Abstract
Software often must be certified for safety, security, or other critical properties. Traditional approaches to certification require the software, its systems context, and all their associated assurance artifacts to be available for scrutiny in their final, completed forms. But modern development practices often postpone the determination of final system configuration from design time to integration time, load time, or even runtime. Adaptive systems go beyond this and modify or synthesize functions at runtime.
Developments such as these require an overhaul to the basic framework for certification, so that some of its responsibilities also may be discharged at integration-, load- or runtime.
We outline a suitable framework, in which the basis for certification is changed from compliance with standards to the construction of explicit goals, evidence, and arguments (generally called an “assurance case”). We describe how runtime verification can be used within this framework, thereby allowing certification partially to be performed at runtime or, more provocatively, enabling “runtime certification.”
This work was supported by National Science Foundation Grant CNS-0720908 and by NASA Cooperative Agreement NNX08AC64A.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Havelund, K., Rosu, G.: Efficient monitoring of safety properties. Software Tools for Technology Transfer 6(2), 158–173 (2004)
Parnas, D.: Software aging. In: 16th International Conference on Software Engineering, pp. 279–287. IEEE Computer Society, Sorrento (May 1994)
Requirements and Technical Concepts for Aviation Washington, DC: DO-178B: Software Considerations in Airborne Systems and Equipment Certification, This document is known as EUROCAE ED-12B in Europe (December 1992)
Chilenski, J.J., Miller, S.P.: Applicability of modified condition/decision coverage to software testing. Issued for information under FAA memorandum ANM-106N:93-20 (August 1993)
Bishop, P., Bloomfield, R.: A methodology for safety case development. In: Safety-Critical Systems Symposium, Birmingham, UK (February 1998), http://www.adelard.com/resources/papers/pdf/sss98web.pdf
UK Ministry of Defence: Interim Defence Standard 00-56, Issue 3: Safety Management Requirements for Defence Systems. Part 2: Guidance on Establishing a Means of Complying with Part 1 (December 2004)
Safety Regulation Group, UK Civil Aviation Authority: Air Traffic Services Safety Requirements, CAP 670 (2005)
Jackson, D., Thomas, M., Millett, L.I.: Software for Dependable Systems: Sufficient Evidence? National Academies Press, Washington (May 2007)
Toulmin, S.E.: The Uses of Argument. Cambridge University Press, Cambridge (2003); Updated edition (the original is dated 1958)
Bishop, P., Bloomfield, R., Guerra, S.: The future of goal-based assurance cases. In: DSN Workshop on Assurance Cases: Best Practices, Possible Obstacles, and Future Opportunities, Florence, Italy (July 2004), http://www.aitcnet.org/AssuranceCases/agenda.html
Adelman, L., Lehner, P.E., Cheikes, B.A., Taylor, M.F.: An empirical evaluation of structured argumentation using the Toulmin argument formalism. IEEE Transactions on Systems, Man, and Cybernetics—Part A: Systems and Humans 37(3), 340–347 (2007)
Fitelson, B.: Studies in Bayesian Confirmation Theory. PhD thesis, Department of Philosophy, University of Wisconsin, Madison (May 2001), http://fitelson.org/thesis.pdf
Joyce, J.M.: On the plurality of probabilist measures of evidential relevance. In: Bayesian Epistemology Workshop of the 26th International Wittgenstein Symposium, Kirchberg, Austria (August 2003), http://www.uni-konstanz.de/ppm/kirchberg/Joyce_1.pdf
Barringer, H., Rydeheard, D., Havelund, K.: Rule systems for run-time monitoring: From Eagle to RuleR. In: Sokolsky, O., Taşıran, S. (eds.) RV 2007. LNCS, vol. 4839, pp. 111–125. Springer, Heidelberg (2007)
Monitoring-Oriented Programming (MOP) home page, http://fsl.cs.uiuc.edu/index.php/Monitoring-Oriented_Programming
Australian Transport Safety Bureau: In-flight upset event, 240 km north-west of Perth, WA, Boeing Company 777-200, 9M-MRG, Reference number Mar2007/DOTARS 50165. aair200503722.aspx. (August 1, 2005) (March 2007), http://www.atsb.gov.au/publications/investigation_reports/2005/AAIR/aair200503722.aspx
Denning, D.E.: An intrusion-detection model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)
Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proceedings of the Symposium on Security and Privacy, pp. 156–168. IEEE Computer Society, Oakland (May 2001)
Ernst, M.D., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering 27(2), 99–123 (2001)
Chapront, P.: Vital coded processor and safety related software design. In: Frey, H.H. (ed.) Safety of Computer Control Systems (SAFECOMP 1992), Zurich, Switzerland, International Federation of Automatic Control, pp. 141–145 (October 1992)
International Electrotechnical Commission Geneva, Switzerland: IEC 61508—Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems (March 2004)
