Safety Engineering with COTS components

Safety-critical systems are becoming more widespread, complex and reliant on software. Increasingly they are engineered through Commercial Off The Shelf (COTS) (Commercial Off The Shelf) components to alleviate the spiralling costs and development time, often in the context of complex supply chains. A parallel increased concern for safety has resulted in a variety of safety standards, with a growing consensus that a safety life cycle is needed which is fully integrated with the design and development life cycle, to ensure that safety has appropriate influence on the design decisions as system development progresses. In this article we explore the application of an integrated approach to safety engineering in which assurance drives the engineering process. The paper re- ports on the outcome of a case study on a live industrial project with a view to evaluate: its suitability for application in a real-world safety engineering setting; its benefits and limitations in counteracting some of the difficulties of safety en- gineering with COTS components across supply chains; and, its effectiveness in generating evidence which can contribute directly to the construction of safety cases

Assessing the Risk due to Software Faults: Estimates of Failure Rate versus Evidence of Perfection.

In the debate over the assessment of software reliability (or safety), as applied to critical software, two extreme positions can be discerned: the ‘statistical’ position, which requires that the claims of reliability be supported by statistical inference from realistic testing or operation, and the ‘perfectionist’ position, which requires convincing indications that the software is free from defects. These two positions naturally lead to requiring different kinds of supporting evidence, and actually to stating the dependability requirements in different ways, not allowing any direct comparison. There is often confusion about the relationship between statements about software failure rates and about software correctness, and about which evidence can support either kind of statement. This note clarifies the meaning of the two kinds of statement and how they relate to the probability of failure-free operation, and discusses their practical merits, especially for high required reliability or safety

Reasoning about the Reliability of Diverse Two-Channel Systems in which One Channel is "Possibly Perfect"

This paper considers the problem of reasoning about the reliability of fault-tolerant systems with two "channels" (i.e., components) of which one, A, supports only a claim of reliability, while the other, B, by virtue of extreme simplicity and extensive analysis, supports a plausible claim of "perfection." We begin with the case where either channel can bring the system to a safe state. We show that, conditional upon knowing pA (the probability that A fails on a randomly selected demand) and pB (the probability that channel B is imperfect), a conservative bound on the probability that the system fails on a randomly selected demand is simply pA.pB. That is, there is conditional independence between the events "A fails" and "B is imperfect." The second step of the reasoning involves epistemic uncertainty about (pA, pB) and we show that under quite plausible assumptions, a conservative bound on system pfd can be constructed from point estimates for just three parameters. We discuss the feasibility of establishing credible estimates for these parameters. We extend our analysis from faults of omission to those of commission, and then combine these to yield an analysis for monitored architectures of a kind proposed for aircraft

Developing a Conceptual Framework for Cloud Security Assurance

Postprin

Formalism and judgement in assurance cases

This position paper deals with the tension between the desire for sound and auditable assurance cases and the current ubiquitous reliance on expert judgement. I believe that the use of expert judgement, though inevitable, needs to be much more cautious and disciplined than it usually is. The idea of assurance “cases ” owes its appeal to an awareness that all too often critical decisions are made in ways that are difficult to justify or even to explain, leaving the doubt (for the decision makers as well as other interested parties) that the decision may be unsound. By building a well-structured “case ” we would wish to allow proper scrutiny of the evidence and assumptions used, and of the arguments that link them to support a decision. A

Integrasi realiti terimbuh (AR) dalam aktiviti mewarna

Mewarna merupakan salah satu kaedah pembelajaran yang digunakan untuk meningkatkan kemahiaran psikomotor dan kreativiti kanak-kanak. Namun begitu, kandungan yang disediakan di dalam buku mewarna adalah bersifat statik dan tidak menyediakan elemen-elemen dinamik seperti interaktiviti. Kanak-kanak mudah merasa bosan kerana tiada interaksi dua hala yang berlaku antara mereka dan karakter ketika proses mewarna dilakukan. Sebagai penambahbaikan terhadap permasalahan tersebut, satu aplikasi mewarna yang dinamakan Dr Bubble Coloring AR dibangunkan. Aplikasi ini menggunakan teknik realiti terimbuh (AR) yang diintegrasikan ke dalam aplikasi mewarna. Imej yang diwarnakan menjadi penanda untuk diimbas oleh peranti mudah alih lalu dipaparkan secara maya dalam bentuk tiga dimensi (3D). Aplikasi ini menyediakan bebutang interaksi bagi membolehkan pengguna berinteraksi dengan karakter serta mengesan objek yang diwarnakan di dalam buku mewarna. Secara keseluruhan, 75% responden sangat bersetuju aplikasi ini menarik dan menyeronokkan, manakala 84% responden sangat bersetuju keseluruhan aplikasi ini berfungsi dengan baik dan sempurna