Abstract
Software environments have become increasingly sophisticated in recent years, giving rise to modern measuring instruments that use simple hardware sensors but defined with complex software. The conformity of such devices in the legally regulated sector is usually ensured by using version numbers or hashes over executable binaries, which is inefficient due to the sensitivity of hashes to even small changes in the code. However, the legal requirements could also be equally satisfied if the certified prototype and devices in field possess identical functional behavior, even when hashes differ. With such functional identification, the device manufacturers could gain the opportunity to introduce software patches or bugfixes without having to go through the complete mandatory certification process again. Based on the \(L^*\) algorithm, which learns the accepted language and hence the internal state model of the instrument software represented by deterministic finite automata, a risk-based method is proposed to realize automatic functional identification of software to a certain extent, thereby allowing continuous quality control of periodically updated measuring instruments without frequent manual certifications. Risk assessment is used to identify critical modifications introduced in monitored devices, which then triggers warnings for manual inspections when necessary. This article is an extended version of the work previously published in [7] and is envisioned to be a first step to realize fully automatic quality control for regulated measuring instruments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Guide to the expression of uncertainty in measurement - part 6: Developing and using measurement models. Techreport, Joint Committee for Guides in Metrology (JCGM), BIPM, Sèvres Cedex FRANCE (2020)
WELMEC 7.2 Software Guide. Standard, European cooperation in legal metrology, WELMEC Secretariat, Braunschweig (2022)
Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87–106 (1987)
EC: Directive 2014/32/EU of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of measuring instruments. Directive, European Union, Council of the European Union; European Parliament (2014)
Esche, M., Grasso Toro, F., Thiel, F.: Representation of attacker motivation in software risk assessment using attack probability trees. In: Proceedings of the Federated Conference on Computer Science and Information Systems, Prague, Czech Republic, pp. 763–771 (2017). https://doi.org/10.15439/2017F112
Esche, M., Grasso Toro, F.: Developing defense strategies from attack probability trees in software risk assessment. In: Proceedings of the Conference on Computer Science and Information Systems, pp. 527–536 (2020)
Esche, M., Ho, L., Nischwitz, M., Meyer, R.: Risk-based continuous quality control for software in legal metrology. In: Proceedings of the 18th Conference on Computer Science and Intelligence Systems, pp. 445–455. FedCSIS (2023)
ISO/IEC: ISO/IEC 18045:2008 Common Methodology for Information Technology Security Evaluation. Standard, International Organization for Standardization, Geneva, CH, Version 3.1 Revision 4 (2008)
ISO/IEC: ISO/IEC 27005:2011(e) Information technology - Security techniques - Information security risk management. Standard, International Organization for Standardization, Geneva, CH (2011)
Jang, M.: Linux Patch Management: Keeping Linux Systems Up to Date, 1st edn. Prentice Hall, Hoboken (2006)
Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis - The CORAS Approach. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-12323-8
Mealy, G.H.: A method for synthesizing sequential circuits. Bell Syst. Tech. J. 34(5), 1045–1079 (1955)
Neubauer, J., Windmüller, S., Steffen, B.: Risk-based testing via active continuous quality control. Int. J. Softw. Tools Technol. Transfer 16, 569–591 (2014). https://doi.org/10.1007/s10009-014-0321-6
Shafiee, M., Enjema, E., Kolios, A.: An integrated FTA-FMEA model for risk analysis of engineering systems: a case study of subsea blowout preventers. Appl. Sci. 9(6), 1192 (2019)
Shahbaz, M., Groz, R.: Inferring mealy machines. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 207–222. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05089-3_14
Sipser, M.: Introduction to the Theory of Computation, 2nd edn. Thomson, Boston (2006)
TechTopics: Functional testing - an informative guide for beginners. techreport 22, TestingXperts (2022)
Windmüller, S., Neubauer, J., Steffen, B., Howar, F., Bauer, O.: Active continuous quality control. In: Proceedings of the International Symposium on Component-Based Software Engineering, pp. 111–120. ACM (2013)
Yan, S., Tang, B., Luo, J., Fu, X., Zhang, X.: Unsupervised anomaly detection with variational auto-encoder and local outliers factor for KPIs. In: 2021 IEEE International Conference on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking, pp. 476–483. IEEE (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ho, L.C.X., Esche, M., Nischwitz, M., Meyer, R., Glesner, S. (2024). A Proposal for Functional Software Identification Using Risk-Based Continuous Quality Control. In: Jarzębowicz, A., Luković, I., Przybyłek, A., Staroń, M., Ahmad, M.O., Ochodek, M. (eds) Software, System, and Service Engineering. KKIO 2023. Lecture Notes in Business Information Processing, vol 499. Springer, Cham. https://doi.org/10.1007/978-3-031-51075-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-51075-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51074-8
Online ISBN: 978-3-031-51075-5
eBook Packages: Computer ScienceComputer Science (R0)