Dependable Software Systems Engineering

We are all increasingly dependent on software systems to run the technology we use every day, so we need these systems to be both reliable and safe. This book presents papers from the NATO Advanced Study Institute Summer School Dependable Software Systems Engineering, held in Marktoberdorf, Germany, in July and August 2014. Lecturers were drawn from prestigious research groups representing both industry and academia, and the course was designed as an in-depth presentation and teaching of state-of-the-art scientific techniques and methods covering research and industrial practice as well as scientific principles. Topics covered included: syntax-guided synthesis; system behaviors and problem frames; dependable human-intensive systems; automatic alias analysis and frame inference; fault-based testing; and mechanized unifying theories of programming. Marktoberdorf is one of the most renowned international computer science summer schools, and this book, with its detailed overview of current research results and the discussion and development of new ideas will be of interest to all those whose work involves the engineering of dependable software systems.

Cyber-physical systems closely combine and coordinate subsystems consisting of both computational and physical elements. Such systems have become indispensable in the fields of aerospace, automotive and the automation industries, as well as in consumer appliances. Safety, security and reliability are all essential elements of the trustworthiness of these modern cyber-physical systems. Protecting the data within such systems from external attack (security) and protecting the environment from any potential malfunction or misuse of these systems (safety) are subjects traditionally considered separately, but a closer look reveals that techniques for the construction and analysis of the software-based systems used in both security and safety are not necessarily fundamentally different.This book presents papers from the 2016 Marktoberdorf summer school on software engineering, held in Marktoberdorf, Germany, in August 2016. As its title - Dependable Software Systems Engineering - suggests, the lectures at this summer school explored various aspects of the engineering of more dependable software systems, and the 10 lectures included here cover subjects from programming languages and formal analysis tools to verification, validation and assurance.The book will be of interest to all those whose work involves the development and testing of more reliable and secure software systems.

Almost all technical systems currently either interface with or are themselves largely software systems. Software systems must not harm their environment, but are also often vulnerable to security attacks with potentially serious economic, political, and physical consequences, so a better understanding of security and safety and improving the quality of complex software systems are crucial challenges for the functioning of society. This book presents lectures from the 2018 Marktoberdorf summer school Engineering Secure and Dependable Software Systems, an Advanced Study Institute of the NATO Science for Peace and Security Programme. The lectures give an overview of the state of the art in the construction and analysis of safe and secure systems. Starting from the logical and semantic foundations that enable reasoning about classical software systems, they extend to the development and verification of cyber-physical systems, which combine computational and physical components and have become pervasive in aerospace, automotive, industry automation, and consumer appliances. Safety and security have traditionally been considered separate topics, but several lectures in this summer school emphasize their commonalities and present analysis and construction techniques that apply to both. The book will be of interest to all those working in the field of software systems, and cyber-physical systems in particular.

Because almost all technical systems are more or less interfaced with software these days, attacks against computer systems can cause considerable economic and physical damage. For this reason, understanding the dependability of such systems, as well as the improvement of cyber security and its development process, are amongst the most challenging and crucial issues in current computer science research. This book contains the lectures from the NATO Advanced Study Institute (ASI) Summer School entitled Engineering Dependable Software Systems, held in Marktoberdorf, Germany, in July and August 2012. This two week course for young computer scientists and mathematicians working in the field of formal software and systems was designed to give an in-depth presentation of state-of-the-art topics in the field, as well as promoting international contacts and collaboration and the teaming up of leading researchers and young scientists. The 12 lectures delivered at the school and presented here cover subjects including: model-based testing, formal modeling and verification, deductively verified software, model checking, performance analysis, integrating risk analysis, embedded systems and model checking, among others. The book will be of interest to all those whose work involves the development of large-scale, reliable and secure software systems.

