Tool Support for Assurance Case Development

Argument-based assurance cases, often represented and organized using graphical argument structures, are increasingly being used in practice to provide assurance to stakeholders, e.g., regulatory authorities, that a system is acceptable for its intended use with respect to dependability and safety concerns. In general, comprehensive system-wide assurance arguments aggregate a substantial amount of diverse information, such as the results of safety analysis, requirements analysis, design, verification and other engineering activities. Although a variety of assurance case tools exist, many desirable argument structure operations such as hierarchical and modular abstraction, argument pattern instantiation, and inclusion extraction of richly structured information have limited to no automation support. Consequently, a considerable amount of time and effort can be spent in creating, understanding, evaluating, and managing argument structures. Over the past three years, we have been developing a toolset for assurance case automation, AdvoCATE, at the NASA Ames Research Center, to close this automation gap. This paper describes how AdvoCATE is being engineered atop formal foundations for assurance case argument structures, to provide unique capabilities for: (a) automated creation and assembly of assurance arguments, (b) integration of formal methods into wider assurance arguments, (c) automated pattern instantiation, (d) hierarchical abstraction, (e) queries and views, and (f) verification of arguments. We (and our colleagues) have used AdvoCATE in real projects for safety and airworthiness assurance, in the context of both manned and unmanned aircraft systems

A rigorous approach to combining use case modelling and accident scenarios

Nearly all serious accidents, in the past twenty years, in which software has been involved can be traced to requirements flaws. Accidents related to or involving safety-critical systems often lead to significant damage to life, property, and environment in which the systems operate. This thesis explores an extension to use case modelling that allows safety concerns to be modelled early in the systems development process. This motivation comes from interaction with systems and safety engineers who routinely rely upon use case modelling during the early stages of defining and analysing system behaviour. The approach of embedded formal methods is adopted. That is, we use one discipline of use case modelling to guide the development of a formal model. This enables a greater precision and formal assurance when reasoning about concerns identified by system and safety engineers as well as the subsequent changes made at the level of use case modelling. The chosen formal method is Event-B, which is re nement based and has consequently enabled the approach to exploit a natural abstractions found within use case modelling. This abstraction of the problem found within use cases help introduce their behaviour into the Event-B model via step-wise re nement. The central ideas underlying this thesis are implemented in, UC-B, a tool support for modelling use cases on the Rodin platform (an eclipse-based development environment for Event-B). UC-B allows the specification of the use cases to be detailed with both informal and formal notation, and supports the automatic generation of an Event-B model given a formally specified use case. Several case studies of use cases with accident cases are provided, with their formalisation in Event-B supported by UC-B tool. An examination of the translation from use cases to Event-B model is discussed, along with the subsequent verification provided by Event-B to the use case model

