Skip to main content
SpringerLink
Log in

Runtime Certification

  • Conference paper
Runtime Verification (RV 2008)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5289))

Included in the following conference series:

Abstract

Software often must be certified for safety, security, or other critical properties. Traditional approaches to certification require the software, its systems context, and all their associated assurance artifacts to be available for scrutiny in their final, completed forms. But modern development practices often postpone the determination of final system configuration from design time to integration time, load time, or even runtime. Adaptive systems go beyond this and modify or synthesize functions at runtime.

Developments such as these require an overhaul to the basic framework for certification, so that some of its responsibilities also may be discharged at integration-, load- or runtime.

We outline a suitable framework, in which the basis for certification is changed from compliance with standards to the construction of explicit goals, evidence, and arguments (generally called an “assurance case”). We describe how runtime verification can be used within this framework, thereby allowing certification partially to be performed at runtime or, more provocatively, enabling “runtime certification.”

This work was supported by National Science Foundation Grant CNS-0720908 and by NASA Cooperative Agreement NNX08AC64A.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Havelund, K., Rosu, G.: Efficient monitoring of safety properties. Software Tools for Technology Transfer 6(2), 158–173 (2004)

    Article  Google Scholar 

  2. Parnas, D.: Software aging. In: 16th International Conference on Software Engineering, pp. 279–287. IEEE Computer Society, Sorrento (May 1994)

    Google Scholar 

  3. Requirements and Technical Concepts for Aviation Washington, DC: DO-178B: Software Considerations in Airborne Systems and Equipment Certification, This document is known as EUROCAE ED-12B in Europe (December 1992)

    Google Scholar 

  4. Chilenski, J.J., Miller, S.P.: Applicability of modified condition/decision coverage to software testing. Issued for information under FAA memorandum ANM-106N:93-20 (August 1993)

    Google Scholar 

  5. Bishop, P., Bloomfield, R.: A methodology for safety case development. In: Safety-Critical Systems Symposium, Birmingham, UK (February 1998), http://www.adelard.com/resources/papers/pdf/sss98web.pdf

  6. UK Ministry of Defence: Interim Defence Standard 00-56, Issue 3: Safety Management Requirements for Defence Systems. Part 2: Guidance on Establishing a Means of Complying with Part 1 (December 2004)

    Google Scholar 

  7. Safety Regulation Group, UK Civil Aviation Authority: Air Traffic Services Safety Requirements, CAP 670 (2005)

    Google Scholar 

  8. Jackson, D., Thomas, M., Millett, L.I.: Software for Dependable Systems: Sufficient Evidence? National Academies Press, Washington (May 2007)

    Google Scholar 

  9. Toulmin, S.E.: The Uses of Argument. Cambridge University Press, Cambridge (2003); Updated edition (the original is dated 1958)

    Book  Google Scholar 

  10. Bishop, P., Bloomfield, R., Guerra, S.: The future of goal-based assurance cases. In: DSN Workshop on Assurance Cases: Best Practices, Possible Obstacles, and Future Opportunities, Florence, Italy (July 2004), http://www.aitcnet.org/AssuranceCases/agenda.html

  11. Adelman, L., Lehner, P.E., Cheikes, B.A., Taylor, M.F.: An empirical evaluation of structured argumentation using the Toulmin argument formalism. IEEE Transactions on Systems, Man, and Cybernetics—Part A: Systems and Humans 37(3), 340–347 (2007)

    Article  Google Scholar 

  12. Fitelson, B.: Studies in Bayesian Confirmation Theory. PhD thesis, Department of Philosophy, University of Wisconsin, Madison (May 2001), http://fitelson.org/thesis.pdf

  13. Joyce, J.M.: On the plurality of probabilist measures of evidential relevance. In: Bayesian Epistemology Workshop of the 26th International Wittgenstein Symposium, Kirchberg, Austria (August 2003), http://www.uni-konstanz.de/ppm/kirchberg/Joyce_1.pdf

