IPA/SEC's Efforts for Dependable Software



Similar documents
Fujitsu Group s Information Security

ISA Security Compliance Institute ISASecure IACS Certification Programs

FOR IMMEDIATE RELEASE

Software Engineering. Objectives. Designing, building and maintaining large software systems

Cyber Security of the Smart Grid

Agile Model-Based Systems Engineering (ambse)

Towards Collaborative Requirements Engineering Tool for ERP product customization

An Empirical Study of Process Management and Metrics based on In-process Measurements of a Standardized Requirements Definition Phase

SOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT

CSSC-CL Announces ISASecure Certification of Hitachi and Yokogawa Industrial Control Devices. ~For More Globally Competitive Control System Devices ~

The Japan Society of Mechanical Engineers C 2010

ISA Security Compliance Institute

How To Manage An Open Source Software

VAIL-Plant Asset Integrity Management System. Software Development Process

O&M Cloud Service for Expediting Business Innovation

22 July, 2010 IT Security Center (ISEC) Information-technology Promotion Agency (IPA) Copyright 2010 Information-Technology Promotion Agency, Japan 1

Defining Quality Workbook. <Program/Project/Work Name> Quality Definition

Thermal Power Plant Asset Management with Asset-centric Data Model

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

Requirements Engineering Process

Automation can dramatically increase product quality, leading to lower field service, product support and

CSMS. Cyber Security Management System. Conformity Assessment Scheme

1 ISA Security Compliance Institute

SCENARIO PREDICTION OF JAPANESE SOFTWARE INDUSTRY THROUGH HYBRID METHOD

3 Guidance for Successful Evaluations

Nihon Unisys Group. Integrated Report 2015

Business white paper. Best practices for implementing automated functional testing solutions

ALIGNING BUSINESS AND IT A MANAGEMENT

1. Purpose and objectives

1 INTRODUCTION TO SYSTEM ANALYSIS AND DESIGN

Do you know? "7 Practices" for a Reliable Requirements Management. by Software Process Engineering Inc. translated by Sparx Systems Japan Co., Ltd.

TOYOTA CODE OF CONDUCT

Industrial Automation. A Manufacturing Revolution in Automotive and Industrial Equipment

Commencement for Smart Community Project in Greater Manchester, UK

Smart Farming The need for a new collaboration platform

The ALSOK Group is developing services that accurately respond to social needs with the aim of contributing to the safety and security of society.

Module 2: The Project Initiation Stage

Security Engineering Best Practices. Arca Systems, Inc Boone Blvd., Suite 750 Vienna, VA

Chapter 1: Introduction

International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research)

Business Plan in 2015 of Organization for Cross-regional Coordination of Transmission Operators, Japan

Testing of safety-critical software some principles

Standards Initiatives for Software Product Line Engineering and Management within the International Organization for Standardization

The IPSJ Model of IT Professional Certification

ISA Security Compliance Institute

The HR Value Proposition

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Recruitment and Selection

- Table of Contents -

Identity Provisions for Cloud Services: Applying OASIS SOA Reference Model

ISA CERTIFIED AUTOMATION PROFESSIONAL (CAP ) CLASSIFICATION SYSTEM

3SL. Requirements Definition and Management Using Cradle

Information Disclosure Reference Guide for Cloud Service Providers

The SPES Methodology Modeling- and Analysis Techniques

Software Engineering/Courses Description Introduction to Software Engineering Credit Hours: 3 Prerequisite: (Computer Programming 2).

