ABSTRACT
As software is rapidly being embedded into major parts of our society, ranging from medical devices and self-driving vehicles to critical infrastructures, potential risks of software failures are also growing at an alarming pace. Existing certification processes, however, suffer from a lack of rigor and automation, and often incur a significant amount of manual effort on both system developers and certifiers. To address this issue, we propose a substantially automated, cost-effective certification method, backed with a novel analysis synthesis technique to automatically generate application-specific analysis tools that are custom-tailored to producing the necessary evidence. The outcome of this research promises to not only assist software developers in producing safer and more reliable software, but also benefit industrial certification agencies by significantly reducing the manual effort of certifiers. Early validation flows from experience applying this approach in constructing an assurance case for a surgical robot system in collaboration with the Center for the Advanced Surgical Technology.
- The Center for Advanced Surgical Technology. https://www.unmc.edu/cast/.Google Scholar
- D. Alrajeh, J. Kramer, A. Russo, and S. Uchitel. Learning operational requirements from goal models. In ICSE, pages 265--275, 2009.Google ScholarDigital Library
- T. Carlson and E. Van Wyk. Type Qualifiers As Composable Language Extensions. In Proceedings of GPCE, pages 91--103, 2017.Google ScholarDigital Library
- C. David, P. Kesseli, D. Kroening, and M. Lewis. Program Synthesis for Program Analysis. ACM Trans. Program. Lang. Syst., 40(2):5:1--5:45, May 2018.Google ScholarDigital Library
- W. Dietl, S. Dietzel, M. D. Ernst, K. Muşlu, and T. W. Schiller. Building and Using Pluggable Type-checkers. In Proceedings of ICSE, pages 681--690, 2011.Google ScholarDigital Library
- J. S. Foster, M. Fähndrich, and A. Aiken. A theory of type qualifiers. In PLDI, pages 192--203, 1999.Google ScholarDigital Library
- D. Giannakopoulou, C. S. Pasareanu, and H. Barringer. Assumption generation for software component verification. In ASE, pages 3--12, 2002.Google ScholarDigital Library
- C. S. Gordon. Synthesizing program-specific static analyses. https://arxiv.org/abs/1810.06600, 2018.Google Scholar
- I. Incer, A. Sangiovanni-Vincentelli, C.-W. Lin., and E. Kang. Quotient for Assume-Guarantee Contracts. In Proceedings of MEMOCODE, 2018.Google ScholarCross Ref
- D. Jackson. Software Abstractions: Logic, language, and analysis. MIT Press, 2006.Google ScholarDigital Library
- D. Jackson. Software for Dependable Systems: Sufficient Evidence? National Academies Press, 2007.Google ScholarDigital Library
- T. Kelly and R. Weaver. The goal structuring notation-a safety argument notation. In Dependable Systems and Networks (DSN) Workshop on Assurance Cases, 2004.Google Scholar
- É. Leverett, R. Clayton, and R. Anderson. Standardisation and certification of the internet of things. In Proceedings of WEIS, 2017.Google Scholar
- N. Mansoor, J. A. Saddler, B. Silva, H. Bagheri, M. B. Cohen, and S. Farritor. Modeling and testing a family of surgical robots: an experience report. In Proceedings of ESEC/FSE, 2018.Google ScholarDigital Library
- J. P. Near, A. Milicevic, E. Kang, and D. Jackson. A lightweight code analysis and its role in evaluation of a dependability case. In ICSE, pages 31--40. ACM, 2011.Google ScholarDigital Library
- S. Pernsteiner, C. Loncaric, E. Torlak, Z. Tatlock, X. Wang, M. D. Ernst, and J. Jacky. Investigating safety of a radiotherapy machine using system models with pluggable checkers. In Proceedings of CAV, pages 23--41, 2016.Google ScholarCross Ref
- U.S. Food and Drug Administration (FDA). List of Device Recalls. https://www.fda.gov/medicaldevices/safety/listofrecalls. Accessed: 2018-11-14.Google Scholar
- U.S. Food and Drug Administration (FDA). General principles of software validation; final guidance for industry and fda staff. httpsr://www.fda.gov/downloads/medicaldevices/.../ucm085371.pdf, 2017.Google Scholar
- J. Xiang, J. C. Knight, and K. J. Sullivan. Real-world types and their application. In Proceedings of SAFECOMP, pages 471--484, 2015.Google ScholarDigital Library
- Synthesis of assurance cases for software certification
Comments