Just-in-time certification

Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, ICECCS

Volumn , Issue , 2007, Pages 15-24

  Rushby, John ^a  

^a SRI INTERNATIONAL   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

JUST IN TIME PRODUCTION;

BARRIERS TO INNOVATIONS; BAYESIAN ANALYSIS; DESIGN TIME; JUST-IN-TIME; METHODS OF ANALYSIS; NEW APPROACHES; RUNTIMES;

FORMAL METHODS;

EID: 46649121891     PISSN: 27708527     EISSN: 27708535     Source Type: Conference Proceeding    
DOI: 10.1109/ICECCS.2007.26     Document Type: Conference Paper

References (58)

1. A. Abate and A. Tiwari. Box invariance of hybrid and switched systems. In 2nd IFAC Conf. on Analysis and Design of Hybrid Systems, ADHS, pages 359-364, 2006.
2. P. Amey and A. J. Hilton. Practical experiences of safety- and security-critical technologies. Ada User Journal, 22(1), Mar. 2001.
3. T. S. Ankrum and A. H. Kromholz. Structured assurance cases: Three common standards. In High-Assurance Systems Engineering Symposium (HASE'05), Heidelberg, Germany, Mar. 2005. IEEE Computer Society.
4. Australian Transport Safety Bureau. In-flight upset event, 240 km north-west of Perth, WA, Boeing Company 777-200, 9M-MRG, 1 August 2005, Mar. 2007. Reference number Mar2007/DOTARS 50165, available at http://www.atsb.gov. au/publications/investigation.reports/2005/AAIR/aair200503722.aspx.
5. R. Bloomfield and B. Littlewood. Multi-legged arguments: The impact of diversity upon confidence in dependability arguments. In The International Conference on Dependable Systems and Networks, pages 25-34, San Francisco, CA, June 2003. IEEE Computer Society.
6. M. Bozzano and A. Villafiorita. Improving system reliability via model checking: The FSAP/NuSMV-SA safety analysis platform. In S. Anderson, M. Felici, and B. Littlewood, editors, SAFECOMP 2003: Proceedings of the 22nd International Conference on Computer Safety, Reliability, and Security, number 2788 in Lecture Notes in Computer Science, pages 49-62, Edinburgh, Scotland, Sept. 2003. Springer-Verlag.
7. V. Carreño and C. Muñoz. Implicit intent information for conflict detection and alerting. In Proceedings of the 23rd Digital Avionics Systems Conference, Salt Lake City, Utah, 2004.
8. Common Criteria for Information Technology Security Evaluation, Jan. 2004. Version 2.2, CCIMB-2004-01-001, 002, 003.
9. P. Conmy. Safety Analysis of Computer Resource Management Software. PhD thesis, Department of Computer Science, University of York, York, UK, 2005.
10. L. de Alfaro and T. A. Henzinger. Interface automata. In Proceedings of the Ninth Annual Symposium on Foundations of Software Engineering (FSE), pages 109-120. ACM Press, 2001.
11. W.-P. de Roever, H. Langmaack, and A. Pnueli, editors. Compositionality: The Significant Difference (Revised lectures from International Symposium COMPOS'97), volume 1536 of Lecture Notes in Computer Science, Bad Malente, Germany, Sept. 1997. Springer-Verlag.
12. E. A. Emerson and E. M. Clarke. Using branching time temporal logic to synthesize synchronization skeletons. Science of Computer Programming, 2:241-266, 1982.
13. Federal Aviation Administration. System Design and Analysis, June 21, 1988. Advisory Circular 25.1309-1A.
14. Federal Aviation Administration. Order 8040.4: Safety Risk Management, June 1998. Available at http://www.faa.gov/library/manuals/ aviation/risk_management/ss_handbook/media/app.g_1200.PDF.
15. Federal Aviation Administration. Reusable Software Components, Dec. 7, 2004. Advisory Circular 20-148.
16. N. Fenton and M. Neil. The jury observation fallacy and the use of Bayesian networks to present probabilistic legal arguments. Mathematics Today (Bulletin of the IMA), 36(6):180-187, June 2000. Available at http://www.dcs.qmul.ac.uk/~norman/papers/jury.fallacy.pdf.
17. G. Frehse, Z. Han, and B. Krogh. Assume-guarantee reasoning for hybrid I/O-automata by over-approximation of continuous interaction. In 43rd IEEE Conference on Decision and Control (CDC 2004), volume 1, pages 479-484, Atlantic, Bahamas, Dec. 2004.
