high integrity software for high integrity systems
play

High Integrity Software for High Integrity Systems George Romanski - PowerPoint PPT Presentation

Mar 27, 2023 •1.6k likes •2.01k views

High Integrity Software for High Integrity Systems George Romanski Romanski@Verocel.com Outline System safety Safety standards Safety objectives Military avionics Ground based systems Future policy Directions 2 High

  1. High Integrity Software for High Integrity Systems George Romanski Romanski@Verocel.com

  2. Outline • System safety • Safety standards • Safety objectives • Military avionics • Ground based systems • Future policy • Directions 2 High Integrity Software for High Integrity Software SigAda2000

  3. Brake-by-Wire Safety Solutions • System Design - Limit speed to 5 mph • Hardware Design - use mechanical/hydraulic backup • Replicate Computer systems - no common mode errors • Software assurance through compliance with standards (e.g. DO-178B) Computer Hydraulic Pedal System System Brake 3 High Integrity Software for High Integrity Software SigAda2000

  4. DO-178B / ED-12B • Acceptable means of compliance to the regulators of software in avionics systems Not the only means of compliance ! But, if you choose a different approach Must show DO-178B/ED-12B objectives have been met 4 High Integrity Software for High Integrity Software SigAda2000

  5. Intent of DO-178B • Describe objectives for Life-Cycle Processes • Describe process activities • Describe evidence required at different assurance levels 5 High Integrity Software for High Integrity Software SigAda2000

  6. SC-190, WG-52 Committee • 150 Registered Members • Consensus based • 4 years - Report published – Annual Report for Clarification of DO-178B (DO-248A) – Annual Report for Clarification of ED12B (ED-94A) • Position Papers – Document corrections – FAQ’s (Clarifications) – Discussion Papers • CNS/ATM - Work Continues 6 High Integrity Software for High Integrity Software SigAda2000

  7. Typical DO-248A clarifications • Is recursion permitted in airborne applications? – Yes, but it must be bounded ( …etc) • Is Source-code to Object-code traceability required? – Yes, if providing coverage analysis at source code and level A – No, if providing coverage at machine code • If some run-time functions are inlined, is coverage still required – Yes, cannot conceal coverage obligations 7 High Integrity Software for High Integrity Software SigAda2000

  8. Typical DO-248A clarifications Cont. • Can compiler features be used to simplify coverage analysis at object code? – Yes! (e.g. short-circuit operations) – But, the compiler (feature) is being used as a verification tool so compiler (feature) must be qualified as a verification tool • What are the issues for reverification of COTS software? – 8 High Integrity Software for High Integrity Software SigAda2000

  9. Standard Waterfall Process Model Requirements Design Code Where is the Evidence? Test 9 High Integrity Software for High Integrity Software SigAda2000

  10. Code Exists - Requirements re-engineered Requirements Design 2 Code 1 Test 10 High Integrity Software for High Integrity Software SigAda2000

  11. Requirements Based tests Develop Tests Requirements 3 4 Design 2 Code 1 Test 11 High Integrity Software for High Integrity Software SigAda2000

  12. Standard Waterfall Model Develop Tests Requirements 3 4 Design 2 Code 1 Materials Developed Test /Reviewed by Re-engineering 12 High Integrity Software for High Integrity Software SigAda2000

  13. Validation and Verification Validation Verification Req 1 Component 1 Req 2 Component 2 Req 3 Component 3 Req 4 Component 4 Req 5 Component 5 ? ? Req 6 Component 6 ? System built to Goals Requirements Complete and Correct 13 High Integrity Software for High Integrity Software SigAda2000

  14. RTS an Important Component SYSTEM in one address space Application Programming Interface Application Run-Time Code System Same assurance level for all components System cannot be Certified unless RTS is Verified 14 High Integrity Software for High Integrity Software SigAda2000

  15. Deterministic Behavior Functionality Resources Time 15 High Integrity Software for High Integrity Software SigAda2000

  16. Deterministic Behavior • Results of a function are the inevitable consequence of its inputs: – Parameters – Global variables • Bound on the resources used – Memory - no new memory after startup – Stack - HUGE margins • Bound on the time taken to complete the function – time taken to execute a function depends on many system level parameters, – non-linear relationships are noted as they can cause the application to miss deadlines 16 High Integrity Software for High Integrity Software SigAda2000

  17. Black Box Testing • No single failure should prevent “Continuous safe flight and landing.” • Statistical testing cannot show absence of a single state that will cause a failure • Software has discontinuities • Software does not follow Gauss/Normal Distribution There is no foundation for statistical reasoning There is no foundation for statistical reasoning about software faults or safety about software faults or safety 17 High Integrity Software for High Integrity Software SigAda2000