Liblit, B.: Cooperative Bug Isolation. Winning Thesis of the 2005 ACM Doctoral Dissertation Competition. LNCS, vol. 4440. Springer, Heidelberg (May 2007)
Conmy, P.: Safety Analysis of Computer Resource Management Software. PhD thesis, Department of Computer Science, University of York, UK (2005)
Amey, P., Hilton, A.J.: Practical experiences of safety- and security-critical technologies. Ada User Journal 22(1) (March 2001)
Ankrum, T.S., Kromholz, A.H.: Structured assurance cases: Three common standards. In: High-Assurance Systems Engineering Symposium (HASE 2005). IEEE Computer Society, Heidelberg (2005)
Society of Automotive Engineers: Aerospace Recommended Practice (ARP) 4754: Certification Considerations for Highly-Integrated or Complex Aircraft Systems (November 1996)
Society of Automotive Engineers: Aerospace Recommended Practice (ARP) 4761: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment (December 1996)
Anderson, J.P.: Computer security technology planning study. Technical Report ESD-TR-73-51, US Air Force (October 1972) (Two volumes)
Rushby, J.: Kernels for safety? In: Anderson, T. (ed.) Safe and Secure Computing Systems, pp. 210–220. Blackwell Scientific Publications, Malden (1989)
Wika, K.G., Knight, J.C.: On the enforcement of software safety policies. In: COMPASS 1995 (Proceedings of the Tenth Annual Conference on Computer Assurance), Gaithersburg, MD, IEEE Washington Section, pp. 83–93 (June 1995)
Schneider, F.: Enforceable security policies. ACM Transactions on Information and System Security 3(1), 30–50 (2000)
Alpern, B., Schneider, F.B.: Defining liveness. Information Processing Letters 21(4), 181–185 (1985)
UK Air Investigations Branch: AAIB Special Bulletin S1/2005: Airbus A340-642, G-VATL (2005), http://www.aaib.dft.gov.uk/cms_resources/G-VATL_Special_Bulletin1.pdf
de Alfaro, L., Henzinger, T.A.: Interface automata. In: Proceedings of the Ninth Annual Symposium on Foundations of Software Engineering (FSE), Association for Computing Machinery, pp. 109–120 (2001)
Taylor, D.J., Morgan, D.E., Black, J.P.: Redundancy in data structures: Improving software fault tolerance. IEEE Transactions on Software Engineering 6(6), 585–594 (1980)
Reiter, R.: A theory of diagnosis from first principles. Artificial Intelligence 32, 57–95 (1987)
Williams, B.C., Ingham, M., Chung, S.H., Elliott, P.H.: Model-based programming of intelligent embedded systems and robotic space explorers. Proceedings of the IEEE 91(3), 212–237 (2003)
Abbott, K.H., Schutte, P.C., Palmer, M.T., Ricks, W.R.: Faultfinder: A diagnostic expert system with graceful degradation for onboard aircraft applications. In: Proceedings, 14th Symposium on Aircraft Integrated Monitoring Systems, Friedrichshafen, W. Germany (September 1987)
Crow, J., Rushby, J.: Model-based reconfiguration: Toward an integration with diagnosis. In: Proceedings, AAAI 1991, Anaheim, CA, vol. 2, pp. 836–841 (July 1991)
Grottke, M., Trivedi, K.: Fighting bugs: Remove, retry, replicate, and rejuvenate. IEEE Computer, 107–109 (February 2007)
Ammann, P.E., Knight, J.C.: Data diversity: An approach to software fault tolerance. IEEE Transactions on Computers 37(4), 418–425 (1998)
Anderson, T., Kerr, R.: Recovery blocks in action: A system supporting high reliability. In: Proceedings of the 2nd International Conference on Software Engineering, pp. 447–457. IEEE Computer Society, San Francisco (1976)
Anderson, T., Witty, R.W.: Safe programming. BIT 18, 1–8 (1978)
Sha, L.: Using simplicity to control complexity. IEEE Software 18(4), 20–28 (2001)
Ramadge, P.J.G., Wonham, W.M.: The control of discrete event systems. Proceedings of the IEEE 77(1), 81–98 (1989)
Pnueli, A., Rosner, R.: On the synthesis of a reactive module. In: 16th ACM Symposium on Principles of Programming Languages, pp. 179–190 (1989)
Rushby, J.: Using model checking to help discover mode confusions and other automation surprises. Reliability Engineering and System Safety 75(2), 167–177 (2002)
Bauer, A., Leucker, M., Schallhart, C.: Model-based runtime analysis of distributed reactive systems. In: Proceedings of the Australian Software Engineering Conference (ASWEC 2006), Sydney, Australia, pp. 243–252 (April 2006)
Lee, I., Kannan, S., Kim, M., Sokolsky, O., Viswanathan, M.: Runtime assurance based on formal specifications. In: Proceedings of International Conference on Parallel and Distributed Processing Techniques and Applications, Las Vegas, NV, pp. 279–287 (June 1999)
Hollnagel, E., Woods, D.D., Leveson, N. (eds.): Resilience Engineering, Ashgate (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rushby, J. (2008). Runtime Certification. In: Leucker, M. (eds) Runtime Verification. RV 2008. Lecture Notes in Computer Science, vol 5289. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89247-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-89247-2_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89246-5
Online ISBN: 978-3-540-89247-2
eBook Packages: Computer ScienceComputer Science (R0)