Composing Safe Systems
Failures in component-based systems are generally due to unintended or incorrect interactions among the components. For safety-critical systems, we may attempt to eliminate unintended interactions, and to verify correctness of those that are intended. We describe the value of partitioning in eliminating unintended interactions, and of assumption synthesis in developing a robust foundation for verification. We show how model checking of very abstract designs can provide mechanized assistance in human-guided assumption synthesis.
KeywordsModel Check Bound Model Check Abstract State Machine State Model Check Uninterpreted Function
Unable to display preview. Download preview PDF.
- 1.Requirements and Technical Concepts for Aviation Washington, DC: DO-297: Integrated Modular Avionics (IMA) Development Guidance and Certification Considerations (2005), Also issued as EUROCAE ED-124 (2007)Google Scholar
- 3.Rushby, J.: The design and verification of secure systems. In: Eighth ACM Symposium on Operating System Principles, Asilomar, CA, pp. 12–21 (1981); ACM Operating Systems Review 15(5)Google Scholar
- 4.Boettcher, C., DeLong, R., Rushby, J., Sifre, W.: The MILS component integration approach to secure information sharing. In: 27th AIAA/IEEE Digital Avionics Systems Conference, St. Paul, MN. The Institute of Electrical and Electronics Engineers (2008)Google Scholar
- 6.Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Computing Surveys 41 (2009)Google Scholar
- 7.Rushby, J.: Kernels for safety? In: Anderson, T. (ed.) Safe and Secure Computing Systems, pp. 210–220. Blackwell Scientific Publications (1989)Google Scholar
- 9.Havelund, K.: Program Monitoring; Course material for part II of Caltech CS 119 (May), http://www.runtime-verification.org/course/
- 10.Littlewood, B., Rushby, J.: Reasoning about the reliability of fault-tolerant systems in which one component is “possibly perfect”. IEEE Transactions on Software Engineering (2011) (accepted for publication)Google Scholar
- 14.Rushby, J.: Harnessing disruptive innovation in formal verification. In: Hung, D.V., Pandya, P. (eds.) Fourth International Conference on Software Engineering and Formal Methods (SEFM), Pune, India, pp. 21–28. IEEE Computer Society (2006)Google Scholar
- 15.Rushby, J.: A safety-case approach for certifying adaptive systems. In: AIAA Infotech@Aerospace Conference, Seattle, WA. American Institute of Aeronautics and Astronautics (2009); AIAA paper 2009-1992Google Scholar
- 17.Leveson, N.G.: Safeware: System Safety and Computers. Addison-Wesley (1995)Google Scholar
- 18.Perrow, C.: Normal Accidents: Living with High Risk Technologies. Basic Books, New York (1984)Google Scholar
- 19.Chong, S., van der Meyden, R.: Using architecture to reason about information security. Technical report, University of New South Wales (2009)Google Scholar