Software in safety critical systems
|
|
- Clare Andrews
- 8 years ago
- Views:
Transcription
1 Software in safety critical systems Software safety requirements Software safety integrity Budapest University of Technology and Economics Department of Measurement and Information Systems Definitions Programmable electronic (PE) o Based on computer technology which may be comprised of hardware, software, and of input and/or output units Software o Intellectual creation comprising the programs, procedures, data, rules and any associated documentation pertaining to the operation of a data processing system Safety related software o Software that is used to implement safety functions Software safety integrity o Likelihood of software in a PE system achieving its safety functions under all stated conditions within specified period of time Systematic safety integrity o Part of the safety integrity relating to systematic failures in a dangerous mode of failure o Error in the design, implementation of software causes systematic failures
2 Determining software SIL Basic concepts: o Software SIL shall be identical to the PE system SIL (implementing the safety function) o Exception: Mechanism exists to prevent the failure of a software module from causing the system to go to an unsafe state Reducing software SIL requires o Analysis of failure modes and effects (probabilistic analysis) o Analysis of independence between software and the applied prevention mechanisms Different software modules may have different SIL Architecture for reducing software SIL 2 Független channelsszoftver modulok and bejárása independent acknowledgement (1) (2) (3) Channel 1 (1) (1) (2) (3) (3) Channel 2 (2) Signature Signature (1) (1) (3) (3) locking locking (4) (4) I/O
3 Problems and solutions Systematic failures in complex software: o Development of fault free software cannot be guaranteed in case of complex functions Goal: Reducing the number of faults (remaining after verification and validation activities) that may cause hazard > Fault prevention, fault removal, fault tolerance, fault forecasting o Target failure measure cannot be demonstrated by a quantitative analysis General techniques do not exist, estimations are questionable Standards prescribe methods and techniques for the software development, operation and maintenance: 1. Safety lifecycle 2. Techniques and measures in all phases of the lifecycle 3. Documentation 4. Competence and independence of personnel 1. Safety lifecycle
4 Hardware and software development PE system architecture (partitioning of functions) determines software requirements PES integration follows software development Final step: E/E/PES integration E/E/PES safety requirements specification Software safety requirements Software design and development PES integration (software and hardware) Programmable hardware design and development E/E/PES architecture Hardware safety requirements E/E/PES integration Non programmable hardware design and development Software safety lifecycle Safety req. spec. has two parts: o Software safety functions o Software safety integrity levels Validation planning is required Integration with PE hardware is required Final step: Software safety validation Software safety validation planning Software safety requirements Safety functions Safety integrity Software design and development PES integration (hw and sw) Software safety validation
5 Example lifecycle (V model) Development model is not prescribed by the standards o V model is characterized by clear conditions to step forward o V&V planning is explicitly supported (input for V&V activities) Software quality assurance Software Quality Assurance Plan o Specifying activities and documents according to ISO ISO 9001 accreditation o Determining all technical and control activities in the lifecycle Activities, inputs and outputs (esp. verification and validation) Quantitative quality metrics Specification of its own updating (frequency, responsibility, methods) o External supplier control Software configuration management o Configuration control before release for all artifacts (code, documents, ) o Changes require authorization Problem reporting and corrective actions (issue tracking) o Lifecycle of problems: From reporting through analysis, design and implementation to validation o Preventive actions
6 2. Techniques and measures Basic approach Goal: Preventing the introduction of systematic faults and controlling the residual faults SIL determines the set of techniques to be applied as o M: Mandatory o HR: Highly recommended (rationale behind not using it should be detailed and agreed with the assessor) o R: Recommended o : No recommendation for or against being used o NR: Not recommended Combinations of techniques is allowed o E.g., alternate or equivalent techniques are marked Hierarchy of methods is formed (references to tables)
7 Example: Guide to selection of techniques Software safety requirements specification: o Techniques 2a and 2b are alternatives o Referred table: Semi formal methods (B.7) Hierarchy of design methods
8 Hierarchy of design methods Hierarchy of design methods
9 Specific techniques: Design Safety bag technique o Independent external monitor ensuring that the main computer performs safe Memorizing executed traces o Comparison of program execution with previously documented reference in order to force it to fail safely if it attempts to execute a path which is not allowed Defensive programming o Checking anomalous control/data flow and data values during execution E.g., checking variable ranges, plausibility, consistency of configuration, availability of hw, etc. o and react in a safe manner Hierarchy of V&V methods
10 Hierarchy of V&V methods Hierarchy of V&V methods
11 Hierarchy of V&V methods Specific techniques: Verification Probabilistic testing o Deriving probabilistic figures about the reliability of components from (automated) testing via environment simulation focusing on frequent trajectories Test case execution from error seeding o Inserting errors in order to estimate the number of remaining errors after testing from the number of inserted and detected errors Fagan inspections o Revealing mistakes by a systematic audit on documents and design artifacts Sneak circuit analysis o Detecting unexpected paths or logic flow (latent conditions inadvertently designed into the system) which initiate undesired functions
