson Building safe software , 1986 .

[6]  Peter G. Neumann,et al.  Some Computer-Related Disasters and Other Egregious Horrors , 1986, IEEE Aerospace and Electronic Systems Magazine.

[7]  Bev Littlewood Software reliability: achievement and assessment , 1987 .

[8]  A. E. Green,et al.  High risk safety technology , 1982 .

[9]  Peter Kafka,et al.  Advances in probabilistic safety assessment , 1992 .

[10]  Bev Littlewood,et al.  THE RISKS OF SOFTWARE , 1992 .

[11]  R. K. Bera Setting software requirements: scenario for future fighters , 1990 .

[12]  Nancy G. Leveson,et al.  Analysis of Faults in an N-Version Software Experiment , 1990, IEEE Trans. Software Eng..

[13]  M. Chudleigh Software and safety: how compatible are they? , 1990 .

[14]  S. J. Keene Assuring software safety , 1992, Annual Reliability and Maintainability Symposium 1992 Proceedings.

[15]  G. E. Cummings Application of the fault tree technique to a nuclear reactor containment system , 1974 .

[16]  S. Sancaktar,et al.  Use of probabilistic risk assessment and economic risk at the plant design stage , 1989 .

[17]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[18]  Michael O. Fryer Risk Assessment of Computer Controlled Systems , 1985, IEEE Transactions on Software Engineering.

[19]  Kurt Ernst Weil The anatomy of decisions , 1977 .

[20]  M. A. Ould Software development under Def Stan 00-55: a guide , 1990 .

[21]  Reuven R. Levary,et al.  Risk Assessment in a Chemical Storage Facility , 1984 .

[22]  Liliane Pintelon,et al.  Book reviewRisk: Analysis, assessment and management: Wiley, Chichester, 1992, 220 pages, £24.95 , 1994 .

[23]  Nancy G Leveson,et al.  Software safety: why, what, and how , 1986, CSUR.

[24]  Martin L. Shooman,et al.  Probabilistic Models for Software reliability Prediction , 1972, Statistical Computer Performance Evaluation.

[25]  V. M. Raina,et al.  Programmable Controller Fault Tree Models for Use in Nuclear Power Plant Risk Assessments , 1986 .

[26]  Colin M. Sorrill Risk Analysis for Large Projects: Models, Methods and Cases , 1987 .

[27]  P. O'Connor,et al.  Practical Reliability Engineering , 1981 .

[28]  Walter Freiberger,et al.  Statistical Computer Performance Evaluation , 1972 .

[29]  M. A. Friedman Automated software fault-tree analysis of Pascal programs , 1993, Annual Reliability and Maintainability Symposium 1993 Proceedings.

[30]  Nancy G. Leveson,et al.  An investigation of the Therac-25 accidents , 1993, Computer.

[31]  Nancy G. Leveson,et al.  Analyzing Software Safety , 1983, IEEE Transactions on Software Engineering.

[32]  W. A. Thompson,et al.  Point Process Models with Applications to Safety and Reliability , 1988 .

[33]  Nancy G. Leveson,et al.  Software safety in embedded computer systems , 1991, CACM.

[34]  Alan Borning,et al.  Computer system reliability and nuclear war , 1987, CACM.

[35]  Bev Littlewood,et al.  Stochastic Reliability-Growth: A Model for Fault-Removal in Computer-Programs and Hardware-Designs , 1981, IEEE Transactions on Reliability.

[36]  W. Lowrance,et al.  Of Acceptable Risk: Science and the Determination of Safety , 1976 .

[37]  R. Lauber INTRODUCTION INTO THE SUBJECT OF THE WORKSHOP , 1980 .

[38]  Mark A. Cunningham,et al.  Probabilistic safety assessment development in the United States 1972–1990 , 1993 .

[39]  Amrit L. Goel,et al.  Software Reliability Models: Assumptions, Limitations, and Applicability , 1985, IEEE Transactions on Software Engineering.

[40]  Douglas R. Miller,et al.  On the use and the performance of software reliability growth models , 1991 .

[41]  John Horgan,et al.  The Intellectual Warrior , 1992 .

[42]  P.K.D. Froome,et al.  Formal methods in the production and assessment of safety critical software , 1991 .

[43]  John D. Musa,et al.  A theory of software reliability and its application , 1975, IEEE Transactions on Software Engineering.

[44]  Donald J. Reifer,et al.  Software Failure Modes and Effects Analysis , 1979, IEEE Transactions on Reliability.

[45]  Nancy G. Leveson,et al.  Safety Analysis Using Petri Nets , 1987, IEEE Transactions on Software Engineering.

[46]  K Geary Beyond Good Practices — A Standard for Safety Critical Software , 1987 .

[47]  A. I. Bodner,et al.  Risk analysis of a sour gas pipeline using a personal computer , 1990 .

[48]  Erwin Schoitsch Software safety and software quality assurance in real-time applications Part 1. Software quality assurance and software safety (concepts and standardization efforts) , 1988 .

[49]  Norman J. McCormick,et al.  Reliability and risk analysis : methods and nuclear power applications , 1981 .

[50]  B. John Garrick,et al.  The approach to risk analysis in three industries: nuclear power, space systems, and chemical process , 1988 .

[51]  A. Bayer,et al.  The German Risk Study: Accident Consequence Model and Results of the Study , 1982 .

[52]  Nancy G. Leveson Software Safety in Computer-Controlled Systems , 1984, Computer.

[53]  Nancy G. Leveson Software Hazard Analysis Techniques , 1986 .

[54]  Raymond A. Freeman The use of risk assessment in the chemical industries , 1985 .

[55]  G. B. Finelli,et al.  The Infeasibility of Quantifying the Reliability of Life-Critical Real-Time Software , 1993, IEEE Trans. Software Eng..

[56]  M L Dourson,et al.  Safety/risk assessment of pesticides: principles, procedures and examples. , 1992, Toxicology letters.

[57]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.

[58]  Ernest J. Henley,et al.  Reliability engineering and risk assessment , 1981 .

[59]  A. Coghlan When bean means vaccines , 1992 .

[60]  Bruce A. Burton,et al.  The Reusable Software Library , 1987, IEEE Software.

[61]  Nancy G. Leveson,et al.  Safety Analysis of Ada Programs Using Fault Trees , 1983, IEEE Transactions on Reliability.

[62]  E Marshall NRC Takes a Second Look at Reactor Design. , 1980, Science.

[63]  John A. McDermid,et al.  Formal Methods: Use and Relevance for the Development of Safety-Critical Systems , 1992, Comput. J..

[64]  Russ Abbott,et al.  Resourceful systems for fault tolerance, reliability, and safety , 1990, CSUR.

[65]  P. Sawyer Software for safety , 1992 .

[66]  Richard E. Barlow,et al.  Reliability and fault tree analysis : theoretical and applied aspects of system reliability and safety assessment : papers , 1977 .

[67]  Nancy G. Leveson,et al.  Analyzing Safety and Fault Tolerance Using Time Petri Nets , 1985, TAPSOFT, Vol.2.

[68]  Cary Swoveland Risk Analysis of Regulatory Options for the Transport of Dangerous Commodities by Rail , 1987 .

[69]  E. J. Lerner Air traffic control: Automating U.S. air lanes: A review: The Federal Aviation Administration's new 20-year plan to modernize air traffic control faces rough weather , 1982, IEEE Spectrum.

[70]  Jeanne X. Kasperson,et al.  Perilous Progress: Managing The Hazards Of Technology , 1985 .

[71]  Z. Jelinski,et al.  Software reliability Research , 1972, Statistical Computer Performance Evaluation.

[72]  Robert L. Glass,et al.  Software reliability guidebook , 1979 .

[73]  Yoshihiro Tohma,et al.  The Estimation of Parameters of the Hypergeometric Distribution and Its Application to the Software Reliability Growth Model , 1991, IEEE Trans. Software Eng..

[74]  Raymond A. Freeman Problems with risk analysis in the chemical industry. A detailed examination of the theoretical and practical problems faced by the risk analyst in the study of a chemical plant , 1983 .

[75]  Nancy G. Leveson,et al.  The Consistent Comparison Problem in N-Version Software , 1989, IEEE Trans. Software Eng..

[76]  Nancy G. Leveson,et al.  Safety verification of Ada programs using software fault trees , 1991, IEEE Software.

[77]  B. K. Daniels Safety and reliability of programmable electronic systems , 1986 .

[78]  S. J. Cox,et al.  Reliability Safety and Risk Management: An Integrated Approach , 1991 .

[79]  S. Levine The role of risk assessment in the nuclear regulatory process , 1979 .