  18. Coverage Analysis • Analysis of testing methods and results to show effectiveness of testing • Method to show absence of unintended function • Should be based (as much as possible) on requirements based tests • Rigor depends on criticality level Note: Coverage Analysis Coverage Analysis not not Coverage Testing Coverage Testing 18 High Integrity Software for High Integrity Software SigAda2000

  19. Coverage at Level B and C • Statement Coverage Level C • Decision Coverage – Entry Points Level B – Exit Points – All Decisions – All Outcomes 19 High Integrity Software for High Integrity Software SigAda2000

  20. Coverage at Level A • Coverage required at Machine Code level or • Show source to object code traceability and test at source level or • Use different compilers and different languages or • MCDC testing required – each condition must have effect on outcome 20 High Integrity Software for High Integrity Software SigAda2000

  21. Military Avionics • D0-178B - now mandated by congress • Need Safety - even though: – Pilots have parachutes – Pilots don’t sue • Want safe software – Don’t need the evidence ? – Must withstand an audit 21 High Integrity Software for High Integrity Software SigAda2000

  22. The ‘Requirements’ for ATM Systems More Safety Increase in Capacity Lower Costs Fewer Resource constraints Want to use COTS !!! 22 High Integrity Software for High Integrity Software SigAda2000

  23. The ‘Challenges’ for ATM Systems Current technology Becomoing obsolete New Technology Increasing in cost Air Traffic in Europe Increasing 6% pa. Air Traffic in US Increasing 4% pa. 23 High Integrity Software for High Integrity Software SigAda2000

  24. WAAS Ionospheric storm data Selective availability helps Sun may distort signal 24 High Integrity Software for High Integrity Software SigAda2000

  25. The “Flight Profile” Departure Procedure Dynamic Information - Weather Static Information - warnings - Terrain - capacity constraints - Airways - Special use airspace schedules - Airport - Etc. Preferred Path b m Preferred Descent Airport i l C d e r r e f e r P 25 High Integrity Software for High Integrity Software SigAda2000

  26. Object Oriented ‘Free-Flight’ Flight Profile Filed Flight Trajectory Active Flight Trajectory Objects Traffic Density Airspace Data Predictions Dynamic Route Structures Dynamic Route Structures 26 High Integrity Software for High Integrity Software SigAda2000

  27. Object Oriented Technology • Pressure from industry to use it • Industry expect lower certification costs - eventually • Certification authorities nervous 27 High Integrity Software for High Integrity Software SigAda2000

  28. Reusable Software Components (RSC) RSC RSC Developer Run-Time system Integrator Product Subsystem manufacturer e.g. FMS Applicant Product Airframe manufacturer e.g. Airplane, FMS Subsystem manufacturer FAA 28 High Integrity Software for High Integrity Software SigAda2000

  29. Reusable Software Component - Credit • Applicant applies for Type Certificates for Product • Applicant supplies DO-178B materials for RSC – Software Level (A, B, C, D) – Identified Processor type – Identified Compiler • FAA provides letter to RSC developer which documents certification credit • Eliminates / Reduces reverification on new project 29 High Integrity Software for High Integrity Software SigAda2000

  30. Multiple Systems 1 box 2 CPU’s Cabin Management Cabin Management Power Management Power Management Primary Secondary ARINC Bus ARINC Bus 30 High Integrity Software for High Integrity Software SigAda2000

  31. Partitioned Systems I ntegrated M odular Cabin A vionics Management APEX Power ARINC 653 Management Cabin OS Management Power Management OS Primary Secondary ARINC Bus ARINC Bus 31 High Integrity Software for High Integrity Software SigAda2000

  32. The Partitioned Promise • Cheaper to verify components • Cheaper to re-verify components • Lowers criticality level - lowers certification costs • Less software to audit when component changed/upgraded 32 High Integrity Software for High Integrity Software SigAda2000

  33. Don’t Argue with the Auditors • Arguing with the auditors is like mud wrestling with a pig • After a while you find out the pig really likes it! 33 High Integrity Software for High Integrity Software SigAda2000

Recommend

High Integrity Systems C.O.D.E. Developing Certified Components for High Integrity Embedded

High Integrity Systems C.O.D.E. Developing Certified Components for High Integrity Embedded

High Integrity Systems C.O.D.E. Developing Certified Components for High Integrity Embedded Systems http://www.hidecs.co.uk/ Email: Paul_E.Bennett@topmail.co.uk 22 February 2013 Paul E. Bennett IEng MIET 1 HIDECS Consultancy In a paper by

397 views • 26 slides
KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY Blockchain & Security Ruth Crowell, Chief Executive Asia Pacific Precious Metals