Fundamentals of Dependable Computing for Software Engineers presents the essential elements of computer system dependability. The book describes a comprehensive dependability-engineering process and explains the roles of software and software engineers in computer system dependability. Readers will learn: Why dependability matters What it means for a system to be dependable How to build a dependable software system How to assess whether a software system is adequately dependable The author focuses on the actions needed to reduce the rate of failure to an acceptable level, covering material essential for engineers developing systems with extreme consequences of failure, such as safety-critical systems, security-critical systems, and critical infrastructure systems. The text explores the systems engineering aspects of dependability and provides a framework for engineers to reason and make decisions about software and its dependability. It also offers a comprehensive approach to achieve software dependability and includes a bibliography of the most relevant literature. Emphasizing the software engineering elements of dependability, this book helps software and computer engineers in fields requiring ultra-high levels of dependability, such as avionics, medical devices, automotive electronics, weapon systems, and advanced information systems, construct software systems that are dependable and within budget and time constraints.

The focus of Software for Dependable Systems is a set of fundamental principles that underlie software system dependability and that suggest a different approach to the development and assessment of dependable software. Unfortunately, it is difficult to assess the dependability of software. The field of software engineering suffers from a pervasive lack of evidence about the incidence and severity of software failures; about the dependability of existing software systems; about the efficacy of existing and proposed development methods; about the benefits of certification schemes; and so on. There are many anecdotal reports, which-although often useful for indicating areas of concern or highlighting promising avenues of research-do little to establish a sound and complete basis for making policy decisions regarding dependability. The committee regards claims of extraordinary dependability that are sometimes made on this basis for the most critical of systems as unsubstantiated, and perhaps irresponsible. This difficulty regarding the lack of evidence for system dependability leads to two conclusions: (1) that better evidence is needed, so that approaches aimed at improving the dependability of software can be objectively assessed, and (2) that, for now, the pursuit of dependability in software systems should focus on the construction and evaluation of evidence. The committee also recognized the importance of adopting the practices that are already known and used by the best developers; this report gives a sample of such practices. Some of these (such as systematic configuration management and automated regression testing) are relatively easy to adopt; others (such as constructing hazard analyses and threat models, exploiting formal notations when appropriate, and applying static analysis to code) will require new training for many developers. However valuable, though, these practices are in themselves no silver bullet, and new techniques and methods will be required in order to build future software systems to the level of dependability that will be required.

The focus of Software for Dependable Systems is a set of fundamental principles that underlie software system dependability and that suggest a different approach to the development and assessment of dependable software. Unfortunately, it is difficult to assess the dependability of software. The field of software engineering suffers from a pervasive lack of evidence about the incidence and severity of software failures; about the dependability of existing software systems; about the efficacy of existing and proposed development methods; about the benefits of certification schemes; and so on. There are many anecdotal reports, which-although often useful for indicating areas of concern or highlighting promising avenues of research-do little to establish a sound and complete basis for making policy decisions regarding dependability. The committee regards claims of extraordinary dependability that are sometimes made on this basis for the most critical of systems as unsubstantiated, and perhaps irresponsible. This difficulty regarding the lack of evidence for system dependability leads to two conclusions: (1) that better evidence is needed, so that approaches aimed at improving the dependability of software can be objectively assessed, and (2) that, for now, the pursuit of dependability in software systems should focus on the construction and evaluation of evidence. The committee also recognized the importance of adopting the practices that are already known and used by the best developers; this report gives a sample of such practices. Some of these (such as systematic configuration management and automated regression testing) are relatively easy to adopt; others (such as constructing hazard analyses and threat models, exploiting formal notations when appropriate, and applying static analysis to code) will require new training for many developers. However valuable, though, these practices are in themselves no silver bullet, and new techniques and methods will be required in order to build future software systems to the level of dependability that will be required.

Cyber-physical systems (CPSs) consist of software-controlled computing devices communicating with each other and interacting with the physical world through sensors and actuators. Because most of the functionality of a CPS is implemented in software, the software is of crucial importance for the safety and security of the CPS. This book presents principle-based engineering for the development and operation of dependable software. The knowledge in this book addresses organizations that want to strengthen their methodologies to build safe and secure software for mission-critical cyber-physical systems. The book: • Presents a successful strategy for the management of vulnerabilities, threats, and failures in mission-critical cyber-physical systems; • Offers deep practical insight into principle-based software development (62 principles are introduced and cataloged into five categories: Business & organization, general principles, safety, security, and risk management principles); • Provides direct guidance on architecting and operating dependable cyber-physical systems for software managers and architects.