Principles of IT Governance

DO-178B compliance: turn an overhead expense into a competitive advantage

Safer food supply chains why assessments are great news for your business

PROJECT MANAGEMENT IN ENTERPRISE RESOURCE PLANNING (ERP) IMPLEMENTATION

INTRODUCTION TO RAPID PRODUCT DEVELOPMENT (RPD)

Engineering a EIA - 632

SEEM4570 System Design and Implementation Lecture 10 Software Development Process

Software Project Management using an Iterative Lifecycle Model

How Product Development Organizations can Achieve Long- Term Cost Savings Using Model-Based Systems Engineering (MBSE)

WEB Penetration Testing

Requirements Management Practice Description

University of Central Florida Class Specification Administrative and Professional. Web Operations Manager

Software Development Process

Assessing the Appropriate Level of Project, Program, and PMO Structure

Overview of STS Consulting s IV&V Methodology

Advanced Software Engineering. Software Development Processes

IPA/SEC Data entry form Version 3.0 for IPA/SEC White Paper 20xx on software development projects in Japan

Fujitsu s Activities for Quality Assurance

3. PGCluster. There are two formal PGCluster Web sites.

AB Volvo, Göteborg, Sweden. Ref No , August The Volvo Way

EL Program: Smart Manufacturing Systems Design and Analysis

Surveying and evaluating tools for managing processes for software intensive systems

ANSYS SCADE Model-Based Development Solutions for Industrial Equipment and Energy. Critical Systems & Software Development Solutions

Systems Engineering Master Project

Selecting a Software Development Methodology based on. Organizational Characteristics. Adrienne Farrell

CHAPTER 13. Acquiring Information Systems and Applications

Corporate Data Quality Policy

Overview of Financial Results Principal Indicators of Profitability and Financial Soundness. 5,940.5 billion 3,345.6 billion

Project Type Guide. Project Planning and Management (PPM) V2.0. Custom Development Version 1.1 January PPM Project Type Custom Development

INFORMATION SYSTEM AUDITING AND ASSURANCE

Applications in Business. Embedded Systems. FIGURE 1-17 Application Types and Decision Types

Story Card Based Agile Software Development

TKS. TKS Unternehmensberatung und Industrieplanung GmbH. Unternehmensberatung und Industrieplanung GmbH. Company Profile

Intoduction to SysML

Transcription:

Software Reliability Enhancement Center Information-technology Promotion Agency, Japan IPA/SEC's Efforts for Dependable Software September 9, 2013 Yuzo Nakamura (SEC) Information-technology Promotion Agency (IPA), Japan

Changes in SEC's High Priority Goals First Phase Second Phase Third Phase '04... '07 '08 '09 '10 '11 '12 '13 '14 '15 '16 '17 (Third Phase Plan) Improvement of Software Reliability Improvement of Software Development Capability Vendors Small and Mediumsized User Companies Users (General Public) Major Infrastructure Service Providers 1

Efforts for Reliable Enterprise Software 2

Efforts for Reliable Embedded Software 3

Efforts for Reliable Integrated Software Enhancement of Quality Explanation Capabilities Guideline for implementing software quality explanation scheme Integrated Software Diversified use forms, Unexpected uses Different kinds of systems are connected Fast propagation of failures, more serious failures Enhancement of Organizational Efforts Survey on failures that occurred in other countries, Survey on the software industry in Japan, etc. Enhancement of Upstream Process Rigorous specification descriptions with formal methods, Promotion of MBSE, etc. Efforts for Reliable Enterprise Software Efforts for Reliable Embedded Software 4

Efforts for Dependable Software Environmental Changes: Society is becoming ever more reliant on software reliability Further enhancements of increasingly complex products/systems These products/systems are interconnected and serve as part of a larger social infrastructure An increase in the role (importance) of software for society Efforts in Third Phase Plan Concept In addition to the existing activities targeted at development vendors, we will expand these activities to general users, and the major infrastructure service providers who have a significant influence on them. Third Phase Plan: Promotion of efforts for the improvement of reliability in information processing systems that support society - particularly in major infrastructure areas - Measuring of information system failures in the field of critical infrastructure Visualization of software reliability from a user's viewpoint 5