460 views • 10 slides
High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner What is

High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner What is

High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner What is SPARK? A sub-language of Ada 83 and 95 with particular properties that make it ideally suited to the most critical of applications: completely

848 views • 10 slides
Using SPARK to ensure System to Software Integrity Tonu Naks , M. Anthony Aiello, S. Tucker Taft

Using SPARK to ensure System to Software Integrity Tonu Naks , M. Anthony Aiello, S. Tucker Taft

Using SPARK to ensure System to Software Integrity Tonu Naks , M. Anthony Aiello, S. Tucker Taft 10th European Congress on Embedded Real Time Software and Systems, 29-31/01/2020 Toulouse 1 Agenda AdaCore System-to-Software Integrity (SSI)

504 views • 29 slides
CRC for High Integrity Australian Pork Established and supported under the Australian

CRC for High Integrity Australian Pork Established and supported under the Australian

CRC for High Integrity Australian Pork Established and supported under the Australian Governments Cooperative Research Centres Program Canola Meal NIR Calibration Implementation Project JCS Solutions Pty Ltd John Spragg Joint

464 views • 9 slides
Special Board Workshop Student Stress Piedmont High School December 9, 2019 Academic Integrity

Special Board Workshop Student Stress Piedmont High School December 9, 2019 Academic Integrity

Special Board Workshop Student Stress Piedmont High School December 9, 2019 Academic Integrity Academic Integrity Questions on CS Survey Working on an assignment with others when the instructor asked for individual work. Copying someone

347 views • 30 slides
Use in Practice 1 Simulation goals High integrity representation of the dynamic, connected

Use in Practice 1 Simulation goals High integrity representation of the dynamic, connected

Use in Practice 1 Simulation goals High integrity representation of the dynamic, connected and non-linear physical processes that govern the different performance aspects that impact on the overall acceptability of buildings and their

422 views • 30 slides
Structural Integrity Evaluation of High-Temperature Wedge Flowmeter According to an Elevated

Structural Integrity Evaluation of High-Temperature Wedge Flowmeter According to an Elevated

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Structural Integrity Evaluation of High-Temperature Wedge Flowmeter According to an Elevated Temperature Design Rule Jae-Hun Cho a , Hyeong-Yeon Lee a * , Jewhan

212 views • 4 slides
Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity and Confidentiality MoSAIC MoSAIC M.O.Killijian, D.Powell, M.Bantre, P.Couderc, Y.Roudier LAAS-CNRS - IRISA- Eurcom Context Context 3

159 views • 14 slides
Case Histories of Life Cycle Well Integrity Management Using iWIT Software SPE London, Nov 29 th

Case Histories of Life Cycle Well Integrity Management Using iWIT Software SPE London, Nov 29 th

www.intetech.com Case Histories of Life Cycle Well Integrity Management Using iWIT Software SPE London, Nov 29 th , 2011 Liane Smith and Ged Lunt, Intetech Ltd. www.intetech.com INTEGRITY TECHNOLOGY Focus: - on integrity in design work

780 views • 42 slides
Professional Integrity to Testing & Certification Practitioners Integrity Training for PCSTP

Professional Integrity to Testing & Certification Practitioners Integrity Training for PCSTP

Professional Integrity to Testing & Certification Practitioners Integrity Training for PCSTP Applicants Hong Kong Ethics Development Centre Independent Commission Against Corruption Competence Requirement Integrity Management

574 views • 23 slides
LESSONS LEARNED Research Integrity Some Thoughts Integrity is doing the right thing when

LESSONS LEARNED Research Integrity Some Thoughts Integrity is doing the right thing when

Mr. Gianfranco Scipione, M.Sc., J.D./M.B.A. Manager, Research Integrity UHN Research Ms. Katie Roposa, BScN, MEd, RN, CMQ/OE Director, Research Quality Integration UHN Research LESSONS LEARNED Research Integrity Some Thoughts Integrity

623 views • 21 slides
Going Remote with Integrity 3.0: Your Academic Integrity Policy Gone Virtual Dr. James Earl Orr,

Going Remote with Integrity 3.0: Your Academic Integrity Policy Gone Virtual Dr. James Earl Orr,

Going Remote with Integrity 3.0: Your Academic Integrity Policy Gone Virtual Dr. James Earl Orr, Jr. April 9, 2020 Caveat to Presentation True Promotion of Academic Integrity Involves a Coordinated Campus Conversation Faculty, Students,

464 views • 44 slides
Standard I.C Institutional Integrity I.C: Institutional Integrity How define institutional

Standard I.C Institutional Integrity I.C: Institutional Integrity How define institutional

