high integrity systems c o d e
play

High Integrity Systems C.O.D.E. Developing Certified Components for - PowerPoint PPT Presentation

Nov 04, 2022 •127 likes •397 views

High Integrity Systems C.O.D.E. Developing Certified Components for High Integrity Embedded Systems http://www.hidecs.co.uk/ Email: Paul_E.Bennett@topmail.co.uk 22 February 2013 Paul E. Bennett IEng MIET 1 HIDECS Consultancy In a paper by

  1. High Integrity Systems C.O.D.E. Developing Certified Components for High Integrity Embedded Systems http://www.hidecs.co.uk/ Email: Paul_E.Bennett@topmail.co.uk 22 February 2013 Paul E. Bennett IEng MIET 1 HIDECS Consultancy

  2. In a paper by Phil Koopman, titled “The Grand Challenge of Embedded System Dependability” he sets out that “Four significant challenges in embedded system dependability are: • embedded-specific security approaches, • unifying security with safety, • dealing with composable emergent properties, • and enabling domain experts to use advanced dependability techniques.” 22 February 2013 Paul E. Bennett IEng MIET 2 HIDECS Consultancy

  3. Where mistakes are made (Out of control, 2nd edition 2003, Health & Safety Executive HSE – UK) 22 February 2013 Paul E. Bennett IEng MIET 3 HIDECS Consultancy

  4. Capability & Correctness 22 February 2013 Paul E. Bennett IEng MIET 4 HIDECS Consultancy

  5. Software Needs Hardware ● Software does not operate without the support of the hardware on which it runs. ● Hardware can suffer random failures ● Environmental Factors ● Stress Induced Failures ● Wear-Out Failures ● Software only suffers systematic failures 22 February 2013 Paul E. Bennett IEng MIET 5 HIDECS Consultancy

  6. Software Needs Hardware Failure = f(h)+f(s) f(h) f(s) 22 February 2013 Paul E. Bennett IEng MIET 6 HIDECS Consultancy

  7. Software Needs Hardware For a Single Channel of Control Failure = f(h)+f(s) 10E0 to <10E-99 10E0 to 10E-3 f(h) f(s) 22 February 2013 Paul E. Bennett IEng MIET 7 HIDECS Consultancy

  8. Design Integrity is vital ● Know the working environmnt ● Design to operate within limitations of that enviornment ● Be clear about the Tasks to be performed ● Task Description ● Task Analysis ● Hazop Study & Risk Assessment ● Revisit the early concept ● It will not usually be right on the first pass so go back and look at what you can improve as early as possible. 22 February 2013 Paul E. Bennett IEng MIET 8 HIDECS Consultancy

  9. Have a Robust Process ● To develop a High Integrity System you need to be at CMM-3 or better from the start ● Your process needs to manage a multitude of versions and changes ● You need to keep the information and knowledge safe and secure ● You need to know that you and your clients are working to the same specification 22 February 2013 Paul E. Bennett IEng MIET 9 HIDECS Consultancy

  10. Specification Discovery Specification and Design Implementation Job Design Task Training Analysis Human/ Requirements Computer Operational Specification Interface Trials Design Function Manufacture Analysis Functional Design 22 February 2013 Paul E. Bennett IEng MIET 10 HIDECS Consultancy

  11. The Document Trail 22 February 2013 Paul E. Bennett IEng MIET 11 HIDECS Consultancy

  12. An Engineering Process Model Accept Process Requirements Issue Function Review 22 February 2013 Paul E. Bennett IEng MIET 12 HIDECS Consultancy

  13. An Engineering Process Model Accept Process f1 Requirements Issue Function Review f1 f3 f1 Work Change Work Review Instruction Instruction f2 Change Change Proposal Proposal f1 Problem Simple f4 f4 Report Review Explanation 22 February 2013 Paul E. Bennett IEng MIET 13 HIDECS Consultancy

  14. Why Forth? ● Stable Virtual Machine (about 40 years) ● Extensible ● Supportive of Structured Programming ● Supportive of Component Oriented Approach ● Does not rely on sub-setting to be “Safe” ● Fully Certifiable 22 February 2013 Paul E. Bennett IEng MIET 14 HIDECS Consultancy

  15. Why Forth? Perihperal Interfaces Processor 22 February 2013 Paul E. Bennett IEng MIET 15 HIDECS Consultancy

  16. Why Forth? Forth Kernel Parameter Stack Return Stack Perihperal Interfaces Processor 22 February 2013 Paul E. Bennett IEng MIET 16 HIDECS Consultancy

  17. Why Forth? Forth Kernel Peripheral Support Code Parameter Stack Return Stack Perihperal Interfaces Processor 22 February 2013 Paul E. Bennett IEng MIET 17 HIDECS Consultancy

  18. Why Forth? Application Specific Base Forth Kernel Peripheral Support Code Parameter Stack Return Stack Perihperal Interfaces Processor 22 February 2013 Paul E. Bennett IEng MIET 18 HIDECS Consultancy

  19. Why Forth? Application Application Specific Base Forth Kernel Peripheral Support Code Parameter Stack Return Stack Perihperal Interfaces Processor 22 February 2013 Paul E. Bennett IEng MIET 19 HIDECS Consultancy

  20. Component Oriented ● All systems are constructed from components ● Components have Datasheets describing their attributes, functionaility and limitations. ● Components are complete in themselves ● Components can be certified for compliance with their specification. ● Non-compliance becomes obvious upon proper inspection. 22 February 2013 Paul E. Bennett IEng MIET 20 HIDECS Consultancy

  21. Certifiying Software Components ● NPL have been running approximately 5,000 random C compilations per evening on a selection of C compilers. So far there have been no matches observed at the object code level. ● Forth already has at least two fully certified compiler implementations for High Integrity Applications. ● Choosing Forth made such certification effort much easier to complete. 22 February 2013 Paul E. Bennett IEng MIET 21 HIDECS Consultancy

  22. Producing High Integrity Code ● Think of writing the comments first (use the comments as a statement of what you expect to be achieved). ● Review the comments to establish the state the true intent for the code you have yet to write. ● Write the code to meet the statement of requirements expressed by the comments. ● Statically Inspect the code to ensure implementation matches intent ● Perform a functional test of all logical paths in the code. ● Perform a limitations test (trying to make the code fail). ● 100% Path and Function Coverage is possible. 22 February 2013 Paul E. Bennett IEng MIET 22 HIDECS Consultancy

  23. Code Inspection Sample \ DSQRT (c) PEB 28/10/05 : DSQRT ( ud -- u ) (G u is the nearest integer value of the square root of the ) ( unsigned number ud. Results are rounded down. ) -1 >R BEGIN R> 1+ >R R@ 2* 1+ S>D D- 2DUP D0>= NOT UNTIL 2DROP R> ; 22 February 2013 Paul E. Bennett IEng MIET 23 HIDECS Consultancy

  24. Code Inspection Sample \ DSQRT (c) PEB 28/10/05 : DSQRT ( ud -- u ) (G u is the nearest integer value of the square root of the ) ( unsigned number ud. Results are rounded down. ) -1 >R BEGIN R> 1+ >R R@ 2* 1+ S>D D- 2DUP D0>= NOT UNTIL 2DROP R> ; The above code fails certification as the word's glossary comment does not match the actual action of the code below it. The result returned is only valid if the input value is a positive signed number (31 bits instead of 32 - based on system with 16 bit width). 22 February 2013 Paul E. Bennett IEng MIET 24 HIDECS Consultancy

  25. Code Inspection Sample \ DSQRT (c) PEB 28/10/05 : DSQRT ( +dn -- +n ) (G +n is the nearest positive integer value of the square root of ) ( the positive double length integer +dn. Results are rounded ) ( down to the nearest positive integer. ) -1 >R BEGIN R> 1+ >R R@ 2* 1+ S>D D- 2DUP D0>= NOT UNTIL 2DROP R> ; After analysis, the code was deemed suitable for the application it was intended for but the glossary entry had to be re-worded to properly document its intention and limitations. 22 February 2013 Paul E. Bennett IEng MIET 25 HIDECS Consultancy

