A survey of protection systems

Computer Science Departmen

On System Scalability

A significant number of systems fail in initial use, or even during integration, because factors that have a negligible effect when systems are lightly used have a harmful effect as the level of use increases. This scalability problem (i.e., the inability of a system to accommodate an increased workload) is not new. However, the increasing size (more lines of code, greater number of users, widened scope of demands, and the like) of U.S. Department of Defense systems makes the problem more critical today than in the past. This technical note presents an analysis of what is meant by scalability and a description of factors to be considered when assessing the potential for system scalability. The factors to be considered are captured in a scalability audit, a process intended to expose issues that, if overlooked, can lead to scalability problems

Towards an Assurance Case Practice for Medical Devices

http://www.sei.cmu.edu/library/abstracts/reports/09tn018.cf

Eliminative Argumentation: A Basis for Arguing Confidence in System Properties

<p>Assurance cases provide a structured method of explaining why a system has some desired property, for example, that the system is safe. But there is no agreed approach for explaining what degree of confidence one should have in the conclusions of such a case. This report defines a new concept, eliminative argumentation, that provides a philosophically grounded basis for assessing how much confidence one should have in an assurance case argument. This report will be of interest mainly to those familiar with assurance case concepts and who want to know why one argument rather than another provides more confidence in a claim. The report is also potentially of value to those interested more generally in argumentation theory.</p

Dependable Software Technology Exchange

On March 18 and 19, 1993, the Dependable Real-Time Software Project hosted a Dependable Software Technology Exchange. The exchange, sponsored by the Air Force Space and Missile Systems Center and the Office of Naval Research, brought together researchers and system developers, providing an opportunity for the researchers to learn the needs of the developers and for the developers to learn about techniques being investigated by the researchers. This report summarizes what transpired at the meeting

Dependability Cases

Many large software systems display fragility or a lack of dependability caused by inattention to details at various stages of development (e.g., missing data, undocumented assumptions, lack of testing), resulting in a failure to catch errors. This technical note explains how to create a dependability case for a system that helps identify and keep track of such details. A dependability case is defined here as a structured argument providing evidence that a system meets its specified dependability requirements. The technical note describes how to structure the argument and present evidence to support it. A sample problem is presented, as well as issues raised by that problem and future goals

Toward a Theory of Assurance Case Confidence

<p>Assurance cases provide an argument and evidence explaining why a claim about some system property holds. This report outlines a framework for justifying confidence in the truth of such an assurance case claim. The framework is based on the notion of eliminative induction-the principle first put forward by Francis Bacon that confidence in the truth of a hypothesis or claim increases as reasons for doubting its truth are identified and eliminated. Possible reasons for doubting the truth of a claim arise from analyzing an assurance case using defeasible reasoning concepts. Finally, the notion of Baconian probability provides a measure of confidence based on how many defeaters have been identified and eliminated.</p

A Description of Cluster Code Generated by the Durra Compiler

Durra is a language and support environment for the specification and execution of distributed ADA applications. The Durra programmer specifies the distribution of application components by assigning them to virtual nodes called clusters. For each cluster named in an application description, the Durra compiler generates an ADA package body with a standardized format. Within the confines of the format, the content of the package body varies according to the requirements placed upon the cluster by the Durra application description. The cluster-specific package body is compiled and linked with a fixed set of ADA compilation units, common to all clusters, to form a multitasking ADA program. The intended audience for this document is Durra application developers, who will need an understanding of the concepts presented here in order to be effective Durra application debuggers

The Durra Runtime Environment

Durra is a language designed to support PMS-level programming. PMS stands for Processor-Memory-Switch, the name of the highest level in the hierarchy of digital systems. An application or PMS-level program is written in Durra as a set of task descriptions and type declarations that prescribes a way to manage the resources of a heterogeneous machine network. The application describes the tasks to be instantiated and executed as concurrent processes, the types of data to be exchanged by the processes, and the intermediate queues required to store the data as they move from producer to consumer processes. This report describes the Durra Runtime Environment. The environment consists of three active components: the application tasks, the Durra server, and the Durra scheduler. After compiling the type declarations, the component task descriptions, and the application description, the application can be executed by starting an instance of the server on each processor, starting an instance of the scheduler on one of the processors, and downloading the component task implementations (i.e., the programs) to the processors. The scheduler receives as an argument the name of the file containing the scheduler program generated by the compilation of the application description. This step initiates the execution of the application

Perspectives on Open Source Software

Open source software (OSS) is emerging as the software community's next "silver bullet" and appears to be playing a significant role in the acquisition and development plans of the Department of Defense (DoD) and industry. Yet, as with all previous silver bullets, there are problems with blindly embracing the OSS paradigm. To become familiar with the benefits and pitfalls of using OSS, the Software Engineering Institute (SEI) undertook an internally funded study looking at it from various perspectives: 1) the user of OSS, 2) the developer of OSS, 3) the organizations looking to deploy software systems comprised (partially or completely) of OSS components During the period of this study, members of the SEI technical staff hosted meetings, conducted interviews, participated in open source development activities, workshops, and conferences, and studied available literature on the subject. Through these activities, the authors have been able to support and sometimes refute common perceptions about OSS. This report is the result of their study