Standard I.C Institutional Integrity I.C: Institutional Integrity How define institutional integrity? What evidence shows BC is trustworthy? I.C: Institutional Integrity Standard #1: We make sure the information we give is

227 views • 6 slides
Integrity 1. Perspective Five Steps to Decision Integrity Dialogue grows perspective about

Integrity 1. Perspective Five Steps to Decision Integrity Dialogue grows perspective about

GOOD DECISION 5. Connection 4. Alignment 3. Priority 2. Importance Integrity 1. Perspective Five Steps to Decision Integrity Dialogue grows perspective about stakeholders and values. Integrity is rooted in open, honest examination of stakeholder

431 views • 15 slides
Cobalt 121 Mining Investment Conference New York June 2019 1 Trust | Respect | Integrity

Cobalt 121 Mining Investment Conference New York June 2019 1 Trust | Respect | Integrity

High Grade, High Quality, Solid Partners Copper-Zinc-Lead-Gold- Silver and now Cobalt 121 Mining Investment Conference New York June 2019 1 Trust | Respect | Integrity 1 Forward Looking Statements This presentation release includes

956 views • 54 slides
By producing high quality products And by serving our customers with integrity Four farmers

By producing high quality products And by serving our customers with integrity Four farmers

Preferred Popcorn Strives to honor God By producing high quality products And by serving our customers with integrity Four farmers Sales increase to Preferred Popcorn marks come together to customers in 50 completion of first decade form

323 views • 18 slides
Safety Study: Integrity Management of Gas Transmission Pipelines in High Consequence Areas Ivan

Safety Study: Integrity Management of Gas Transmission Pipelines in High Consequence Areas Ivan

Safety Study: Integrity Management of Gas Transmission Pipelines in High Consequence Areas Ivan Cheung 2015 Pipeline Safety Trust Annual Conference November 19, 2015 1 NTSB Background Independent federal agency No regulatory authority

417 views • 31 slides
Corporate integrity in turbulent times EY Forensic & Integrity Services 9 July 2020

Corporate integrity in turbulent times EY Forensic & Integrity Services 9 July 2020

Corporate integrity in turbulent times EY Forensic & Integrity Services 9 July 2020 Restriction of use and liability EY Global Integrity Report 2020 Spotlight on India The COVID-19 crisis has magnified the risk of unethical conduct in

985 views • 7 slides
PROGRAM INTEGRITY 101 Program Integrity Kimberly Sullivan, JD DHH Deputy General Counsel

PROGRAM INTEGRITY 101 Program Integrity Kimberly Sullivan, JD DHH Deputy General Counsel

PROGRAM INTEGRITY 101 Program Integrity Kimberly Sullivan, JD DHH Deputy General Counsel PURPOSE 2 Assure the Programmatic and Fiscal Integrity of the Louisiana Medical Assistance Program (Medicaid). In order for DHH to receive the federal

448 views • 25 slides
Asset Integrity Management The House of Integrity Integrating Process Safety Steven Saunders

Asset Integrity Management The House of Integrity Integrating Process Safety Steven Saunders

: Asset Integrity Management The House of Integrity Integrating Process Safety Steven Saunders TUV Rheinland/Risktec This Presentation What is asset integrity? Why should we invest in asset integrity? A modern interpretation of

1.34k views • 27 slides
Integrity of Secondary Containment for Crude Oil Storage Tanks at VMT PWSRCAC Staff Tom

Integrity of Secondary Containment for Crude Oil Storage Tanks at VMT PWSRCAC Staff Tom

Integrity of Secondary Containment for Crude Oil Storage Tanks at VMT PWSRCAC Staff Tom Kuckertz Linda Swiss TOEM and OSPR Committees 1/16/13 Integrity of Secondary Containment Discovery of initial integrity issue More integrity

633 views • 13 slides
1 The symbol of integrity watching signalling checking Antecedents of the Integrity Project

1 The symbol of integrity watching signalling checking Antecedents of the Integrity Project

Why committed SAO itself to the integrity approach in the fight against corruption? Presentation by Gyula Pulay, supervisory manager SAI of Hungary The symbol of corruption 1 The symbol of integrity watching signalling checking

362 views • 12 slides
ACADEMIC INTEGRITY Management Approach Academic Integrity Procedure #2502 Barton Community

ACADEMIC INTEGRITY Management Approach Academic Integrity Procedure #2502 Barton Community

ACADEMIC INTEGRITY Management Approach Academic Integrity Procedure #2502 Barton Community College is an academic community committed to upholding the highest ideals of integrity and the related values of honesty, trust, cooperation, respect,

307 views • 7 slides

More recommend