  14. Barringer, H., Rydeheard, D., Havelund, K.: Rule systems for run-time monitoring: From Eagle to RuleR. In: Sokolsky, O., Taşıran, S. (eds.) RV 2007. LNCS, vol. 4839, pp. 111–125. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  15. Monitoring-Oriented Programming (MOP) home page, http://fsl.cs.uiuc.edu/index.php/Monitoring-Oriented_Programming

  16. Australian Transport Safety Bureau: In-flight upset event, 240 km north-west of Perth, WA, Boeing Company 777-200, 9M-MRG, Reference number Mar2007/DOTARS 50165. aair200503722.aspx. (August 1, 2005) (March 2007), http://www.atsb.gov.au/publications/investigation_reports/2005/AAIR/aair200503722.aspx

  17. Denning, D.E.: An intrusion-detection model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)

    Article  Google Scholar 

  18. Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proceedings of the Symposium on Security and Privacy, pp. 156–168. IEEE Computer Society, Oakland (May 2001)

    Google Scholar 

  19. Ernst, M.D., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering 27(2), 99–123 (2001)

    Article  Google Scholar 

  20. Chapront, P.: Vital coded processor and safety related software design. In: Frey, H.H. (ed.) Safety of Computer Control Systems (SAFECOMP 1992), Zurich, Switzerland, International Federation of Automatic Control, pp. 141–145 (October 1992)

    Google Scholar 

  21. International Electrotechnical Commission Geneva, Switzerland: IEC 61508—Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems (March 2004)

    Google Scholar 

  22. Liblit, B.: Cooperative Bug Isolation. Winning Thesis of the 2005 ACM Doctoral Dissertation Competition. LNCS, vol. 4440. Springer, Heidelberg (May 2007)

    MATH  Google Scholar 

  23. Conmy, P.: Safety Analysis of Computer Resource Management Software. PhD thesis, Department of Computer Science, University of York, UK (2005)

    Google Scholar 

  24. Amey, P., Hilton, A.J.: Practical experiences of safety- and security-critical technologies. Ada User Journal 22(1) (March 2001)

    Google Scholar 

  25. Ankrum, T.S., Kromholz, A.H.: Structured assurance cases: Three common standards. In: High-Assurance Systems Engineering Symposium (HASE 2005). IEEE Computer Society, Heidelberg (2005)

    Google Scholar 

  26. Society of Automotive Engineers: Aerospace Recommended Practice (ARP) 4754: Certification Considerations for Highly-Integrated or Complex Aircraft Systems (November 1996)

    Google Scholar 

  27. Society of Automotive Engineers: Aerospace Recommended Practice (ARP) 4761: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment (December 1996)

    Google Scholar 

  28. Anderson, J.P.: Computer security technology planning study. Technical Report ESD-TR-73-51, US Air Force (October 1972) (Two volumes)

    Google Scholar 

  29. Rushby, J.: Kernels for safety? In: Anderson, T. (ed.) Safe and Secure Computing Systems, pp. 210–220. Blackwell Scientific Publications, Malden (1989)

    Google Scholar 

  30. Wika, K.G., Knight, J.C.: On the enforcement of software safety policies. In: COMPASS 1995 (Proceedings of the Tenth Annual Conference on Computer Assurance), Gaithersburg, MD, IEEE Washington Section, pp. 83–93 (June 1995)

    Google Scholar 

  31. Schneider, F.: Enforceable security policies. ACM Transactions on Information and System Security 3(1), 30–50 (2000)

    Article  MathSciNet  Google Scholar 

  32. Alpern, B., Schneider, F.B.: Defining liveness. Information Processing Letters 21(4), 181–185 (1985)

    Article  MathSciNet  MATH  Google Scholar 

  33. UK Air Investigations Branch: AAIB Special Bulletin S1/2005: Airbus A340-642, G-VATL (2005), http://www.aaib.dft.gov.uk/cms_resources/G-VATL_Special_Bulletin1.pdf

  34. de Alfaro, L., Henzinger, T.A.: Interface automata. In: Proceedings of the Ninth Annual Symposium on Foundations of Software Engineering (FSE), Association for Computing Machinery, pp. 109–120 (2001)