18. A. Galloway, R. F. Paige, N. J. Tudor, R. A. Weaver, I. Toyn, and J. McDermid. Proof vs. testing in the context of safety standards. In 24th AIAA/IEEE Digital Avionics Systems Conference, volume 2, Washington, DC, Oct. 2005.
19. A. German. Software static code analysis lessons learned. Crosstalk, Nov. 2003. Available at http://www.stsc.hill.af.mil/crosstalk/ 2003/11/0311German.html.
20. D. Giannakopoulou, C. Pasareanu, and H. Barringer. Assumption generation for software component verification. In Automated Software Engineering, 2002.
21. B. S. Gulavani, T. A. Henzinger, Y. Kannan, A. V. Nori, and S. K. Rajamani. Synergy: A new algorithm for property checking. In Proceedings of the 14th Annual Symposium on Foundations of Software Engineering (FSE), pages 117-127, Portland, OR, Nov. 2006. ACM Press.
22. G. Hamon, L. de Moura, and J. Rushby. Generating efficient test sets with a model checker. In 2nd International Conference on Software Engineering and Formal Methods (SEFM), pages 261-270, Beijing, China, Sept. 2004. IEEE Computer Society.
23. K. J. Hayhurst, D. S. Veerhusen, J. J. Chilenski, and L. K. Rierson. A practical tutorial on modified condition/decision coverage. NASA Technical Memorandum TM-2001-210876, NASA Langley Research Center, Hampton, VA, May 2001. Available at http://www.faa.gov/certification/aircraft/av-info/software/ Research/MCDC%20Tutorial.pdf.
24. T. A. Henzinger, B. Horowitz, and R. Majumdar. Rectangular hybrid games. In International Conference on Concurrency Theory, pages 320-335, 1999.
25. E. Hollnagel, D. D. Woods, and N. Leveson, editors. Resilience Engineering. Ashgate, 2005.
26. Information Assurance Directorate, National Security Agency, Fort George G. Meade, MD 20755-6000. U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness, July 2004. Version 0.621.
27. F. Ingrand and F. Py. Online execution control checking for autonomous systems. In The 7th International Conference on Intelligent Autonomous Systems (IAS-7), Marina del Rey, California, USA, March 2002.
28. International Electrotechnical Commission, Geneva, Switzerland. IEC 61508 - Functional Safety of Electrical/Electronic/Programmable Electronic safety-related systems, Mar. 2004. Seven volumes; see http://www.iec.ch/ zone/fsafety/fsafety.entry.htm.
29. A. Joshi, S. Miller, M. Whalen, and M. Heimdahl. A proposal for model-based safety analysis. In 24th AIAA/IEEE Digital Avionics Systems Conference, volume 2, Washington, DC, Oct. 2005.
30. J. C. Knight and N. G. Leveson. An empirical study of failure probabilities in multi-version software. In Fault Tolerant Computing Symposium 16, pages 165-170, Vienna, Austria, July 1986. IEEE Computer Society.
31. N. Leveson. A new accident model for engineering safer systems. Safety Science, 42(4):237-270, Apr. 2004.
32. B. Littlewood. The use of proof in diversity arguments. IEEE Transactions on Software Engineering, 26(10):1022-1023, Oct. 2000.
33. B. Littlewood and D. Wright. The use of multi-legged arguments to increase confidence in safety claims for software-based systems: a study based on a BBN analysis of an idealised example. IEEE Transactions on Software Engineering, 33(5):347-365, May 2007.
34. E. Lloyd and W. Tye. Systematic Safety: Safety Assessment of Aircraft Systems. Civil Aviation Authority, London, England, 1982. Reprinted 1992.
35. J. Lygeros, C. Tomlin, and S. Sastry. Controllers for reachability specifications for hybrid systems. Automatica, 35(3), March 1999.
36. Z. Manna and P. Wolper. Synthesis of communicating processes from temporal logic specifications. ACM Trans. Program. Lang. Syst., 6(1):68-93, 1984.
37. K. Marzullo. Tolerating failures of continuous-valued sensors. ACM Trans. Comput. Syst., 8(4):284-304, Nov. 1990.
38. S. P. Miller, A. C. Tribble, and M. P. E. Heimdahl. Proving the shalls. In K. Araki, S. Gnesi, and D. Mandrioli, editors, International Symposium of Formal Methods Europe, FME 2003, volume 2805 of Lecture Notes in Computer Science, pages 75-93, Pisa, Italy, Mar. 2001. Springer-Verlag.