  26. Summary ● You need a development process to at least CMM level 3 capability. ● Component Oriented Approaches keep the problems bounded. ● Forth is a very good Component Oriented Development Environment ● Forth code can be as certifiable as hardware. 22 February 2013 Paul E. Bennett IEng MIET 26 HIDECS Consultancy

Recommend

High Integrity Software for High Integrity Systems George Romanski Romanski@Verocel.com Outline

High Integrity Software for High Integrity Systems George Romanski Romanski@Verocel.com Outline

High Integrity Software for High Integrity Systems George Romanski Romanski@Verocel.com Outline System safety Safety standards Safety objectives Military avionics Ground based systems Future policy Directions 2 High

2.01k views • 33 slides
High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner What is

High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner What is

High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner What is SPARK? A sub-language of Ada 83 and 95 with particular properties that make it ideally suited to the most critical of applications: completely

848 views • 10 slides
KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY Blockchain &amp; Security Ruth Crowell, Chief Executive Asia Pacific Precious Metals

460 views • 10 slides
Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity and Confidentiality MoSAIC MoSAIC M.O.Killijian, D.Powell, M.Bantre, P.Couderc, Y.Roudier LAAS-CNRS - IRISA- Eurcom Context Context 3

159 views • 14 slides
CSCI 127 Introduction to Database Systems Integrity Constraints and Functional Dependencies

CSCI 127 Introduction to Database Systems Integrity Constraints and Functional Dependencies

CSCI 127 Introduction to Database Systems Integrity Constraints and Functional Dependencies CSCI 127: Introduction to Database Systems Integrity Constraints Purpose: Prevent semantic inconsistencies in data total savings + checking

1.01k views • 64 slides
CRC for High Integrity Australian Pork Established and supported under the Australian

CRC for High Integrity Australian Pork Established and supported under the Australian

CRC for High Integrity Australian Pork Established and supported under the Australian Governments Cooperative Research Centres Program Canola Meal NIR Calibration Implementation Project JCS Solutions Pty Ltd John Spragg Joint

464 views • 9 slides
Special Board Workshop Student Stress Piedmont High School December 9, 2019 Academic Integrity

Special Board Workshop Student Stress Piedmont High School December 9, 2019 Academic Integrity

Special Board Workshop Student Stress Piedmont High School December 9, 2019 Academic Integrity Academic Integrity Questions on CS Survey Working on an assignment with others when the instructor asked for individual work. Copying someone

347 views • 30 slides
SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P P HOUSTON, TEXAS S S S S Sales@safeplexsystems.com Systems, ystems, P Products, roducts, S Services, ervices, I Integrity ntegrity S I

99 views • 7 slides
SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P P HOUSTON, TEXAS S S S S Sales@safeplexsystems.com Systems, ystems, P Products, roducts, S Services, ervices, I Integrity ntegrity S I

80 views • 5 slides
Advanced Systems Security: Control-Flow Integrity Trent Jaeger Systems and Internet

Advanced Systems Security: Control-Flow Integrity Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Control-Flow Integrity Trent

1.55k views • 36 slides
Last Time Why Database Management Systems? IT420: Database Management and High-level

Last Time Why Database Management Systems? IT420: Database Management and High-level

Last Time Why Database Management Systems? IT420: Database Management and High-level abstractions for data access, Organization manipulation, and administration Data integrity and security Performance and scalability Introduction

224 views • 9 slides
C4 LIS Integrity Services Streamlining LIS Systems and Processes with Dedicated Solutions

C4 LIS Integrity Services Streamlining LIS Systems and Processes with Dedicated Solutions

C4 LIS Integrity Services Streamlining LIS Systems and Processes with Dedicated Solutions Welcome to C4 C4 is dedicated to improving ease of use and ongoing management of LIS systems. We are equally dedicated to communicating in real-time, as

224 views • 6 slides
Use in Practice 1 Simulation goals High integrity representation of the dynamic, connected

Use in Practice 1 Simulation goals High integrity representation of the dynamic, connected

Use in Practice 1 Simulation goals High integrity representation of the dynamic, connected and non-linear physical processes that govern the different performance aspects that impact on the overall acceptability of buildings and their

422 views • 30 slides
Structural Integrity Evaluation of High-Temperature Wedge Flowmeter According to an Elevated

