SlideShare une entreprise Scribd logo

20140121 cisec-safety criticalsoftwaredevelopment

CISEC
CISEC

The document describes a seminar on software for embedded safety critical systems held in Toulouse, France in January 2014. The seminar included 10 sessions covering various topics related to software in safety critical domains such as aeronautics, automotive, space, etc. The sessions addressed issues like software assurance levels, standards, development processes, verification, and new technologies. Experts from companies like Airbus, Continental, and ONERA presented on topics specific to their domains. The seminar aimed to discuss challenges in developing software for critical systems and recognize best practices defined in international standards.

TechnologieBusiness
1  sur  41
Télécharger pour lire hors ligne
Seminar CISEC 2013/2014 Software for embedded safety critical systems Toulouse, january 2014 Hugues Bonnin
cisec Plus d’information à http://asso-cisec.org 2013-2014 Le lundi mardi, de 17h à 19h Série de Conférences Ingénierie des systèmes embarqués critiques 1- Introduction, systèmes critiques Aéronautique (P. Traverse, Airbus, 18/11/2013) Espace (JP. Blanquart, Astrium, 25/11/2013) Automobile (H. Foligné, Continental Automotive, 2/12/2013 Reportée, date à fixer) 2- Sûreté, historique Histoire de la sécurité du Concorde à l’A380 (JP. Heckmann, Apsys, 9/12/2013) Comparaison de normes de sûreté (JP. Blanquart, Astrium, JM. Astruc, Continental, 16/12/2013) 3- Développement logiciel, assurance (H. Bonnin, Capgemini, 21/1/2014) 4- Développement matériel, assurance Automobile (JP. Loncle, Continental, 28/1/2014) Aéronautique (P. Pons, Airbus, 11/2/2014) 5- Intégration système et compatibilité électromagnétique (JC. Gautherot, DGA) Partie 1, 18/2/2014 Partie 2, 25/2/2014 6- Interactions homme-système (F, Reuzeau, Airbus, P. Palanque, IRIT, 18/3/2014) 7- Chaîne de production d’électronique pour l’automobile (Continental, 25/3/2014) 8- Diagnostic et maintenance de systèmes (Actia, 1/4/2014) 9- Systèmes autonomes dans les transports (drones, aide à la conduite automobile) (ONERA, Continental, 8/4/2014) 10- Les systèmes domotiques (R. Alami, LAAS, 15/4/2014)
Abstract Software occupy an increasingly prominent place in the critical embedded systems : their size and complexity is increasing , while their criticality also continues to rise. In this context, how the aeronautical, space , automotive, industrial domains are facing these challenges ? Application of international standards is essential to define the scope of practices recognized by the community as " state of the art " in terms of producing safety critical software . What are these practices, the principles on which they are built ? Starting with (re)defining the concept of software criticality and placing this concept in the whole system, then we will try to answer all these questions. During this presentation , we will illustrate the point with examples from aeronautics, air traffic control , space , automotive or railway . Finally, we will take a look at some trends , particularly through standards recently released . Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 3
Contents 1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 4
1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 5
Principles : software is everywhere Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 6
Principles : software complexity increases Software Size 1000000 1 GLOC - A380 100000 12MB A330/A340 5MB - A320 2MB - A310 10000 1000 200KB - A300FF 100 23KB - A300B 10 4KB - Concorde 1 1960 1970 1980 1990 2000 2010 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 7
Principles : “brain juice”  Software is not material, it’s only « brain juice »…  It is a result of engineering, but without any physical manufacturing  At most it is a formalization understandable by machines.  As software is not physical, there is no real failure, but only errors. So, how to deal with that sort of problem ? How to kill bugs ? Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 8
Principles : the bibles DO178(B,C) /ED12(B,C) ISO 26262-chap6 … ECSS-Q-ST-80-C EN50128 ED153 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 9
1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 10
Regulation & Standards short story ICAO Navigabilité CS25 SES Circulation Aérienne EC 482/2008 CS25-1309 ARP-4754 DO178(B,C) DO-278(-,A) (See course chapter 2 « standards ») Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 11
1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 12
Level and system : assurance level definition  Embedded software is part of a system, which is submitted to safety analysis, and for which is assigned a safety objective (i.e. a maximum frequence of failure) linked to the criticality. (See course chapter 1 « avionic systems »)  Standards establishes a relationship between this criticality and the level of « severity » to which the software has to be developped  This relationship is more or less direct (depending on domain/standard) : Effect severity class Hazardous A Serious incident Major incident Significant incident 1 2 3 4 SWAL1 SWAL2 SWAL3 SWAL4 Possible Catastrophic Software level Accident Very Possible Criticallity SWAL2 SWAL3 SWAL3 SWAL4 Unlikely SWAL3 SWAL3 SWAL4 SWAL4 Very Unlikely SWAL4 SWAL4 SWAL4 SWAL4 likelyhood of generating such an effect B Major C Minor D DO178(B,C) approach ED153 approach Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 13
Level and System : different scales of level CNS/ATM ESARR, SAM, ECxx SWAL 1 SWAL 2 SWAL 3 SWAL 4 CNS/ATM ED109/ DO278 AL 1 AL 2 AL 3 AL 4 AL 5 AL 6 Aeronautical embedded software ED12B/ DO178B A B C other domains (nuclear, railway...) IEC 61508, EN 50128... SIL 4 SIL 3 SIL 2 D E SIL 1 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 14
Level and System : « feedback » to system level EAR/JAR/FAR Airworthiness requirements System Operational requirements SYSTEM LIFE CYCLE PROCESSES System Safety Assessment Process System Requirements Allocated to S/W S/W levels Design Constraints Derived Requirements Error Sources Identified/Eliminated Partitioning, ROM, RAM size, CPU, redundancy SOFTWARE LIFE CYCLE PROCESSES DO178(B,C) approach Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 15
Level and system : examples of software level  EN50128/SIL4 : Railway odometer of ERTMS  DO178B/Level B : BSCU  DO178B/Level C : FMS  ED109*/AL 4 : Display in ATM Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 16
1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 17
Standards : ground principles  Air Traffic Management regulation (ESARR6, and EC 482/2008), defines 4 General Safety Requirements :     Software requirements management Software implementation satisfy its requirements Software requirements traceability Software configuration management • NB : a 5th is added : no function which adversely affect safety  All these requirements are inherent in each standards of software development in aeronautics, the principle is « to be sure that the software is really what you want, and only what you want, at any time of its lifecycle » Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 18
Standards : ground principles Requirements Verification Verification measure Implementation  Requirements, Verification, Traceability Development Activity Verification Activity Verification of Verification Traceability Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 19
Standards : ground principles spec. test spec. test spec. test spec. test cov. cov. cov. implem. cov. implem. implem. space implem. space  Requirements, Verification, Traceability, Configuration management Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 20
Standards : ground principles Reason theory, the « swiss cheese » Rules, Controls Initial event Errors -Design -Operations -Maintenance incident accident Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 21
Standards : processes  « Cheese Slices Principle » in standards like DO178B Development Verification Verification of Verification Configuration Management Quality Certification Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 22
Standards : processes Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 23
Standards : processes System Requirements A3-2 Accuracy&Consistency A3-3 HW Compatiblity A3-4 Verifiability A3-1 Compliance A2-1,2 A3-6 Traceability A3-5 Conformance A3-7 Algorithm Accuracy High Level Requirements A4-8 Compatibility A4-9 Consitency A4-10 HW Compatiblity A4-11 Verifiability A4-12 Conformance A4-13 Partition Integrity A4-1 Compliance A4-6 Traceability A2-3,4,5 Software Architecture A5-2 Compliance A5-3 Verifiability A5-4 Conformance A5-6 Accuracy&Consitency Low Level Requirements A2-6 Source Code A5-7 Complete & Correct A2-7 A6-5 HW Compatiblity DO178B « christmas tree » Executable Object Code A4-2 A4-3 A4-4 A4-5 A4-7 Accuracy&Consistency HW Compatiblity Verifiability Conformance Algorithm Accuracy A5-1 Compliance A5-5 Traceability A6-1 Compliance A6-2 Robustness A6-3 Compliance A6-4 Robustness A7-1 Tests Correct A7-2 Results Correct A7-3,4 Reqs Coverage A7-5..8 Struct. Coverage Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 24
Standards : requirement processes  Requirements ellicitation, definition, refinement, is key in all standards  Granularity is hard to define, but fundamental for the total effort needed for the product  Example of ATM, where this point is not clearly defined Visibility depth Traceability links SWAL4 specifications SWAL3 architecture design SWAL2 code SWAL1 executable Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 25
Standards : design processes  Architecture has to be as simple as possible, to be demonstrable  For example, determinism allows to show, easily, that resources are sufficient It allows to prove, to show (even not formaly) It gives confidence Basics of « certification »  General principles are written, but no recommanded practices or solution are given  In DO178B/C activities (design, coding), to show that resources are sufficient (CPU, space) Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 26
