Integrity static analysis of COTS/SOUP

This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme

THE IMPACT OF PROGRAMMING LANGUAGES ON THE SOFTWARE’S SECURITY

Security is usually defined as the ability of a system to protect itself against accidental or deliberate intrusion1. Ensuring integrity, confidentiality, availability, and accountability requirements even in the presence of a determined, malicious opponent is essential for computer security. Sensitive data has to be manipulated and consulted by authorized users only (integrity, confidentiality). Furthermore, the system should resist “denial of service” attacks that attempt to render it unusable (availability). Also the system has to ensure the inability to deny the ownership of prior actions (accountability).security

Does OO sync with the way we think?

Given that corrective-maintenance costs already dominate the software life cycle and look set to increase significantly, reliability in the form of reducing such costs should be the most important software improvement goal. Yet the results are not promising when we review recent corrective-maintenance data for big systems in general and for OO in particular-possibly because of mismatches between the OO paradigm and how we think

The AGI Containment Problem

There is considerable uncertainty about what properties, capabilities and motivations future AGIs will have. In some plausible scenarios, AGIs may pose security risks arising from accidents and defects. In order to mitigate these risks, prudent early AGI research teams will perform significant testing on their creations before use. Unfortunately, if an AGI has human-level or greater intelligence, testing itself may not be safe; some natural AGI goal systems create emergent incentives for AGIs to tamper with their test environments, make copies of themselves on the internet, or convince developers and operators to do dangerous things. In this paper, we survey the AGI containment problem - the question of how to build a container in which tests can be conducted safely and reliably, even on AGIs with unknown motivations and capabilities that could be dangerous. We identify requirements for AGI containers, available mechanisms, and weaknesses that need to be addressed

Development and Validation of Functional Model of a Cruise Control System

Modern automobiles can be considered as a collection of many subsystems working with each other to realize safe transportation of the occupants. Innovative technologies that make transportation easier are increasingly incorporated into the automobile in the form of functionalities. These new functionalities in turn increase the complexity of the system framework present and traceability is lost or becomes very tricky in the process. This hugely impacts the development phase of an automobile, in which, the safety and reliability of the automobile design should be ensured. Hence, there is a need to ensure operational safety of the vehicles while adding new functionalities to the vehicle. To address this issue, functional models of such systems are created and analysed. The main purpose of developing a functional model is to improve the traceability and reusability of a system which reduces development time and cost. Operational safety of the system is ensured by analysing the system with respect to random and systematic failures and including safety mechanism to prevent such failures. This paper discusses the development and validation of a functional model of a conventional cruise control system in a passenger vehicle based on the ISO 26262 Road Vehicles - Functional Safety standard. A methodology for creating functional architectures and an architecture of a cruise control system developed using the methodology are presented.Comment: In Proceedings FESCA 2016, arXiv:1603.0837

A framework for the successful implementation of food traceability systems in China

Implementation of food traceability systems in China faces many challenges due to the scale, diversity and complexity of China’s food supply chains. This study aims to identify critical success factors specific to the implementation of traceability systems in China. Twenty-seven critical success factors were identified in the literature. Interviews with managers at four food enterprises in a pre-study helped identify success criteria and five additional critical success factors. These critical success factors were tested through a survey of managers in eighty-three food companies. This study identifies six dimensions for critical success factors: laws, regulations and standards; government support; consumer knowledge and support; effective management and communication; top management and vendor support; and information and system quality