    Google Scholar 

  35. Taylor, D.J., Morgan, D.E., Black, J.P.: Redundancy in data structures: Improving software fault tolerance. IEEE Transactions on Software Engineering 6(6), 585–594 (1980)

    Article  MathSciNet  MATH  Google Scholar 

  36. Reiter, R.: A theory of diagnosis from first principles. Artificial Intelligence 32, 57–95 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  37. Williams, B.C., Ingham, M., Chung, S.H., Elliott, P.H.: Model-based programming of intelligent embedded systems and robotic space explorers. Proceedings of the IEEE 91(3), 212–237 (2003)

    Article  Google Scholar 

  38. Abbott, K.H., Schutte, P.C., Palmer, M.T., Ricks, W.R.: Faultfinder: A diagnostic expert system with graceful degradation for onboard aircraft applications. In: Proceedings, 14th Symposium on Aircraft Integrated Monitoring Systems, Friedrichshafen, W. Germany (September 1987)

    Google Scholar 

  39. Crow, J., Rushby, J.: Model-based reconfiguration: Toward an integration with diagnosis. In: Proceedings, AAAI 1991, Anaheim, CA, vol. 2, pp. 836–841 (July 1991)

    Google Scholar 

  40. Grottke, M., Trivedi, K.: Fighting bugs: Remove, retry, replicate, and rejuvenate. IEEE Computer, 107–109 (February 2007)

    Google Scholar 

  41. Ammann, P.E., Knight, J.C.: Data diversity: An approach to software fault tolerance. IEEE Transactions on Computers 37(4), 418–425 (1998)

    Article  Google Scholar 

  42. Anderson, T., Kerr, R.: Recovery blocks in action: A system supporting high reliability. In: Proceedings of the 2nd International Conference on Software Engineering, pp. 447–457. IEEE Computer Society, San Francisco (1976)

    Google Scholar 

  43. Anderson, T., Witty, R.W.: Safe programming. BIT 18, 1–8 (1978)

    Article  MATH  Google Scholar 

  44. Sha, L.: Using simplicity to control complexity. IEEE Software 18(4), 20–28 (2001)

    Article  Google Scholar 

  45. Ramadge, P.J.G., Wonham, W.M.: The control of discrete event systems. Proceedings of the IEEE 77(1), 81–98 (1989)

    Article  MATH  Google Scholar 

  46. Pnueli, A., Rosner, R.: On the synthesis of a reactive module. In: 16th ACM Symposium on Principles of Programming Languages, pp. 179–190 (1989)

    Google Scholar 

  47. Rushby, J.: Using model checking to help discover mode confusions and other automation surprises. Reliability Engineering and System Safety 75(2), 167–177 (2002)

    Article  Google Scholar 

  48. Bauer, A., Leucker, M., Schallhart, C.: Model-based runtime analysis of distributed reactive systems. In: Proceedings of the Australian Software Engineering Conference (ASWEC 2006), Sydney, Australia, pp. 243–252 (April 2006)

    Google Scholar 

  49. Lee, I., Kannan, S., Kim, M., Sokolsky, O., Viswanathan, M.: Runtime assurance based on formal specifications. In: Proceedings of International Conference on Parallel and Distributed Processing Techniques and Applications, Las Vegas, NV, pp. 279–287 (June 1999)

    Google Scholar 

  50. Hollnagel, E., Woods, D.D., Leveson, N. (eds.): Resilience Engineering, Ashgate (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Laboratory SRI International, 333 Ravenswood Avenue, Menlo Park, CA 94025, USA

    John Rushby

Authors
  1. John Rushby
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Informatics I4, TU Munich, Boltzmannstr. 3, 85748, Garching, Germany

    Martin Leucker

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rushby, J. (2008). Runtime Certification. In: Leucker, M. (eds) Runtime Verification. RV 2008. Lecture Notes in Computer Science, vol 5289. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89247-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89247-2_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89246-5

  • Online ISBN: 978-3-540-89247-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation