Docstoc

Certification Certification Roadmap Helen Gill Connie Heitmeyer Jim Horning

Document Sample
Certification Certification Roadmap Helen Gill Connie Heitmeyer Jim Horning Powered By Docstoc
					 Certification Roadmap


Helen Gill, Connie Heitmeyer, Jim Horning,
Warren Hunt, John Rushby, Hassen Saidi,
 Ashish Tiwari, Yves Bertot, Tomas Uribe
               April 2, 2006
           What is Certification?
• The assertion that there is compelling,
  documented assurance that the system
  satisfies a required set of properties
  – Issued by some certifying authority

• What is documented assurance?
  – “A documented body of evidence that provides a
    convincing and valid argument that a system is
    adequate for a given application in a given
    environment”--- that is, that the system exhibits the
    claimed properties
  Preliminary Certification Roadmap
• 1--2 Years:
   – Formal methods applied during system development and
     certification
   – Local victories: benefits (widely publicized), including cost
     and time savings, and improved confidence [add example]
• 5 Years:
   – Scientific certification methods developed for core assurance
     case
       • [Slogan: Scientific certification? Evidence-based? ]
• 10 Years:
   – Automated formal methods employed top to bottom in
     support of scientific certification
• 15 Years:
   – Compositional and incremental certification
                          1-2 Years:
• Formal methods applied in ongoing design and
  certification efforts
   – Local victories: benefits (widely publicized) include cost and time
     savings, and improved confidence
   – Formal documents employed in certification cases
   – Codesign of artifact and certification, to mutual benefit
• Do market forces work for or against certification?
   – Market failure wrt. quality: [Problem: companies profit in
     repairs/enhancements]; open specification enables competition and
     innovation [can also be a problem]
   – Depends on the field (consumer software vs. nuclear power plants)
   – Government, insurance companies, or free-market competition
   – Buy-in from the Open Source community?
   – Create consumer awareness
   – Certification should provide a competitive advantage
   – Create ISO9000-like market
                        5 Years

• Scientific certification methods developed for core
  assurance case activities across all applications
  (Toulmin?)
   – System-level certification
   – Example: Failure mode design for controlled systems.
     [ Needs to take the whole system into account]
• Automated formal methods employed in support of
  scientific certification
                         10 years

• Automated formal methods employed top to bottom
  in support of scientific certification
   – Stovepiped, put perhaps not fully integrated-yet
   – Not completely compositional-yet
   – Mature enough to interact with projects that don’t use formal
     methods-yet
• Incremental assurance
• Aside: Creativity vs. safety - support both
   – A formally assured system should be easier to experiment
     and tinker with: enable creativity, instead of hampering it
   – The added assurance allows designers to explore the space
     of possibilities more fully
   – Avoid over-designed systems
                           15 years
• Compositional and incremental certification
   – Can change a component, add a feature
   – Design the certification process to account for change
       • Cost of re-certification proportional to the size of the change
• Re-use of assurance for product lines
   – Demonstrable cost and time advantages
• Marketplace for standard certified components
   – Better support for COTS use and re-use
• Industry-standard interfaces, w.r.t. which components
  are certified
   – Standards become largely formal; e.g. IEEE floating-point?
• More automated technology infrastructure for the
  certification process
          Expectations/Adoption
• 2 years: framework for software system development
   – e.g. FDA, FCC, FAA demonstration using assurance cases
   – DOE, NRC (USA); CEA (France); AEC (Canada)
• 5 years:
   – Technology base for industrial / engineered systems
   – Usable tools by non-formal-methods experts (but domain
     experts)
   – Adopted in curriculum? NSF, ACM, IEEE
       • Example: emerging embedded systems curricula
   – Established base of archetypical good examples / best
     practices
• 10 years:
   – [Job descriptions include assurance skills]
• 15 years:
   – [All of government and industry?]
             Current Examples

• Industry
  – ISO certification
  – Microsoft driver validation
  – Purify, prefix, rational
  –…
• Government

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:17
posted:8/4/2011
language:English
pages:9