Building dependability arguments for software intensive systems

A method is introduced for structuring and guiding the development of end-to-end dependability arguments. The goal is to establish high-level requirements of complex software-intensive systems, especially properties that cross-cut normal functional decomposition. The resulting argument documents and validates the justification of system-level claims by tracing them down to component-level substantiation, such as automatic code analysis or cryptographic proofs. The method is evaluated on case studies drawn from the Burr Proton Therapy Center, operating at Massachusetts General Hospital, and on the Pret a Voter cryptographic voting system, developed at the University of Newcastle. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)

[1]  William E. Lorensen,et al.  Object-Oriented Modeling and Design , 1991, TOOLS.

[2]  Tim Kelly,et al.  Defining and Decomposing Safety Policy for Systems of Systems , 2005, SAFECOMP.

[3]  M. Rodriguez,et al.  Making formal methods practical , 2000, 19th DASC. 19th Digital Avionics Systems Conference. Proceedings (Cat. No.00CH37126).

[4]  Thomas E. Bell,et al.  Software requirements: Are they really a problem? , 1976, ICSE '76.

[5]  Mats Per Erik Heimdahl,et al.  Specification-based prototyping for embedded systems , 1999, ESEC/FSE-7.

[6]  Manu Sridharan,et al.  A micromodularity mechanism , 2001, ESEC/FSE-9.

[7]  Jon G. Hall,et al.  Problem Oriented Software Engineering: A design-theoretic framework for software engineering , 2007, Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007).

[8]  Ronald L. Rivest,et al.  Scratch & vote: self-contained paper-based cryptographic voting , 2006, WPES '06.

[9]  Peter Y. A. Ryan,et al.  Prêt à Voter with Re-encryption Mixes , 2006, ESORICS.

[10]  Mats Per Erik Heimdahl,et al.  Safety and Software Intensive Systems: Challenges Old and New , 2007, Future of Software Engineering (FOSE '07).

[11]  Helen M. Edwards,et al.  Problem frames: analyzing and structuring software development problems , 2002, Softw. Test. Verification Reliab..

[12]  Nancy G. Leveson Intent Specifications: An Approach to Building Human-Centered Specifications , 2000, IEEE Trans. Software Eng..

[13]  D.,et al.  The Semantics of Data Flow DiagramsP , 1993 .

[14]  John Mylopoulos,et al.  On formal requirements modeling languages: RML revisited , 1994, Proceedings of 16th International Conference on Software Engineering.

[15]  Jon G. Hall,et al.  Deriving specifications from requirements through problem reduction , 2006, IEE Proc. Softw..

[16]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[17]  Daniel Jackson,et al.  Requirement Progression in Problem Frames Applied to a Proton Therapy System , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[18]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[19]  Donald A. Norman,et al.  Design rules based on analyses of human error , 1983, CACM.

[20]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.

[21]  Maciej Koutny,et al.  Opacity generalised to transition systems , 2005, International Journal of Information Security.

[22]  Clifton A. Ericson,et al.  Failure Mode and Effects Analysis , 2005 .

[23]  Axel van Lamsweerde,et al.  Deriving operational software specifications from system goals , 2002, SIGSOFT '02/FSE-10.

[24]  Trevor Kletz,et al.  Human problems with computer control , 1982 .

[25]  Ronald E. Goans,et al.  REAC/TS radiation accident registry. Update of accidents in the United States , 2000 .

[26]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[27]  Michael Jackson,et al.  Separating Concerns in Requirements Analysis: An Example , 2006, RODIN Book.

[28]  John Mylopoulos,et al.  Goal-oriented requirements analysis and reasoning in the Tropos methodology , 2005, Eng. Appl. Artif. Intell..

[29]  Brian Randell,et al.  Voting Technologies and Trust , 2006, IEEE Security & Privacy.

[30]  Nancy G. Leveson,et al.  A systems-theoretic approach to safety in software-intensive systems , 2004, IEEE Transactions on Dependable and Secure Computing.

[31]  Ronald L Rivest,et al.  On the notion of ‘software independence’ in voting systems , 2008, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[32]  Nancy G. Leveson,et al.  An investigation of the Therac-25 accidents , 1993, Computer.

[33]  Viktor Kuncak,et al.  Hob: A Tool for Verifying Data Structure Consistency , 2005, CC.

[34]  Robin C. Laney,et al.  Using Problem Frames and projections to analyze requirements for distributed systems , 2004 .

[35]  Marco Hollenberg,et al.  Logical questions concerning the μ-calculus: Interpolation, Lyndon and Łoś-Tarski , 2000, Journal of Symbolic Logic.

[36]  Philippe Massonet,et al.  GRAIL/KAOS: An Environment for Goal-Driven Requirements Engineering , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[37]  Ronald L. Rivest,et al.  On Estimating the Size and Confidence of a Statistical Audit , 2007, EVT.

[38]  Daniel Jackson,et al.  Critical feature analysis of a radiotherapy machine , 2005, Reliab. Eng. Syst. Saf..

[39]  Jon G. Hall,et al.  A problem-oriented approach to normal design for safety-critical systems , 2007 .

[40]  Rolf Adams,et al.  Limitations of formal methods and an approach to improvement , 1995, Proceedings 1995 Asia Pacific Software Engineering Conference.

[41]  Pierre Dupont,et al.  Generating annotated behavior models from end-user scenarios , 2005, IEEE Transactions on Software Engineering.

[42]  Mana Taghdiri,et al.  Lightweight extraction of syntactic specifications , 2006, SIGSOFT '06/FSE-14.

[43]  Michael A. Jackson,et al.  Software requirements and specifications - a lexicon of practice, principles and prejudices , 1995 .

[44]  John C. Knight,et al.  The essential synthesis of problem frames and assurance cases , 2006, IWAAPF '06.

[45]  Michael Jackson,et al.  Problem Analysis Using Small Problem Frames , 1999 .

[46]  Mana Taghdiri,et al.  Inferring specifications to detect errors in code , 2004, Proceedings. 19th International Conference on Automated Software Engineering, 2004..

[47]  Zhi Li,et al.  From requirements to specifications: a formal approach , 2006, IWAAPF '06.

[48]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[49]  Daniel Jackson,et al.  Requirement progression in problem frames: deriving specifications from requirements , 2007, Requirements Engineering.

[50]  Daniel Jackson,et al.  Problem frame transformations: deriving specifications from requirements , 2006, IWAAPF '06.

[51]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[52]  Fred P. Brooks,et al.  The Mythical Man-Month , 1975, Reliable Software.

[53]  Zhi Li,et al.  Problem Reduction: a systematic technique for deriving Specifications from Requirements , 2006 .

[54]  Derek Rayside,et al.  Automating commutativity analysis at the design level , 2004, ISSTA '04.

[55]  John Mylopoulos,et al.  Tropos: A Requirements-Driven Methodology for Agent-Oriented Software , 2005 .

[56]  H. Ozog Hazard identification, analysis and control , 1985 .

[57]  Bashar Nuseibeh,et al.  Composing requirements using problem frames , 2004, Proceedings. 12th IEEE International Requirements Engineering Conference, 2004..

[58]  Zhi Li,et al.  A Constructive Approach to Problem Frame Semantics , 2004 .

[59]  Pamela Zave,et al.  Deriving Specifications from Requirements: an Example , 1995, 1995 17th International Conference on Software Engineering.

[60]  Axel van Lamsweerde,et al.  Formal refinement patterns for goal-driven requirements elaboration , 1996, SIGSOFT '96.

[61]  Eric S. K. Yu,et al.  Towards modelling and reasoning support for early-phase requirements engineering , 1997, Proceedings of ISRE '97: 3rd IEEE International Symposium on Requirements Engineering.