Standards : coding processes  Programming languages can be used (using their compiler) ; constraints on them are more or less strong :  EN50128 imposes languages characteristics depending on level : ex. « strong typing language » for SIL 4  DO178B gives no recommandation : there is no difference between Ada usage, and assembly usage. • Theoritically, quite all languages can be used, given some « extra demonstration » is done • for level A, demonstration of « direct traceability » bw exec. code and source code (tricky) • NB : formal languages (like SCADE) not considered as programming languages, but specification languages  Coding rules are imposed : to « filter » the « bad practices » (i.e. risky ones) Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 27
Standards : verification processes (1/2)  Verification is fundamental  Several forms of verifications are accepted  Tests are the most accepted  But analysis and reviews are sometimes mandatory too (see « Christmas tree » of DO178B) • Peer reviews • Formal reviews • Demonstrations by analysis : – example : response times, WCET Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 28
Standards : verification processes (2/2)  Standards defines « high level tests », « low level tests »…  => in fact, it depends of the requirement level the test is aimed to cover  DO178 imposes that only requirement based tests are recognized (no structural testing)  Note that it inderectly answers to the problem of requirements granularity Direct link requirement/ structure Requirement Req. test Struct. Coverage test mesurement Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 29
Standards : composition (=> reuse)  Aeronautic : IMA (Integrated Modular Approach) (=> DO 297)  Principles are to make independant tests at each level + integration tests with the whole system Applicative Module Applicative Module  Problem of « Java Virtual Machine » : sort of composition ; it is helped by DO-332 (one of the DO178-C supplement) with Java (an extra-code) Applicative Module  To mix different assurance level  Platform has to be developped at highest Applicative Module  To communalise hardware and HW dependant software Executive (RTOS, BSP) Hardware Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 30
Standards : COTS (=> reuse)  COTS (Commercial On The Shelf) problem  By definition, not very compatible with the « show me how you work and I will be confident » principle : the processes are often « black boxes »  Two solutions :  Either the vendor is interested by direct application of standards to its processes • Its COTS become a « normal certifiable software »  Either the COTS is really not compliant to the processes transparency principle • Alternative means should be found : Very difficult to be standardised (see DO278A working group history…). Alternative methods DO278A Example Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 31
1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 32
Industrialization  All the processes imposed by standards demands efforts  Reproductibility of processes are demanded  Certification principles ask for proofs  => solution to productivity, reproductibility and provability is to have as more as possible tooled and automated processes. Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 33
Industrialization : Capgemini example Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 34
Qualification des outils (1/2) Specification Design Code Specification Executable Design Tool Qualified Tool Certification Efforts Transfert Code Certification Credit Development Activity Verification Activity Verification of Verification Executable Development Tool Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 35
Qualification des outils (2/2) Specification Certification Efforts Transfert Design Code Specification Executable Design Tool Qualified Tool Certification Credit Development Activity Verification Activity Verification of Verification Code Executable Qualified Verification Tool for embedded safety critical systems | january 2014 Software Copyright © Capgemini 2014. All Rights Reserved 36
1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 37
Contents 1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 38
Conclusion  Formal methods will (or not) enter into processes ?  EN50128 make them mandatory for a long time  DO178-C formal Method Supplement (DO333) introduce them precisely in aeronautic  What about COTS, intensive reuse, etc. vs safety constraints ?  Cf Hardware COTS problems (example of batteries….)  Is there a schism between software approaches for safety critical software and « normal? » software ? Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 39
The end Thank you. Any question ? Hugues Bonnin Critical Software Consultant hugues.bonnin@capgemini.com Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 40
About Capgemini With more than 120,000 people in 40 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2011 global revenues of EUR 9.7 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business ExperienceTM, and draws on Rightshore ®, its worldwide delivery model. Rightshore® is a trademark belonging to Capgemini www.capgemini.com The information contained in this presentation is proprietary. © 2012 Capgemini. All rights reserved.

