Explanation by automated reasoning using the Isabelle Infrastructure framework

In this paper, we propose the use of interactive the- orem proving for explainable machine learning. After presenting our proposition, we illustrate it on the dedicated application of explaining security attacks using the Isabelle Infrastructure framework and its process of dependability engineering. This formal framework and process provides the logics for specifi- cation and modeling. Attacks on security of the system are ex- plained by specification and proofs in the Isabelle Infrastructure framework. Existing case studies of dependability engineering in Isabelle are used as feasibility studies to illustrate how different aspects of explanations are covered by the Isabelle Infrastructure framework

Combined automotive safety and security pattern engineering approach

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt

A model for developing dependable system using component-based software development approach / Hasan Kahtan Khalaf Al-Ani

Component-based software development (CBSD) is an emerging technology that focuses on building systems by integrating existing software components. The software industry has adopted CBSD to rapidly build and deploy large and complex software systems with enormous savings despite minimal engineering effort, cost, and time. CBSD provides several benefits, such as improved ability to reuse existing codes, reduced development costs of high-quality systems, and shorter development time. However, CBSD encounter issues in terms of security trust mainly in dependability attributes. A system is considered dependable when it can be depended on to produce the consequences for which it was designed, with no adverse effect in its intended environment. Dependability comprises several attributes that imply availability, confidentiality, integrity, reliability, safety, and maintainability. Embedding dependability attributes in CBSD is essential for developing dependable component software

Automatic Software Repair: a Bibliography

This article presents a survey on automatic software repair. Automatic software repair consists of automatically finding a solution to software bugs without human intervention. This article considers all kinds of repairs. First, it discusses behavioral repair where test suites, contracts, models, and crashing inputs are taken as oracle. Second, it discusses state repair, also known as runtime repair or runtime recovery, with techniques such as checkpoint and restart, reconfiguration, and invariant restoration. The uniqueness of this article is that it spans the research communities that contribute to this body of knowledge: software engineering, dependability, operating systems, programming languages, and security. It provides a novel and structured overview of the diversity of bug oracles and repair operators used in the literature

Modeling of Secure and Dependable Applications Based on a Repository of Patterns: The SEMCO Approach

International audienceThe requirement for higher quality and seamless development of systems is continuously increasing, even in domains traditionally not deeply involved in such issues. Security and Dependability (S&D) requirements are incorporated to an increasing number of systems. These newer restrictions make the development of those systems more complicated than conventional systems. In our work, we promote a new approach called SEMCO (System and software Engineering with Multi-COncerns) combining Model-Driven Engineering (MDE) with a model-based repository of S&D patterns to support the design and the analysis of pattern-based secure and dependable system and software architectures. The modeling framework to support the approach is based on a set of modeling languages, to specify security and dependability patterns, resources and a set of property models, and a set of model transformation rules to specify some of the analysis activities. As part of the assistance for the development of S&D applications, we have implemented a tool-chain based on the Eclipse platform to support the different activities around the repository, including the analysis activities. The proposed approach was evaluated through a case study from the railway domain

Better abstractions for reusable components & architectures

Software architecture (SA) is a crucial component of Model Driven Engineering (MDE), since it eases the communication and reuse of designs and components. However, existing languages (e.g., UML, AADL, SysML) are lacking many needed features. In particular, they provide rudimentary support for connectors, a first-class element in the components and connectors (C&C) architectural view and one of the most reusable architectural elements. This is unfortunate, since the difficult properties that need to be guaranteed for complex systems are mainly the non-functional properties, like throughput, security and dependability, which are greatly influenced by the employed connectors. This work reviews the basic abstractions of the C&C view of SA and examines extra architectural elements which can support the detailed, explicit and separate description of behaviour, interaction and control logic

Helping Everday Users Establish Confidence for Everyday Applications

End users obtain their desired results by combining elements of information and computation from different applications. Software engineering provides little support for identifying, selecting, or combining these elements – that is, for helping end users to design computational support for their own tasks. Software engineering provides even less support to help end users to decide whether the resulting system is sufficiently dependable –whether it will meet their expectations. Many users, especially end users, base judgments about software on informal and undependable information, and they draw conclusions with informal rather than rational decision methods. We have been developing support for everyday dependability, with an emphasis on expressing expectations in abstractions familiar to the user and on obtaining software behavior that reasonably satisfies those expectations. In this Dagstuhl I would like to explore the differences between everyday informal reasoning and the rational processes of computer science in order to develop means for establishing credible indications of confidence for end users. Everyday Dependability for Everyday Users “Dependability ” is an overarching property of software systems that includes, to various viewers and to various extents, elements of correctness, reliability, fault-tolerance, performance, security

Робоча програма «Надійність інженерних систем та професійний ризик» для студентів Program of the Discipline «DEPENDABILITY OF ENGINEERING SYSTEM AND OCCUPATIONAL RISK» speciality 263 «Civil security» specialization «Occupational safety and health»

Вивчення дисципліни «Надійність інженерних систем та професійний ризик» полягає у засвоєнні знань, умінь і навичок студентом, для здійснення професійної діяльності за спеціальністю «Цивільна безпека». Основним завданням студента є опанування і вирішення проблем технічних систем з точки зору їх надійності, оцінювання ризику виробничих процесів. Майбутні спеціалісти, після засвоєння матеріалу дисципліни, повинні володіти сукупністю загальнокультурних та професійних компетенцій з питань надійності та професійного ризику для вирішення відповідних галузевих завдань. Призначено для студентів спеціальності «Цивільна безпека» спеціалізація «Охорона праці». Learning discipline «Dependability of engineering system and occupational risk» is in mastering the knowledge and skills students for professional activity in the specialty «Civil security». The main task of the student is mastering the problems and technical systems in terms of dependability and risk assessment of production processes. Future specialists after learning discipline, must have a set of comprehensive and professional competences on safety and occupational risk for resolving the sectoral problems. Is recognized for students of speciality «Civil security» specialization «Occupational safety and health»

Evaluation of software dependability

It has been said that the term software engineering is an aspiration not a description. We would like to be able to claim that we engineer software, in the same sense that we engineer an aero-engine, but most of us would agree that this is not currently an accurate description of our activities. My suspicion is that it never will be. From the point of view of this essay – i.e. dependability evaluation – a major difference between software and other engineering artefacts is that the former is pure design. Its unreliability is always the result of design faults, which in turn arise as a result of human intellectual failures. The unreliability of hardware systems, on the other hand, has tended until recently to be dominated by random physical failures of components – the consequences of the ‘perversity of nature’. Reliability theories have been developed over the years which have successfully allowed systems to be built to high reliability requirements, and the final system reliability to be evaluated accurately. Even for pure hardware systems, without software, however, the very success of these theories has more recently highlighted the importance of design faults in determining the overall reliability of the final product. The conventional hardware reliability theory does not address this problem at all. In the case of software, there is no physical source of failures, and so none of the reliability theory developed for hardware is relevant. We need new theories that will allow us to achieve required dependability levels, and to evaluate the actual dependability that has been achieved, when the sources of the faults that ultimately result in failure are human intellectual failures