Transcript Software Certification

Tom Maibaum
Certification of Safety
Critical Software
Intensive Systems
an
Ontario Research Fund
Project
1st Public Workshop
11 November 2011
Software Certification at McMaster


About 5 years ago, SQRL started a “Software
Certification Initiative” – not much interest
August 2007 started the “Software Certification
Consortium” – academia, industry, regulators
 More
successful than we anticipated. Great buy-in
from all sectors. FDA and NRC are front-and-centre!

In partnership with 2 Universities and 8
industrial/research partners, we were awarded
funding for a major, 5 year, $21M project on
software certification
1
Aims and Objectives
AMD
McMaster University
Atomic Energy Canada Ltd
U of Waterloo
Biosign Technologies Inc
Center for Integration of Medicine York U
and Innovative Technology
Legacy Systems International Inc
QNX Software Systems International
Corp
Ontario Power Generation Inc
Systemware Innovation Corp
2
A CDN $21,000,000 Collaboration



$7M funding from MRI Ontario through
ORF-RE programme
$7M funding from the host academic
institutions
$7M funding (cash and in kind) from
collaborating companies
3
Vision



To lead the research and development of
product-focused certification standards and
processes for critical software applications
To establish a Centre for Software
Certification at McMaster University
To establish Ontario and Canada as a global
leader for software certification research, its
application and its exploitation
4
Objectives

To create methodologies and tools that will






revolutionize the process of certifying critical software applications
facilitate the development of critical software applications that comply with
these new certification standards.
To build a certification laboratory with the facilities and staff
capable of certifying critical software applications
To establish experimental facilities to test and demonstrate
the effectiveness of proposed metrics, tools and methods
To build and maintain a repository of software certification
knowledge and certified software components (libraries)
To promote the use of these methods, tools and
experimental facilities by establishing professional education
programmes and engaging in technology transfer and
commercialization activities
5
Key Application Domains




There are many application domains in which software plays
an indispensable role
The global embedded systems market alone is expected to
reach $200 billion by 2012, and a large part of this market is
for safety critical devices
However, there are a few domains that are of paramount
importance in Ontario. These domains likely will be driven to
direct research towards certified, or at least, highly
dependable software applications
The key domains are: medical devices, nuclear power,
health information systems, and financial information
systems. Not only are these application domains critical to
Ontario’s economy, they also present different regulatory
and unit cost environments
6
Research Goals
“The goal of certification is to systematically determine, based
on the principles of science, engineering and measurement
theory, whether an artefact satisfies accepted, well defined
and measurable criteria”





Use existing software engineering knowledge to develop
appropriate product focused standards and audit points for critical
software in the specific domains
Develop cost-effective certification processes based on the above
standards
Produce cost-effective, yet rigorous methods, based on existing
practice, for developing software applications that satisfy the
certification standards discussed above
Develop improved tools for the development and certification of
critical software
Compile a Software Knowledge Repository
7
AECL


Investigate the use of field programmable logic
devices for safety critical reactor shut down
systems
The work will involve, among other things:
a
feasibility study, prototype design of an FPGA-based
safety system
 qualification of development and verification tools
 the creation of an IP library of pre-qualified hardware
components that can be combined to create licensable
safety critical systems
8
OPG

The proposed research on software certification will meet
important needs of both the Nuclear New Build project and
current operating Nuclear stations in the following ways:





Assessment of Delivered System - research on product based
evidence required for software certification
Research into how to produce product based evidence from an
existing software system will play an important role in obtaining timely
regulatory approval
Qualification of pre developed software intensive systems processes for evaluating software systems and determining the type
and quantity of evidence required for certification based upon the
level of criticality of the system
Effect of separating control from safety
Also looking at replacement of SDS using FPGAs
9
SWI

Collaborate with the project team to investigate:
 techniques
and standards for the qualification of third
party software in the context of critical applications
(CSA N290.14-07 Standard)
 Assess the adequacy of the Standard in preparation
for an imminent review of it
 Provide tools to support the identification of the
source of errors in code using log file analysis
10
LSI

Investigate the role of certification in the context
of legacy system migration. In particular
 guaranteeing
the maintenance of the behaviour
(including erroneous behaviour) of an application
after a change of compiler
 guaranteeing the maintenance of the behaviour of an
application after the upgrade of an underlying
database system
 guaranteeing the maintenance of the behaviour of an
application after migration to a new hardware or
systems platform
11
BioSign


Integrate rigorous methods into their software engineering
processes to provide the quality required for biomedical
devices and their licensing
Immediately interested in the following research topics:






testability issues in distributed medical instrumentation &
measurement,
usability issues in browser based, device driven health monitoring,
and
technical error detection, handling, and correction (at run time).
test case generation from formal specifications to complement their
current system validation process
Verification of numerical software
Supporting a pilot market study in Europe (in cooperation with the
FDA)
12
QNX

Allow system developers to build future,
complex, adaptive but still certifiable safety
critical systems
 Investigating
the use of dynamic run-time
instrumentation and analysis technology for
debugging, testing, and certification of safety
critical software intensive systems
 Investigating real time software technology and
operating system support that on the one hand
facilitates certification and on the other hand
supports dynamic updates at run time.
13
AMD


Interest in modelling software features, their
interdependencies, and their mapping to implementation
code and runtime behaviour in order to support impact
analysis of new feature requests and the maintenance and
debugging of the existing features
Research will include:



the investigation of adaptive instrumentation of driver software to
collect runtime information while minimizing the perturbation of the
analyzed software
modelling of software feature interactions and ways to automatically
maintain such models and their mapping to code as the code base
evolves
new ways to model and analyse existing and planned software
features to strengthen AMD's capabilities to deliver to their customers
more innovation in shorter time and at high quality
14
CIMIT

Collaborate with the project team on the
following:
 researching
means for seamless, safe, and reliable
integration of medical devices into a network of
devices
 verification and validation procedures for dynamically
changing networked systems, specifically in the
context of medical devices
 middleware software abstractions that facilitate
certification
15
Central Themes





Safety in the context of functional and other
properties
Prescriptive engineering methods for
software/systems design
Putting safety and assurance cases on a
scientific footing
Domain specific, prescriptive safety
requirements and associated engineering
methods for evaluation
“Constructive” safety cases
16