Recommandé

Agile in MedTech: Essential Best Practices, and How to Support Them
Agile in MedTech: Essential Best Practices, and How to Support ThemAgile in MedTech: Essential Best Practices, and How to Support Them
Agile in MedTech: Essential Best Practices, and How to Support ThemIntland Software GmbH
 
How to Achieve Gapless End-to-End Traceability in Hardware and Software Devel...
How to Achieve Gapless End-to-End Traceability in Hardware and Software Devel...How to Achieve Gapless End-to-End Traceability in Hardware and Software Devel...
How to Achieve Gapless End-to-End Traceability in Hardware and Software Devel...Intland Software GmbH
 
IoT Development; Managing hardware and software Development
IoT Development; Managing hardware and software DevelopmentIoT Development; Managing hardware and software Development
IoT Development; Managing hardware and software DevelopmentIntland Software GmbH
 
Agile Development And Medtech
Agile Development And MedtechAgile Development And Medtech
Agile Development And MedtechRobert Ginsberg
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systemsevatjohnson
 
ISO 62304 & TIR 45
ISO 62304 & TIR 45ISO 62304 & TIR 45
ISO 62304 & TIR 45Havas Lynx Group
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
 
Security Testing
Security TestingSecurity Testing
Security TestingPratham Software (PSI)
 

Recommandé

Agile in MedTech: Essential Best Practices, and How to Support Them
Agile in MedTech: Essential Best Practices, and How to Support ThemAgile in MedTech: Essential Best Practices, and How to Support Them
Agile in MedTech: Essential Best Practices, and How to Support ThemIntland Software GmbH
 
How to Achieve Gapless End-to-End Traceability in Hardware and Software Devel...
How to Achieve Gapless End-to-End Traceability in Hardware and Software Devel...How to Achieve Gapless End-to-End Traceability in Hardware and Software Devel...
How to Achieve Gapless End-to-End Traceability in Hardware and Software Devel...Intland Software GmbH
 
IoT Development; Managing hardware and software Development
IoT Development; Managing hardware and software DevelopmentIoT Development; Managing hardware and software Development
IoT Development; Managing hardware and software DevelopmentIntland Software GmbH
 
Agile Development And Medtech
Agile Development And MedtechAgile Development And Medtech
Agile Development And MedtechRobert Ginsberg
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systemsevatjohnson
 
ISO 62304 & TIR 45
ISO 62304 & TIR 45ISO 62304 & TIR 45
ISO 62304 & TIR 45Havas Lynx Group
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
 
Security Testing
Security TestingSecurity Testing
Security TestingPratham Software (PSI)
 
TÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architecturesTÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architecturesTorben Haagh
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsOak Systems
 
IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management MethodSense, Inc.
 
Iso26262 component reuse_webinar
Iso26262 component reuse_webinarIso26262 component reuse_webinar
Iso26262 component reuse_webinarمحمدعبد الحى
 
Software controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilitySoftware controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilityASQ Reliability Division
 
Understand Reliability Engineering, Scope, Use case, Methods, Training
Understand Reliability Engineering, Scope, Use case, Methods, TrainingUnderstand Reliability Engineering, Scope, Use case, Methods, Training
Understand Reliability Engineering, Scope, Use case, Methods, TrainingBryan Len
 
FDA software compliance 2016
FDA software compliance 2016FDA software compliance 2016
FDA software compliance 2016Engineering Software Lab
 
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)Dimitrios Platis
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
Framework for Safety Critical System Software
Framework for Safety Critical System SoftwareFramework for Safety Critical System Software
Framework for Safety Critical System Softwareijtsrd
 
Death by documentation - Medical Device Development Challenges
Death by documentation - Medical Device Development ChallengesDeath by documentation - Medical Device Development Challenges
Death by documentation - Medical Device Development ChallengesAligned AG
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlcAvancercorp
 