Structural Integrity Evaluation of High-Temperature Wedge Flowmeter According to an Elevated

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Structural Integrity Evaluation of High-Temperature Wedge Flowmeter According to an Elevated Temperature Design Rule Jae-Hun Cho a , Hyeong-Yeon Lee a * , Jewhan

212 views • 4 slides
Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP

Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP

Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP Applicants Hong Kong Ethics Development Centre Independent Commission Against Corruption Competence Requirement Integrity Management

574 views • 23 slides
Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security Karim Eldefrawy Xavier Carpent Norrathep (Oak) Rattanavipanon Gene Tsudik University of California, Irvine SRI International Agenda

409 views • 38 slides
LESSONS LEARNED Research Integrity Some Thoughts Integrity is doing the right thing when

LESSONS LEARNED Research Integrity Some Thoughts Integrity is doing the right thing when

Mr. Gianfranco Scipione, M.Sc., J.D./M.B.A. Manager, Research Integrity UHN Research Ms. Katie Roposa, BScN, MEd, RN, CMQ/OE Director, Research Quality Integration UHN Research LESSONS LEARNED Research Integrity Some Thoughts Integrity

623 views • 21 slides
CMPSC 497 Execution Integrity Trent Jaeger Systems and Internet Infrastructure Security

CMPSC 497 Execution Integrity Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Execution Integrity Trent Jaeger Systems and

694 views • 68 slides
Going Remote with Integrity 3.0: Your Academic Integrity Policy Gone Virtual Dr. James Earl Orr,

Going Remote with Integrity 3.0: Your Academic Integrity Policy Gone Virtual Dr. James Earl Orr,

Going Remote with Integrity 3.0: Your Academic Integrity Policy Gone Virtual Dr. James Earl Orr, Jr. April 9, 2020 Caveat to Presentation True Promotion of Academic Integrity Involves a Coordinated Campus Conversation Faculty, Students,

464 views • 44 slides
Standard I.C Institutional Integrity I.C: Institutional Integrity How define institutional

Standard I.C Institutional Integrity I.C: Institutional Integrity How define institutional

Standard I.C Institutional Integrity I.C: Institutional Integrity How define institutional integrity? What evidence shows BC is trustworthy? I.C: Institutional Integrity Standard #1: We make sure the information we give is

227 views • 6 slides
Integrity 1. Perspective Five Steps to Decision Integrity Dialogue grows perspective about

Integrity 1. Perspective Five Steps to Decision Integrity Dialogue grows perspective about

GOOD DECISION 5. Connection 4. Alignment 3. Priority 2. Importance Integrity 1. Perspective Five Steps to Decision Integrity Dialogue grows perspective about stakeholders and values. Integrity is rooted in open, honest examination of stakeholder

431 views • 15 slides
Cobalt 121 Mining Investment Conference New York June 2019 1 Trust | Respect | Integrity

Cobalt 121 Mining Investment Conference New York June 2019 1 Trust | Respect | Integrity

High Grade, High Quality, Solid Partners Copper-Zinc-Lead-Gold- Silver and now Cobalt 121 Mining Investment Conference New York June 2019 1 Trust | Respect | Integrity 1 Forward Looking Statements This presentation release includes

956 views • 54 slides
Supply Chain Integration For Integrity Policy and architecture for built-in supply chain

Supply Chain Integration For Integrity Policy and architecture for built-in supply chain

Supply Chain Integration For Integrity Policy and architecture for built-in supply chain integrity of trusted components for Electric Delivery Systems (EDS) Frederick T. Sheldon, Ph.D. Kaylee Justice and Elijah Fetzer David Manz, Ph.D. Summer

467 views • 45 slides
Integrity Assurance in Resource-Bounded Systems through Stochastic Message Authentication Aron

Integrity Assurance in Resource-Bounded Systems through Stochastic Message Authentication Aron

2nd Symposium and Bootcamp on the Science of Security (HotSoS) April 21st, 2015 Integrity Assurance in Resource-Bounded Systems through Stochastic Message Authentication Aron Laszka, Yevgeniy Vorobeychik, and Xenofon Koutsoukos Institute for

404 views • 22 slides

More recommend