39. F. Ortmeier, W. Reif, and G. Schellhorn. Formal safety analysis of a radio-based railroad crossing using deductive causeconsequence analysis (DCCA). In 5th European Dependable Computing Conference (EDDC), number 3463 in Lecture Notes in Computer Science, pages 210-224, Budapest, Hungary, 2005. Springer-Verlag.
40. C. Perrow. Normal Accidents: Living with High Risk Technologies. Basic Books, New York, NY, 1984.
41. A. Pnueli, E. Asarin, O. Maler, and J. Sifakis. Controller synthesis for timed automata. In Proc. System Structure and Control. Elsevier, 1998.
42. A. Pnueli and R. Rosner. On the synthesis of a reactive module. In POPL '89: Proceedings of the 16th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 179-190, New York, NY, USA, 1989. ACM Press.
43. P. J. G. Ramadge and W. M. Wonham. The control of discrete event systems. Proceedings of the IEEE, 77(1):81-98, Jan. 1989.
44. Requirements and Technical Concepts for Aviation, Washington, DC. DO-178B: Software Considerations in Airborne Systems and Equipment Certification, Dec. 1992. This document is known as EUROCAE ED-12B in Europe.
45. Requirements and Technical Concepts for Aviation, Washington, DC. DO-297: Integrated Modular Avionics (IMA) Development Guidance and Certification Considerations, Nov. 2005.
46. J. Rushby. Critical system properties: Survey and taxonomy. Reliability Engineering and System Safety, 43(2):189-219, 1994.
47. J. Rushby. Partitioning for avionics architectures: Requirements, mechanisms, and assurance. NASA Contractor Report CR-1999-209347, NASA Langley Research Center, June 1999. Available at http://techreports.larc.nasa.gov/ltrs/ PDF/1999/cr/NASA-99-cr209347.pdf; also issued by the FAA.
48. J. Rushby. Bus architectures for safety-critical embedded systems. In T. Henzinger and C. Kirsch, editors, EMSOFT 2001: Proceedings of the First Workshop on Embedded Software, volume 2211 of Lecture Notes in Computer Science, pages 306-323, Lake Tahoe, CA, Oct. 2001. Springer-Verlag.
49. J. Rushby. Modular certification. NASA Contractor Report CR-2002-212130, NASA Langley Research Center, Dec. 2002. Available at http://techreports.larc. nasa.gov/Itrs/ PDF/2002/cr/NASA-2002-cr212130.pdf.
50. J. Rushby. An overview of formal verification for the time-triggered architecture. In W. Damm and E.-R. Olderog, editors, Formal Techniques in Real-Time and Fault-Tolerant Systems, volume 2469 of Lecture Notes in Computer Science, pages 83-105, Oldenburg, Germany, Sept. 2002. Springer-Verlag.
51. J. Rushby. Using model checking to help discover mode confusions and other automation surprises. Reliability Engineering and System Safety, 75(2):167-177, Feb. 2002.
52. J. Rushby. Harnessing disruptive innovation in formal verification. In D. V. Hung and P. Pandya, editors, Fourth International Conference on Software Engineering and Formal Methods (SEFM), pages 21-28, Pune, India, Sept. 2006. IEEE Computer Society.
53. J. Rushby and R. DeLong. Toward an Integration Protection Profile for MILS. Computer Science Laboratory, SRI International, Menlo Park, CA, 2007. To appear.
54. U. Schmid and K. Schossmaier. How to reconcile faulttolerant interval intersection with the Lipschitz condition. Distributed Computing, 14(2):101-111, May 2001.
55. A. Tiwari. Abstractions for hybrid systems. Formal Methods in Systems Design, 2007. To appear, available at http://www.csl.sri.com/~tiwari/new. pdf.
56. W. Tsai. Service-oriented system engineering: a new paradigm. In IEEE International Workshop on Service-Oriented Systems Engineering (SOSE) 2005, pages 3-6, Oct. 2005.
57. UK Air Investigations Branch. AAIB Special Bulletin S1/2005: Airbus A340-642, G-VATL, 2005. Available at http://www.aaib.dft.gov.uk/ cms_resources/G-VATL_Special_Bulletinl.pdf.
58. UK Ministry of Defence. Interim Defence Standard 00-56, Issue 3: Safety Management Requirements for Defence Systems. Part 2: Guidance on Establishing a Means of Complying with Part 1, Dec. 2004. Available at http://www.dstan.mod.uk/data/00/056/02000300.pdf.