Static Analysis and the FDA Guidance for Medical Device Software
Static Analysis and the FDA Guidance for Medical Device SoftwareStatic Analysis and the FDA Guidance for Medical Device Software
Static Analysis and the FDA Guidance for Medical Device SoftwareErika Barron
 
Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Jonah Kowall
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical DeviceOrthogonal
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
MDG Agile for Medical Device Software
MDG Agile for Medical Device SoftwareMDG Agile for Medical Device Software
MDG Agile for Medical Device SoftwareMike Attili
 
20140311 cisec-automotive systems
20140311 cisec-automotive systems20140311 cisec-automotive systems
20140311 cisec-automotive systemsCISEC
 
Industrialization of Android Development (Concept)
Industrialization of Android Development (Concept)Industrialization of Android Development (Concept)
Industrialization of Android Development (Concept)Mohamed TAIEB
 
How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsHow to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsIntland Software GmbH
 

Contenu connexe

Tendances

TÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architecturesTÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architecturesTorben Haagh
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsOak Systems
 
IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management MethodSense, Inc.
 
Software controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilitySoftware controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilityASQ Reliability Division
 
Understand Reliability Engineering, Scope, Use case, Methods, Training
Understand Reliability Engineering, Scope, Use case, Methods, TrainingUnderstand Reliability Engineering, Scope, Use case, Methods, Training
Understand Reliability Engineering, Scope, Use case, Methods, TrainingBryan Len
 
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)Dimitrios Platis
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
Framework for Safety Critical System Software
Framework for Safety Critical System SoftwareFramework for Safety Critical System Software
Framework for Safety Critical System Softwareijtsrd
 
Death by documentation - Medical Device Development Challenges
Death by documentation - Medical Device Development ChallengesDeath by documentation - Medical Device Development Challenges
Death by documentation - Medical Device Development ChallengesAligned AG
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlcAvancercorp
 
Static Analysis and the FDA Guidance for Medical Device Software
Static Analysis and the FDA Guidance for Medical Device SoftwareStatic Analysis and the FDA Guidance for Medical Device Software
Static Analysis and the FDA Guidance for Medical Device SoftwareErika Barron
 
Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Jonah Kowall
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical DeviceOrthogonal
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
MDG Agile for Medical Device Software
MDG Agile for Medical Device SoftwareMDG Agile for Medical Device Software
MDG Agile for Medical Device SoftwareMike Attili
 

Tendances (19)

TÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architecturesTÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architectures
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple Standards
 
IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management
 
Iso26262 component reuse_webinar
Iso26262 component reuse_webinarIso26262 component reuse_webinar
Iso26262 component reuse_webinar
 
Software controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilitySoftware controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliability
 
Understand Reliability Engineering, Scope, Use case, Methods, Training
Understand Reliability Engineering, Scope, Use case, Methods, TrainingUnderstand Reliability Engineering, Scope, Use case, Methods, Training
Understand Reliability Engineering, Scope, Use case, Methods, Training
 
FDA software compliance 2016
FDA software compliance 2016FDA software compliance 2016
FDA software compliance 2016
 
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
Framework for Safety Critical System Software
Framework for Safety Critical System SoftwareFramework for Safety Critical System Software
Framework for Safety Critical System Software
 
Death by documentation - Medical Device Development Challenges
Death by documentation - Medical Device Development ChallengesDeath by documentation - Medical Device Development Challenges
Death by documentation - Medical Device Development Challenges
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlc
 
Static Analysis and the FDA Guidance for Medical Device Software
Static Analysis and the FDA Guidance for Medical Device SoftwareStatic Analysis and the FDA Guidance for Medical Device Software
Static Analysis and the FDA Guidance for Medical Device Software
 
Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical Device
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)
 
MDG Agile for Medical Device Software
MDG Agile for Medical Device SoftwareMDG Agile for Medical Device Software
MDG Agile for Medical Device Software
 

En vedette

20140311 cisec-automotive systems
20140311 cisec-automotive systems20140311 cisec-automotive systems
20140311 cisec-automotive systemsCISEC
 
Industrialization of Android Development (Concept)
Industrialization of Android Development (Concept)Industrialization of Android Development (Concept)
Industrialization of Android Development (Concept)Mohamed TAIEB
 