Software Reliability from a User's Viewpoint Software Characteristics With reference to software intensive products/systems: Software is intangible, users are not usually aware of its presence. Once a failure or accident occurs, users will have serious doubts about the future reliability of the software. It is very difficult to remedy the users' doubts after the fact. Importance of the Software Quality Explanation Quality must be explained objectively. For example, the following must be covered: Intended users, purpose, utilization situations, constraints Quality and quality goals of the software required for its use Design, implementation, operation and maintenance required to achieve the quality goals Verification to demonstrate the achievement of the quality goals In addition, by having a third party expert to evaluate the quality explanation, we will be able to understand the explanation objectively. * Although evaluation by the expert will be focused on the software, other areas will also be evaluated. 6

Development of Guideline for Scheme Implementation The necessity of a "Guideline for Implementing Software Quality Explanation Scheme" Implementation of a scheme in which a third party expert evaluates the quality of software intensive products/systems, and the results of the evaluation are presented to the users. Because the required quality level, evaluation methods, etc. vary depending on the product/system area, the scheme must be implementable for each area. SEC developed a guideline for implementing this scheme which should be applied for each area Guideline Provisions Securing fairness (for fair management of the scheme) Securing independence between the third party evaluating products/systems, and their suppliers Review of the scheme by external parties who are not involved within the scheme Securing integrity (integrity of the scheme implemented for each area) Scheme requirements that are not dependent on the relevant products/systems (organizations, responsibility, operations, information management, release, etc.) Development of review criteria covering the relevant quality requirements and technologies for each area 7

Writing Specifications Rigorously (Use of Formal Methods) Introduction of Bugs in the Upstream Process Problems caused by vague specifications or an ambiguous design, etc. Ratios of Causes of Bugs (Enterprise software) Ratios of Causes of Bugs (Embedded software) Testing 14% Planning/ Specification 9% Testing 12% Planning/ Specification 12% Software implementation/ debugging 37% Software design 22% System design 18% Software implementation/ debugging 27% Software design 33% System design 16% Source: "A survey on the software industry" issued by IPA Realization of the "Rigorous Specification Description" based on formal methods A formal description removes ambiguity, enables machine processing and creates further possibilities A description and verification of rigorous specifications becomes possible by using formal specification description language and tools. In addition, the introduction of formal methods contributes to the promotion of communication among stakeholders during system development 8

Dependability Assurance Framework For SSCD Safety-Sensitive Consumer Devices (SSCD) Industrial products such as automobiles, service robots, medical devices, clinical systems, and smart houses used by general consumers Characteristics of SSCD Open, dynamic, used in a diversified manner and requires a high level of dependability They are becoming more sophisticated and complex Factory machineries SSCD Number produced Moderate numbers Huge numbers Users Experts General users Cost High Low to moderate Maintenance Environment Rigorous, Strongly managed Factory environment (stable, controlled) By Users & Service stations (weakly managed) User environment (Open, dynamic and diverse) 9

Dependability Assurance Framework For SSCD Awareness of existing standards (e.g. functional safety) SSCD must not only be safe, but also endure continued use (=dependability). To support an environment of diverse users, a process of quickly and repeatedly verifying control software, while using systems engineering and model-based development, is required so that all use-cases of all users can be covered. By standardizing these processes and simultaneously implementing various tools based on a common methodology, the costs for manufacturing dependable SSCD should be reduced. To achieve the above, we propose a Dependability Assurance Framework (DAF) for securing dependability. The components of DAF are 1. to 3. 1. Dependability Conceptual Models (DCMs) define the factors of dependability 2. Templates to be used to construct Dependability Assurance Cases (DACs) for SSCDs 3. Dependability Process Models (DPMs) define rapid and iterative processes for engineering dependable SSCDs Dependability Assurance Framework For Safety-Sensitive Consumer Devices RFP http://www.omg.org/cgi-bin/doc?sysa/13-03-20.pdf 10

IPA/SEC's Efforts for Dependable Software Thanks For Listening Contact Information Yuzo Nakamura Email: yu-naka@ipa.go.jp Customer Relations Email: sec-pr@ipa.go.jp Web: https://www.ipa.go.jp/ (Japanese) Web: https://www.ipa.go.jp/index-e.html (English) (SEC) Information-technology Promotion Agency (IPA), Japan 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information