Um framework para a avaliação de segurança de hardware

Orientador: Ricardo DahabDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: O hardware de sistemas computacionais possui uma função crítica na segurança de sistemas operacionais e aplicativos. Além de prover funcionalidades-padrão, tal como o nível de privilégio de execução, o hardware também pode oferecer suporte a criptografia, boot seguro, execução segura, e outros. Com o fim de garantir que essas funcionalidades de segurança irão operar corretamente quando juntas dentro de um sistema, e de que o sistema é seguro como um todo, é necessário avaliar a segurança da arquitetura de todo sistema, durante o ciclo de desenvolvimento do hardware. Neste trabalho, iniciamos pela pesquisa dos diferentes tipos existentes de vulnerabilidades de hardware, e propomos uma taxonomia para classificá-los. Nossa taxonomia é capaz de classificar as vulnerabilidades de acordo com o ponto no qual elas foram inseridas, dentro do ciclo de desenvolvimento. Ela também é capaz de separar as vulnerabilidades de hardware daquelas de software que apenas se aproveitam de funcionalidades-padrão do hardware. Focando em um tipo específico de vulnerabilidade - aquelas relacionadas à arquitetura - apresentamos um método para a avaliação de sistemas de hardware utilizando a metodologia de Assurance Cases. Essa metodologia tem sido usada com sucesso para a análise de segurança física e, tanto quanto saibamos, não há notícias de seu uso para a análise de segurança de hardware. Utilizando esse método, pudemos identificar corretamente as vulnerabilidades de sistemas reais. Por fim, apresentamos uma prova de conceito de uma ferramenta para guiar e automatizar parte do processo de análise que foi proposto. A partir de uma descrição padronizada de uma arquitetura de hardware, a ferramenta aplica uma série de regras de um sistema especialista e gera um relatório de Assurance Case com as possíveis vulnerabilidades do sistema-alvo. Aplicamos a ferramenta aos sistemas estudados e pudemos identificar com sucesso as vulnerabilidades conhecidas, assim como outras possíveis vulnerabilidadesAbstract: The hardware of computer systems plays a critical role in the security of operating systems and applications. Besides providing standard features such as execution privilege levels, it may also offer support for encryption, secure execution, secure boot, and others. In order to guarantee that these security features work correctly when inside a system, and that the system is secure as a whole, it is necessary to evaluate the security of the architecture during the hardware development life-cycle. In this work, we start by exploring the different types of existing hardware vulnerabilities and propose a taxonomy for classifying them. Our taxonomy is able to classify vulnerabilities according to when they were created during the development life-cycle, as well as separating real hardware vulnerabilities from software vulnerabilities that leverage standard hardware features. Focusing on a specific type of vulnerability - the architecture-related ones, we present a method for evaluating hardware systems using the Assurance Case methodology. This methodology has been used successfully for safety analysis, and to our best knowledge there are no reports of its use for hardware security analysis. Using this method, we were able to correctly identify the vulnerabilities of real-world systems. Lastly, we present the proof-of-concept of a tool for guiding and automating part of the proposed analysis methodology. Starting from a standardized hardware architecture description, the tool applies a set of expert system rules, and generates an Assurance Case report that contains the possible security vulnerabilities of a system. We were able to apply the tool to the studied systems, and correctly identify their known vulnerabilities, as well as other possible vulnerabilitiesMestradoCiência da ComputaçãoMestre em Ciência da Computaçã

Modeling the object-oriented software process: OPEN and the unified process

A short introduction to software process modeling is presented, particularly object-oriented modeling. Two major industrial process models are discussed: the OPEN model and the Unified Process model. In more detail, the quality assurance in the Unified Process tool (formally called Objectory) is reviewed

A Model-Driven Approach for Business Process Management

The Business Process Management is a common mechanism recommended by a high number of standards for the management of companies and organizations. In software companies this practice is every day more accepted and companies have to assume it, if they want to be competitive. However, the effective definition of these processes and mainly their maintenance and execution are not always easy tasks. This paper presents an approach based on the Model-Driven paradigm for Business Process Management in software companies. This solution offers a suitable mechanism that was implemented successfully in different companies with a tool case named NDTQ-Framework.Ministerio de Educación y Ciencia TIN2010-20057-C03-02Junta de Andalucía TIC-578

Counting Is Not Enough: Investing in Qualitative Case Reviews for Practice Improvement in Child Welfare

Outlines the value of quality case service reviews in child welfare systems, requirements for building and sustaining a robust process and adapting it under limited state budgets, and recommendations for jurisdictions, initiators, and national leadership

Business success through process based application of simulation

Progressive design practices are increasingly cognisant of the potential of building energy simulation to assist the delivery of energy efficient, sustainable buildings. However, the success of any building performance assessment hinges on the capabilities of the tool; the collective competences of the team formed to apply it; and, crucially, the existence of an in-house framework within which simulation can be applied with confidence (McElroy and Clarke 1999). There is also a need for the professions to set up mechanisms that facilitate dialogue with vendors in order to influence tool capabilities. And on the related issues of building an in-house competency and a framework for application, the two core issues facing the professions are: i) a need for the development of in-house procedures for management of simulation; and ii) quality assurance of the related models and appraisal results