Skip to main content

Software for Dependable Systems Sufficient Evidence? (2007) / Chapter Skim
Currently Skimming:

Summary
Pages 1-15

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 1...
... A system is dependable when it can be depended on to produce the consequences for which it was designed, and no adverse effects, in its intended environment. This means, first and foremost, that the term dependability has no useful meaning for a given system until these consequences and the intended environment are made explicit by a clear prioritization of the requirements of the system and an articulation of environmental assumptions.
Read the entire page →
From page 2...
... The field of software engineering suffers from a pervasive lack of evidence about the incidence and severity of software failures; about the dependability of existing software systems; about the efficacy of existing and proposed development methods; about the benefits of certification schemes; and so on. There are many anecdotal reports, which -- although often useful for indicating areas of concern or highlighting promising avenues of research -- do little to establish a sound and complete basis for making policy decisions regarding dependability.
Read the entire page →
From page 3...
... are relatively easy to adopt; others (such as constructing hazard analyses and threat models, exploiting formal notations when appropriate, and applying static analysis to code) will require new training for many developers.
Read the entire page →
From page 4...
... Large software projects fail at a high rate, and the cost of projects that do succeed in delivering highly dependable software is often exorbitant. Second, the quality of software produced by the industry is extremely variable, and there is inadequate oversight in some critical areas.
Read the entire page →
From page 5...
... Instead, software developers should marshal evidence to justify an explicit dependability claim that makes clear which properties in the real world the system is intended to establish. Such evidence forms a dependability case, and creating a dependability case is the cornerstone of the committee's approach to developing certifiably dependable software systems.
Read the entire page →
From page 6...
... There are no easy solutions to the problem of developing dependable software, and there will always be systems that cannot be built to the required level of dependability even using the latest methods. But, the approach recommended is aimed at producing certifiably dependable systems today, and the committee believes it holds promise for developing the systems that will be needed in the future.
Read the entire page →
From page 7...
... The properties of interest to the user of a system are typically located in the physical world: that a radiotherapy machine deliver a certain dose, that a telephone transmit a sound wave faithfully, that a printer make appropriate ink marks on paper, and so on. The software, on the other hand, is typically specified in terms of properties at its interfaces, which usually involve phenomena that are not of direct interest to the user: that the radiotherapy machine, telephone, or printer send or receive certain signals at certain ports, with the inputs related to the outputs according to some rules.
Read the entire page →
From page 8...
... The interdependences among components of critical software systems should be analyzed to ensure that there is no fault propagation path from less critical components to more critical components, that modes of failure are well understood, and that failures are localized to the greatest extent possible. The reduction of interactive complexity and tight coupling can contribute not only to the improvement of system dependability but also to the development of evidence and analysis in the service of a dependability case.
Read the entire page →
From page 9...
... Some certification schemes, for example, associate higher safety integrity levels with more burdensome process prescriptions and imply that following the processes recommended for the highest integrity levels will ensure that the failure rate is minuscule. In the absence of a carefully constructed dependability case, such confidence is misplaced.
Read the entire page →
From page 10...
... When a highly dependable system is required, therefore, a formal approach may be the most cost effective. CERTIFICATION, TRANSPARENCy, AND ACCOUNTAbILITy A variety of certification regimes exist for software in particular application domains.
Read the entire page →
From page 11...
... No single certification regime is suitable for all circumstances, so a suitable scheme should be chosen for each circumstance. Industry groups and professional societies should consider developing model certification schemes appropriate to their domains, taking account of the detailed recommendations in this report.
Read the entire page →
From page 12...
... More pervasive deployment of software in the civic infrastructure may lead to catastrophic failures unless improvements are made. Software has the potential to bring dramatic benefits to society, but it will not be possible to realize these benefits -- especially in critical applications -- unless software becomes more dependable.
Read the entire page →
From page 13...
... , and formal methods -- are likely to reduce the cost and difficulty of producing dependable software. Follow proven principles for software development.
Read the entire page →
From page 14...
... Demand accountability and make it explicit. Where there is a need to deploy certifiably dependable software, it should always be made explicit who or what is accountable, professionally and legally, for any failure to achieve the declared dependability.
Read the entire page →
From page 15...
...  SUMMARY Federal agencies that support information technology research and development should give priority to basic research to further softwareenabled system dependability, emphasizing a systems perspective and evidence. In keeping with this report's approach, such research should emphasize a systems perspective and "the three Es" (explicit claims, evidence, and expertise)
Read the entire page →

Key Terms

  • dependable software
  • software development
  • dependability claim
  • software failures
  • certifiably dependable

  • formal methods
  • environmental assumptions
  • required properties
  • proposed approach
  • reasonable cost

  • dependability claims
  • certification regimes
  • certification schemes
  • tight coupling
  • interactive complexity

  • software products
  • particular development
  • explicit dependability
  • highly dependable
  • development methods

  • particular process
  • development approaches
  • security vulnerabilities
  • safety culture
  • sufficient evidence

  • catastrophic failures
  • fault models
  • radiotherapy machine
  • static analysis
  • critical components


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.