12 Application of tools in the lifecycle Fault prevention: o Program translation from high level programming languages o MBD, CASE tools: High level modeling and code/configuration generators Fault removal: o Analysis, testing and diagnosis o Correction (code modification) Management tools o Contributing both to fault prevention and removal o Includes project management, configuration management, issue tracking Types of tools Safety concerns of tools o Tools potentially introducing faults Modeling and programming tools Program translation tools o Tools potentially failing to detect faults Analysis and testing tools Project management tools Requirements o Use certified or widely adopted tools Increased confidence from use (no evidence of improper results yet) o Use the well tested partswithout altering the usage o Check the output of tools (analysis/diversity) o Control access and versions
13 Safety of programming languages Factors for selection of languages o Functional characteristics (probability of faults) Logical soundness (unambiguous definition) Complexity of definition (understandability) Expressive power Verifiability (consistency with specification) Vulnerability (security aspects) o Availability and quality of tools o Expertise available in the design team Coding standards (subsets of languages) are defined o Dangerous constructs are excluded (e.g., function pointers) o Static checking can be used to verify the subset Specific (certified) compilers are available o Compiler verification kit for third party compilers Safety of programming languages Factors for selection of languages Constructs that make verification difficult (61508): o Functional Unconditional characteristics jumps (probability excluding of subroutine faults) calls Logical Recursion soundness (unambiguous definition) Complexity Pointers, of definition heaps (understandability) or any type of dynamic variables Expressive Interrupt power handling at source code level Verifiability Multiple (consistency entries with and specification) exits of loops and subprograms Vulnerability (security aspects) Implicit variable initialization or declaration o Availability Variant and quality records of and tools equivalence o Expertise Procedural available in parameters the design team Coding standards (subsets of languages) are defined o Dangerous constructs are excluded (e.g., function pointers) o Static checking can be used to verify the subset Specific (certified) compilers are available o Compiler verification kit for third party compilers
14 Language comparison Wild jumps: Jump to arbitrary address in memory Overwrites: Overwriting arbitrary address in memory Model of math: Well defined data types Separate compilation: Type checking across modules Coding standards for C and C++ MISRA C (Motor Industry Software Reliability Association) o Safe subset of C (2004): 141 rules (121 required, 20 advisory) o Examples: Rule 33 (Required): The right hand side of a "&&" or " " operator shall not contain side effects. Rule 49 (Advisory): Tests of a value against zero should be made explicit, unless the operand is effectively Boolean. Rule 59 (R): The statement forming the body of an "if", "else if", "else", "while", "do... while", or "for" statement shall always be enclosed in braces. Rule 104 (R): Non constant pointers to functions shall not be used. o Tools to check MISRA conformance (LDRA, PolySpace, ) Test cases to demonstrate adherence to MISRA rules MISRA C++ (2008): 228 rules US DoD, JSF C++: 221 rules (incl. metric guidelines) o Joint Strike Fighter Air Vehicle C++ Coding Standard
15 Interesting facts Boeing 777: Approx. 35 languages are used o Mostly Ada with assembler (e.g., cabin management system) o Onboard extinguishers in PLM o Seatback entertainment system in C++ with MFC European Space Agency: o Mandates Ada for mission critical systems Honeywell: Aircraft navigation data loader in C Lockheed: F 22 Advanced Tactical Fighter program in Ada 83 with a small amount in assembly GM trucks vehicle controllers mostly in Modula GM (Modula GM is a variant of Modula 2) TGV France: Braking and switching system in Ada Westinghouse: Automatic Train Protection (ATP) systems in Pascal Safety critical OS: Required properties Partitioning in space o Memory protection o Guaranteed resource availability Partitioning in time o Deterministic scheduling o Guaranteed resource availability in time Mandatory access control for critical objects o Not (only) discretionary Bounded execution time o Also for system functions Support for fault tolerance and high availability o Fault detection and recovery / failover o Redundancy control
16 Example: Safety and RTOS Compromise needed o Complex RTOS: Difficult to test o Bare machine : Less scheduling risks High maintenance risks Example: Tornado for Safety Critical Systems o Integrated software solution uses Wind River's securely partitioned VxWorks AE653 RTOS o ARINC 653: Time and space partitioning (guaranteed isolation) o RTCA/DO 178B: Level A certification o POSIX, Ada, C support 3. Documentation
17 Principles for documentation Type of documentation o Comprehensive (overall lifecycle) E.g., Software Verification Plan o Specific (for a given lifecycle phase) E.g., Software Source Code Verification Report Document Cross Reference Table o Determines documentation for a lifecycle phase o Determines relations among documents Traceability of documents is required o Relationships between documents are specified (input, output) o Terminology, references, abbreviations are consistent Merging documents is allowed o If responsible persons (authors) shall not be independent Document cross reference table (EN50128) creation of a document used document in a given phase (read vertically)
