90 likes | 471 Views
Critical Systems Validation. Need to verify & validate:. Reliability How likely that system behaves correctly?. Safety How likely is system to cause damage?. Security How likely can system defend against accidental or deliberate intrusion?.
E N D
Critical Systems Validation Need to verify & validate: • Reliability • How likely that system behaves correctly? • Safety • How likely is system to cause damage? • Security • How likely can system defend against accidental or deliberate intrusion? Ch.21 - Critical Systems Validation
Critical Systems ValidationFormal Methods • Goal: prove implementation correct • Problems: • Requires specialized skills (programmers are not mathematicians) [see Chapter 9] • Doesn’t scale well Ch.21 - Critical Systems Validation
Critical Systems ValidationFormal Methods • Goal: prove implementation correct • Problems: • Proof may contain errors (automated theorem provers helping with this) • Specification might not reflect actual requirements • Proof may make incorrect assumptions about usage patterns Ch.21 - Critical Systems Validation
Validating reliability Idealized approach: • Identify operational profiles • Probabilistic mix of classes of inputs • Based on profile of existing, similar systems • Prepare test data • Manual and generated • Apply tests • Wait for statistically significant number of failures; compute observed reliability Ch.21 - Critical Systems Validation
Validating reliability (con’t) But… • Operational profiles may be inaccurate • Particularly difficult for new systems • Test data generation may be expensive(automatic test generation can help) • Higher reliability standard • more accurate statistics • more failures • longer and longer runs Ch.21 - Critical Systems Validation
Safety assurance • Cheap form of formal proof • Demonstrate that program cannot arrive at unsafe state • Proof by contradiction • For each hazard condition • Assume the unsafe state • Backtrack through program, demonstrating that post-conditions of each path contradict the pre-conditions of the unsafe state Ch.21 - Critical Systems Validation
Insulin delivery code // The insulin dose to be delivered is a function of blood sugar // level, the previous dose delivered and the time of delivery // of the previous dose currentDose = computeInsulin(); // Safety check - adjust currentDose if necessary if (previousDose == 0) // if statement 1 { if (currentDose > 16) currentDose = 16; } else if (currentDose > (previousDose * 2)) currentDose = previousDose * 2; if (currentDose < minimumDose) // if statement 2 currentDose = 0; // then branch else if (currentDose > maxDose) // else branch currentDose = maxDose; administerInsulin(currentDose); Ch.21 - Critical Systems Validation
Run-time safety checking • Defensive programming • Insert inline assertions to catch dangerous faults • Can reduce runtime efficiency Ch.21 - Critical Systems Validation
Assessing system security • Experience-based validation • Apply well-known exploits • Tool-based validation • E.g., password checkers • Tiger teams • Ad-hoc attacks • Formal verification • Not widely used Ch.21 - Critical Systems Validation