18 Example Software Planning Phase Software Development Plan Software Quality Assurance Plan Software Configuration Management Plan Software Verification Plan Software Integration Test Plan Software/hardware Integration Test Plan Software Validation Plan Software Maintenance Plan System Development Phase System Requirements Specification System Safety Requirements Specification System Architecture Description System Safety Plan Software Requirements Spec. Phase Software Requirements Specification Software Requirements Test Specification Software Requirements Verification Report Software Maintenance Phase Software Maintenance Records Software Change Records Software Assessment Phase Software Assessment Report Software Validation Phase Software Validation Report Software/hardware Integration Phase Software/hardware Integration Test Report Document structure in EN documents in a systematic structure o Specification o Design o Verification Software Architecture & Design Phase Software Architecture Specification Software Design Specification Software Architecture and Design Verification Report Software Module Design Phase Software Module Design Specification Software Module Test Specification Software Module Verification Report Software Integration Phase Software Integration Test Report Software Module Testing Phase Software Module Test Report Coding Phase Software Source Code & Supporting Documentation Software Source Code Verification Report 4. Competence and independence of personnel
19 Human factors In contrast to computers o Humans often fail in: reacting in time following a predefined set of instructions o Humans are good in: handling unanticipated problems Human errors o Not all kind of human errors are equally likely o Hazard analysis (FMECA) is possible in a given context o Results shall be integrated into system safety analysis Reducing the errors of developers o Safe languages, tools, environments o Training, experience and redundancy (independence) Reducing operatorerrors: o Designing ergonomic HMI (patterns are available) o Designing to aid the operator rather than take over Safety management o Quality assurance o Safety Organization Organization Competence shall be demonstrated o Training, experience and qualifications Independence of roles: o DES: Designer (analyst, architect, coder, unit tester) o VER: Verifier o VAL: Validator o ASS: Assessor o MAN: Project manager o QUA: Quality assurance personnel
20 EN 50128: Independence of personnel Organization Person SIL 0: DES, VER, VAL ASS SIL 1 or 2: DES VER, VAL ASS SIL 3 or 4: MGR DES VER, VAL ASS or: MGR ASS DES VER VAL Specific design aspects: Development of generic software
21 Overview of the lifecycle System development Generic software: It can be used and re used after parameterization with specific data Operation and maintenance Software assessment Design for parameterization Requirement specification Architecture design Validation test plan Integration test plan Software validation Software/hardware Software integration integration V&V of parameterization Module design Module test plan Module testing Parameterization Module coding Design aspects Lifecycle phase System development Software requirement specification Architecture design Module design Verification and validation Maintenance Design aspect Decision about parameterized functions Specification of parameterized functions Specification of data validation Design of interfaces for parameterization Separation of program code and parameters Checking for potential parameter values and their combinations Checking compatibility of changes in program code and parameters
22 Parameterization activities Similar lifecycle phase Software requirements specification Software architecture and design Software integration Software validation Software assessment Activity Specifying application requirements Data preparation Data testing (verification) Data test reporting Parameterization (configuration) Validation of the system parameterized with application data Summary
23 Design of safe software Summary o Lifecycle o Techniques and measures o Documentation o Competence and independence of personnel Specific aspects o Safe subsets of programming languages o The role of tools o Safe operating systems o Development of generic software
IEC 61508 Overview Report
IEC 61508 Overview Report A Summary of the IEC 61508 Standard for Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems exida Sellersville, PA 18960, USA +1-215-453-1720
More informationReduce Medical Device Compliance Costs with Best Practices. mark.pitchford@ldra.com
Reduce Medical Device Compliance Costs with Best Practices mark.pitchford@ldra.com 1 Agenda Medical Software Certification How new is Critical Software Certification? What do we need to do? What Best Practises
More informationMeeting DO-178B Software Verification Guidelines with Coverity Integrity Center
Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center May, 2009 Thomas Schultz Director of Product Strategy, Coverity, Inc. Executive Summary Development organizations that create
More informationIntroduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 6 : Product Development Software Level
ISO 26262 the Emerging Automotive Safety Standard Agenda Introduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 4 : Product Development System Level Part 6 : Product Development
More informationDesign of automatic testing tool for railway signalling systems software safety assessment
Risk Analysis VI 513 Design of automatic testing tool for railway signalling systems software safety assessment J.-G. Hwang 1, H.-J. Jo 1 & H.-S. Kim 2 1 Train Control Research Team, Korea Railroad Research
More informationUniversity of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities
II.2 Life Cycle and Safety Safety Life Cycle: The necessary activities involving safety-related systems, occurring during a period of time that starts at the concept phase of a project and finishes when
More informationELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL
61508-3 ª IEC: 1997 1 Version 12.0 05/12/97 COMMISSION CEI ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL COMMISSION Functional safety of electrical/electronic/ programmable
More informationIEC 61508 Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.
61508 SIL 3 CAPABLE IEC 61508 Functional Safety Assessment Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter Customer: K-TEK Corporation Prairieville, LA USA Contract No.:
More informationHardware safety integrity Guideline
Hardware safety integrity Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed
More informationNotes and terms of conditions. Vendor shall note the following terms and conditions/ information before they submit their quote.
Specifications for ARINC 653 compliant RTOS & Development Environment Notes and terms of conditions Vendor shall note the following terms and conditions/ information before they submit their quote. 1.
More informationISO 26262 Introduction
ISO 26262 Introduction Prof. Christian Madritsch 2012 Table of Contents Structure of ISO 26262 Management of Functional Safety Product Development System Level Product Development Hardware Level Product
More informationVersion: 1.0 Latest Edition: 2006-08-24. Guideline
Management of Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed but please
More informationISO 26262 Functional Safety Draft International Standard for Road Vehicles: Background, Status, and Overview
ISO 26262 Functional Safety Draft International Standard for Road Vehicles: Background, Status, and Overview Barbara J. Czerny, Joseph D Ambrosio, Rami Debouk, General Motors Research and Development Kelly
More informationSafety controls, alarms, and interlocks as IPLs
Safety controls, alarms, and interlocks as IPLs Angela E. Summers, Ph.D., P.E. SIS-TECH Solutions 12621 Featherwood Dr. Suite 120, Houston, TX 77034 Keywords: safety controls, alarms, interlocks, SIS,
More informationCertification of a Scade 6 compiler
Certification of a Scade 6 compiler F-X Fornari Esterel Technologies 1 Introduction Topic : What does mean developping a certified software? In particular, using embedded sofware development rules! What
More informationEstimating Software Reliability In the Absence of Data
Estimating Software Reliability In the Absence of Data Joanne Bechta Dugan (jbd@virginia.edu) Ganesh J. Pai (gpai@virginia.edu) Department of ECE University of Virginia, Charlottesville, VA NASA OSMA SAS
More informationFailure Mode and Effect Analysis. Software Development is Different
Failure Mode and Effect Analysis Lecture 4-3 Software Failure Mode and Effects Analysis in Software Software Development, Pries, SAE Technical Paper 982816 Software Development is Different Process variation
More informationARINC 653. An Avionics Standard for Safe, Partitioned Systems
ARINC 653 An Avionics Standard for Safe, Partitioned Systems 1 Courtesy of Wind River Inc. 2008 IEEE-CS Seminar June 4 th, 2008 Agenda Aerospace Trends IMA vs. Federated ARINC 653 Main concepts Safety
More informationRequirements-driven Verification Methodology for Standards Compliance
Requirements-driven Verification Methodology for Standards Compliance Serrie-justine Chapman (TVS) serrie@testandverification.com Mike Bartley (TVS) mike@testandverification.com Darren Galpin (Infineon)
More informationSafety and security related features in AUTOSAR
Safety and security related features in Dr. Stefan Bunzel Spokesperson (Continental) Co-Authors: S. Fürst, Dr. J. Wagenhuber (BMW), Dr. F. Stappert (Continental) Automotive - Safety & Security 2010 22
More informationCertification Authorities Software Team (CAST) Position Paper CAST-13
Certification Authorities Software Team (CAST) Position Paper CAST-13 Automatic Code Generation Tools Development Assurance Completed June 2002 NOTE: This position paper has been coordinated among the
More informationTesting of safety-critical software some principles
1(60) Testing of safety-critical software some principles Emerging Trends in Software Testing: autumn 2012 Matti Vuori, Tampere University of Technology 27.11.2012 Contents 1/4 Topics of this lecture 6
More informationRigorous Methods for Software Engineering (F21RS1) High Integrity Software Development
Rigorous Methods for Software Engineering (F21RS1) High Integrity Software Development Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University
More informationHow Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer
How Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer Agendum What the benefits of Functional Safety are What the most popular safety certifications are Why you should
More informationFrequently Asked Questions
Frequently Asked Questions The exida 61508 Certification Program V1 R8 October 19, 2007 exida Geneva, Switzerland Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547 1 Exida
More informationEfficient and Faster PLC Software Development Process for Automotive industry. Demetrio Cortese IVECO Embedded Software Design
Efficient and Faster PLC Software Development Process for Automotive industry Demetrio Cortese IVECO Embedded Software Design 13-06-2013 Automotive OEM Mandatory Requirement Delivery the new vehicle in
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationSoftware testing. Objectives
Software testing cmsc435-1 Objectives To discuss the distinctions between validation testing and defect testing To describe the principles of system and component testing To describe strategies for generating
More informationSoftware Engineering Compiled By: Roshani Ghimire Page 1
Unit 7: Metric for Process and Product 7.1 Software Measurement Measurement is the process by which numbers or symbols are assigned to the attributes of entities in the real world in such a way as to define
More informationSAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE. Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.
SAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.com DIGITAL FLIGHT / SOLUTIONS Presentation Outline DO-178 Overview
More informationFMC Technologies Measurement Solutions Inc.
Table of Contents 1 Revision History... 4 2 Company... 5 2.1 Introduction... 5 2.2 Quality Policy... 6 2.3 Quality Organization... 6 2.4 Company Processes... 7 3 Scope and Exclusions... 8 3.1 Scope...
More informationThe Software Development Life Cycle: An Overview. Last Time. Session 8: Security and Evaluation. Information Systems Security Engineering
The Software Development Life Cycle: An Overview Presented by Maxwell Drew and Dan Kaiser Southwest State University Computer Science Program Last Time Brief review of the testing process Dynamic Testing
More informationControlling Risks Safety Lifecycle
Controlling Risks Safety Lifecycle Objective Introduce the concept of a safety lifecycle and the applicability and context in safety systems. Lifecycle Management A risk based management plan for a system
More informationAC 20-148 REUSABLE SOFTWARE COMPONENTS
AC 20-148 REUSABLE SOFTWARE COMPONENTS December 7, 2004 12/7/04 AC 20-148 CONTENTS Paragraph Title Page 1. Purpose....1 2. Motivation for this Guidance....1 3. Document Overview...1 4. General Guidelines
More informationAP1000 European 18. Human Factors Engineering Design Control Document
18.2 Human Factors Engineering Program Management The purpose of this section is to describe the goals of the AP1000 human factors engineering program, the technical program to accomplish these goals,
More informationSafety Issues in Automotive Software
Safety Issues in Automotive Software Paolo Panaroni, Giovanni Sartori INTECS S.p.A. SAFEWARE 1 INTECS & Safety A very large number of safety software development, V&V activities and research project on
More informationSatisfying ASIL Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry
Satisfying Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry Introduction Safety functions are increasingly being carried out by electrical, electronic, or programmable
More informationTITLE: Control of Software
Page 1 of 8 TITLE: Control of Software WARNING This document is the property of United Technologies Corporation (UTC). You may not possess, use, copy or disclose this document or any information in it,
More informationTesting Automated Manufacturing Processes
Testing Automated Manufacturing Processes (PLC based architecture) 1 ❶ Introduction. ❷ Regulations. ❸ CSV Automated Manufacturing Systems. ❹ PLCs Validation Methodology / Approach. ❺ Testing. ❻ Controls
More informationStandard for Software Component Testing
Standard for Software Component Testing Working Draft 3.4 Date: 27 April 2001 produced by the British Computer Society Specialist Interest Group in Software Testing (BCS SIGIST) Copyright Notice This document
More informationProject Risk Management: IV&V as Insurance for Project Success
Project Risk Management: IV&V as Insurance for Project Success Introduction Software development projects can be expensive and risky: Ever more complex mission-critical requirements lead to increasingly
More informationIBM Rational Rhapsody
IBM Rational Rhapsody IBM Rational Rhapsody Reference Workflow Guide Version 1.9 License Agreement No part of this publication may be reproduced, transmitted, stored in a retrieval system, nor translated
More informationSOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND. Queensland 4072 Australia TECHNICAL REPORT
SOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND Queensland 4072 Australia TECHNICAL REPORT No. 99-30 A Survey of International Safety Standards Axel
More informationF15. Towards a More Mature Test Process. Anne Mette-Hass. P r e s e n t a t i o n
Towards a More Mature Test Process Anne Mette-Hass International Conference On Software Testing, Analysis & Review November 19-23 Stockholm, Sweden P r e s e n t a t i o n F15 Friday 23rd November, 2001
More informationASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY
ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY Dr. Qi Van Eikema Hommes SAE 2012 Government/Industry Meeting January 25, 2012 1 Outline ISO 26262 Overview Scope of the Assessment
More informationSoftware Test Plan (STP) Template
(STP) Template Items that are intended to stay in as part of your document are in bold; explanatory comments are in italic text. Plain text is used where you might insert wording about your project. This
More informationSOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT
SOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT Mar 31, 2014 Japan Aerospace Exploration Agency This is an English translation of JERG-2-610. Whenever there is anything ambiguous in this document, the original
More informationProcedure for Assessment of System and Software
Doc. No: STQC IT/ Assessment/ 01, Version 1.0 Procedure for Assessment of System and Software May, 2014 STQC - IT Services STQC Directorate, Department of Electronics and Information Technology, Ministry
More informationCS52600: Information Security
CS18000: Programming I CS52600: Information Security Vulnerability Analysis 15 November 2010 Prof. Chris Clifton Vulnerability Analysis Vulnerability: Lapse in enforcement enabling violation of security
More informationSafety-Critical Software Development: DO-178B
Safety-Critical Software Development: DO-178B Prof. Chris Johnson, School of Computing Science, University of Glasgow. johnson@dcs.gla.ac.uk http://www.dcs.gla.ac.uk/~johnson Introduction Software design
More informationFrequently Asked Questions
Frequently Asked Questions The exida Certification Program Functional Safety (SIL) Cyber-Security V2 R3 June 14, 2012 exida Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547
More informationSAFETY MANUAL SIL Switch Amplifier
PROCESS AUTOMATION SAFETY MANUAL SIL Switch Amplifier KCD2-SR-(Ex)*(.LB)(.SP), HiC282* ISO9001 2 With regard to the supply of products, the current issue of the following document is applicable: The General
More informationfunctional Safety UL Functional Safety Mark
functional Safety UL Functional Safety Mark Program UL Functional Safety Mark Program With the advent and evolution of functional safety standards in North America and Europe, UL is now offering a UL Functional
More informationR214 SPECIFIC REQUIREMENTS: INFORMATION TECHNOLOGY TESTING LABORATORY ACCREDITATION PROGRAM
The American Association for Laboratory Accreditation Document Revised: R214: Specific Requirements: Information Technology Testing Laboratory Accreditation July 13, 2010 Program Page 1 of 26 R214 SPECIFIC
More informationISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY
ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY Dr. Gregg Wildes DornerWorks www.dornerworks.com Embedded Systems Engineering for Security and Safety-Critical Systems Where Hardware
More informationEmbedding Trust into Cars Secure Software Delivery and Installation
Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop
More informationSimulink Modeling Guidelines for High-Integrity Systems
Simulink Modeling Guidelines for High-Integrity Systems R2015a How to Contact MathWorks Latest news: www.mathworks.com Sales and services: www.mathworks.com/sales_and_services User community: www.mathworks.com/matlabcentral
More informationDeveloping software for Autonomous Vehicle Applications; a Look Into the Software Development Process
Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process By Andreas Lindenthal and Franz Walkembach, Wind River The concept of autonomous vehicles or unmanned
More informationSoftware Production. Industrialized integration and validation of TargetLink models for series production
PAGE 24 EB AUTOMOTIVE Industrialized integration and validation of TargetLink models for series production Continuous Software Production The complexity of software systems in vehicles is increasing at
More informationHow To Develop Software
Software Engineering Prof. N.L. Sarda Computer Science & Engineering Indian Institute of Technology, Bombay Lecture-4 Overview of Phases (Part - II) We studied the problem definition phase, with which
More informationCS 451 Software Engineering Winter 2009
CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings 215.895.0298 yfcai@cs.drexel.edu 1 Testing Process Testing Testing only reveals the presence of defects Does not identify
More informationComputer Security. Evaluation Methodology CIS 5370. Value of Independent Analysis. Evaluating Systems Chapter 21
Computer Security CIS 5370 Evaluating Systems Chapter 21 1 Evaluation Methodology 1. Set of security functionality requirements 2. Set of assurance a requirements e e 3. Methodology to determine if the
More informationValue Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity
Value Paper Author: Edgar C. Ramirez Diverse redundancy used in SIS technology to achieve higher safety integrity Diverse redundancy used in SIS technology to achieve higher safety integrity Abstract SIS
More informationSECTION 4 TESTING & QUALITY CONTROL
Page 1 SECTION 4 TESTING & QUALITY CONTROL TESTING METHODOLOGY & THE TESTING LIFECYCLE The stages of the Testing Life Cycle are: Requirements Analysis, Planning, Test Case Development, Test Environment
More informationModule 10. Coding and Testing. Version 2 CSE IIT, Kharagpur
Module 10 Coding and Testing Lesson 23 Code Review Specific Instructional Objectives At the end of this lesson the student would be able to: Identify the necessity of coding standards. Differentiate between
More informationAchieving Functional Safety with Global Resources and Market Reach
Achieving Functional Safety with Global Resources and Market Reach 0A 0B Burner management systems Combustion controls Electric vehicle components (on-board, off board) Electrosensitive equipment Elevator
More informationHow To Write Software
1 Medical Device Software - Software Life Cycle Processes IEC 62304 2 Credits John F. Murray Software Compliance Expert U.S. Food and Drug Administration Marcie R. Williams Medical Device Fellow Ph.D.
More informationSafety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September 2010. Answers for industry.
SIMATIC Safety Matrix The Management Tool for all Phases of the Safety Lifecycle Brochure September 2010 Safety Integrated Answers for industry. Functional safety and Safety Lifecycle Management Hazard
More informationThe evolving ARINC 653 standard and it s application to IMA
The evolving ARINC 653 standard and it s application to IMA Alex Wilson Senior Program Manager Wind River November 13 th 2007 IMA and ARINC 653 Agenda DO-297 Certification of IMA under DO-297 Conclusions
More informationEnterprise resource planning Product life-cycle management Information systems in industry ELEC-E8113
Enterprise resource planning Product life-cycle management Information systems in industry ELEC-E8113 Contents Enterprise resource planning (ERP) Product data management (PDM) Product lifecycle management
More informationViewpoint on ISA TR84.0.02 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President
Viewpoint on ISA TR84.0.0 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President Presented at Interkama, Dusseldorf, Germany, October 1999, Published in ISA Transactions,
More informationF-22 Raptor. Agenda. 1. Motivation
Model-Based Software Development and Automated Code Generation for Safety-Critical Systems F-22 Raptor for the Seminar Advanced Topics in Software Engineering for Safety-Critical Systems Cause: Bug in
More informationPABIAC Safety-related Control Systems Workshop
Health and and Safety Executive PABIAC Safety-related Control Systems Workshop KEY STANDARDS FOR ELECTRICAL & FUNCTIONAL SAFETY OF PAPERMAKING MACHINES: APPLICATION & USE Steve Frost HM Principal Electrical
More informationCertification Report
Certification Report EAL 4+ Evaluation of Netezza Performance Server v4.6.5 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
More information8. Master Test Plan (MTP)
8. Master Test Plan (MTP) The purpose of the Master Test Plan (MTP) is to provide an overall test planning and test management document for multiple levels of test (either within one project or across
More informationVolume I, Section 4 Table of Contents
Volume I, Section 4 Table of Contents 4 Software Standards...4-1 4.1 Scope...4-1 4.1.1 Software Sources...4-2 4.1.2 Location and Control of Software and Hardware on Which it Operates...4-2 4.1.3 Exclusions...4-3
More informationAnwendung von Polyspace im Software Entwicklungsprozess nach IEC 60880. München, 19.05.2011, Dr.-Ing. Jörg Barrho
Anwendung von Polyspace im Software Entwicklungsprozess nach IEC 60880 München, 19.05.2011, Dr.-Ing. Jörg Barrho Agenda 01 Tognum and MTU Friedrichshafen 02 Background and project 03 Overview IEC 60880
More informationAnnouncement of a new IAEA Co-ordinated Research Programme (CRP)
Announcement of a new IAEA Co-ordinated Research Programme (CRP) 1. Title of Co-ordinated Research Programme Design and engineering aspects of the robustness of digital instrumentation and control (I&C)
More informationCONFIGURATION MANAGEMENT PLAN GUIDELINES
I-680 SMART CARPOOL LANE PROJECT SYSTEM ENGINEERING MANAGEMENT PLAN CONFIGURATION MANAGEMENT PLAN GUIDELINE SECTIONS: PLAN GUIDELINES 1. GENERAL 2. ROLES AND RESPONSIBILITIES 3. CONFIGURATION MANAGEMENT
More informationWHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE
WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE White paper produced by Maetrics For more information, please contact global sales +1 610 458 9312 +1 877 623 8742 globalsales@maetrics.com
More informationITIL Essentials Study Guide
ITIL Essentials Study Guide Introduction Service Support Functions: Service Desk Incident Management Problem Management Change Management Configuration Management Release Management Service Delivery Functions:
More informationReference Guide for Security in Networks
Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template
More informationSafety Lifecycle illustrated with exemplified EPS
September 2012 Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C-Ware, the Energy Efficient Solutions logo, Kinetis, mobilegt, PowerQUICC, Processor Expert, QorIQ,
More informationA New Standards Project on Avoiding Programming Language Vulnerabilities
A New Standards Project on Avoiding Programming Language Vulnerabilities Jim Moore Liaison Representative from IEEE Computer Society to ISO/IEC JTC 1/SC 7 Liaison Representative between ISO/IEC JTC 1/SC
More informationSAFETY LIFE-CYCLE HOW TO IMPLEMENT A
AS SEEN IN THE SUMMER 2007 ISSUE OF... HOW TO IMPLEMENT A SAFETY LIFE-CYCLE A SAFER PLANT, DECREASED ENGINEERING, OPERATION AND MAINTENANCE COSTS, AND INCREASED PROCESS UP-TIME ARE ALL ACHIEVABLE WITH
More informationIntroduction to Automated Testing
Introduction to Automated Testing What is Software testing? Examination of a software unit, several integrated software units or an entire software package by running it. execution based on test cases
More informationMachineontwerp volgens IEC 62061
Machineontwerp volgens IEC 62061 Insert Photo Here Safety solution Architect Safety Local Business Leader Benelux. Stephen Podevyn Safety Solution Seminar Agenda deel 1 1. Richtlijnen en normen 2. Safety
More informationRATP safety approach for railway signalling systems
RATP safety approach for railway signalling systems ReSIST summer School 007 Pierre CHARTIER Summary. Introduction. Hardware fault detection. 6 Introduction Global railway system Rolling stock Environment
More informationSoftware Engineering Reference Framework
Software Engineering Reference Framework Michel Chaudron, Jan Friso Groote, Kees van Hee, Kees Hemerik, Lou Somers, Tom Verhoeff. Department of Mathematics and Computer Science Eindhoven University of
More informationHow To Integrate Software And Systems
September 25, 2014 EFFECTIVE METHODS FOR SOFTWARE AND SYSTEMS INTEGRATION P R E S E N T E D B Y: D R. B O Y D L. S U M M E R S 1 Software Engineer (Quality) Defense and Space The Boeing Company - Seattle,
More informationExhibit E - Support & Service Definitions. v1.11 / 2015-07-03
Exhibit E - Support & Service Definitions v1.11 / 2015-07-03 Introduction - Support Services Table of Contents 1 Introduction... 4 2 General Definitions... 5 2.1 Support Services... 5 2.2 2.3 License or
More informationDRAFT REGULATORY GUIDE
DRAFT REGULATORY GUIDE SOFTWARE IN PROTECTION AND CONTROL SYSTEMS Issued for public comments by the Atomic Energy Control Board October 1999 Atomic Energy Control Board Commission de contrôle de l énergie
More informationida.com excellence in dependable automation
IEC 61508 Maintenance Status IEC 61508 Maintenance Projekt ist aus dem zulässigen Zeitrahmen gelaufen Viele Baustellen auch durch neue Mitglieder (Frankreich, USA, IEC 61511 Team) Bestehende Anforderungen,
More informationIntroduction into IEC 62304 Software life cycle for medical devices
Introduction into IEC 62304 Software life cycle for medical devices Christoph Gerber 4. September 2008 SPIQ 9/5/2008 1 Agenda Current Picture Regulatory requirements for medical device software IEC 62304
More informationTechnical Data Sheet SCADE R17 Solutions for ARINC 661 Compliant Systems Design Environment for Aircraft Manufacturers, CDS and UA Suppliers
661 Solutions for ARINC 661 Compliant Systems SCADE R17 Solutions for ARINC 661 Compliant Systems Design Environment for Aircraft Manufacturers, CDS and UA Suppliers SCADE Solutions for ARINC 661 Compliant
More informationSelecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004)
Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Dale Perry Worldwide Pressure Marketing Manager Emerson Process Management Rosemount Division Chanhassen, MN 55317 USA
More informationGlossary of Object Oriented Terms
Appendix E Glossary of Object Oriented Terms abstract class: A class primarily intended to define an instance, but can not be instantiated without additional methods. abstract data type: An abstraction
More informationDecomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces
Software Engineering, Lecture 4 Decomposition into suitable parts Cross cutting concerns Design patterns I will also give an example scenario that you are supposed to analyse and make synthesis from The
More informationCASS TEMPLATES FOR SOFTWARE REQUIREMENTS IN RELATION TO IEC 61508 PART 3 SAFETY FUNCTION ASSESSMENT Version 1.0 (5128)
CASS TEMPLATES FOR SOFTWARE REQUIREMENTS IN RELATION TO PART 3 SAFETY FUNCTION ASSESSMENT Version 1.0 (5128) Report No. T6A01 Prepared for: The CASS Scheme Ltd By: The 61508 Association All comment or
More informationIAEA-TECDOC-1328 Solutions for cost effective assessment of software based instrumentation and control systems in nuclear power plants
IAEA-TECDOC-1328 Solutions for cost effective assessment of software based instrumentation and control systems in nuclear power plants Report prepared within the framework of the Technical Working Group
More information