How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsHow to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsIntland Software GmbH
 
20150317 cisec-automotive systems-h-foligne
20150317 cisec-automotive systems-h-foligne20150317 cisec-automotive systems-h-foligne
20150317 cisec-automotive systems-h-foligneCISEC
 
Automation of car using embedded syatem
Automation of car using embedded syatemAutomation of car using embedded syatem
Automation of car using embedded syatemJEEVA ARAVINTH
 
ECU Verification & Validation
ECU Verification & ValidationECU Verification & Validation
ECU Verification & ValidationShankar Akella
 
Embedded system-in-automobile
Embedded system-in-automobileEmbedded system-in-automobile
Embedded system-in-automobileSiddharth Sanskar
 
Embedded System in Automobiles
Embedded System in Automobiles Embedded System in Automobiles
Embedded System in Automobiles Seminar Links
 
Carbon Foam Military Applications
Carbon Foam Military ApplicationsCarbon Foam Military Applications
Carbon Foam Military ApplicationsSeminar Links
 
Embedded system in automobile
Embedded system in automobileEmbedded system in automobile
Embedded system in automobileAali Aalim
 
ppt on embedded system
ppt on embedded systemppt on embedded system
ppt on embedded systemmanish katara
 
Embedded system in automobile
Embedded system in automobile Embedded system in automobile
Embedded system in automobile Swaraj Nayak
 

En vedette (15)

20140311 cisec-automotive systems
20140311 cisec-automotive systems20140311 cisec-automotive systems
20140311 cisec-automotive systems
 
Industrialization of Android Development (Concept)
Industrialization of Android Development (Concept)Industrialization of Android Development (Concept)
Industrialization of Android Development (Concept)
 
How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsHow to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded Systems
 
20150317 cisec-automotive systems-h-foligne
20150317 cisec-automotive systems-h-foligne20150317 cisec-automotive systems-h-foligne
20150317 cisec-automotive systems-h-foligne
 
Automation of car using embedded syatem
Automation of car using embedded syatemAutomation of car using embedded syatem
Automation of car using embedded syatem
 
ECU Verification & Validation
ECU Verification & ValidationECU Verification & Validation
ECU Verification & Validation
 
Embedded system-in-automobile
Embedded system-in-automobileEmbedded system-in-automobile
Embedded system-in-automobile
 
Embedded System in Automobiles
Embedded System in Automobiles Embedded System in Automobiles
Embedded System in Automobiles
 
Carbon Foam Military Applications
Carbon Foam Military ApplicationsCarbon Foam Military Applications
Carbon Foam Military Applications
 
Wireless Charging
Wireless ChargingWireless Charging
Wireless Charging
 
Embedded system in automobile
Embedded system in automobileEmbedded system in automobile
Embedded system in automobile
 
ppt on embedded system
ppt on embedded systemppt on embedded system
ppt on embedded system
 
Embedded system in automobile
Embedded system in automobile Embedded system in automobile
Embedded system in automobile
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive
 
Embedded System Basics
Embedded System BasicsEmbedded System Basics
Embedded System Basics
 

Similaire à 20140121 cisec-safety criticalsoftwaredevelopment

Managing securityforautomotivesoc
Managing securityforautomotivesocManaging securityforautomotivesoc
Managing securityforautomotivesocPankaj Singh
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Vincenzo De Florio
 
WESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV TaguchiWESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV TaguchiKenji Taguchi
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
ConnectedAutos-Kymeta-7498-WP
ConnectedAutos-Kymeta-7498-WPConnectedAutos-Kymeta-7498-WP
ConnectedAutos-Kymeta-7498-WPGreg Harms
 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationISA Boston Section
 
Case-Based Reasoning for the Evaluation of Safety Critical Software. Applicat...
Case-Based Reasoning for the Evaluation of Safety Critical Software. Applicat...Case-Based Reasoning for the Evaluation of Safety Critical Software. Applicat...
Case-Based Reasoning for the Evaluation of Safety Critical Software. Applicat...IJERDJOURNAL
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testingAxel Rennoch
 
Impacts of integrated safety on machine and plant concepts
Impacts of integrated safety on machine and plant conceptsImpacts of integrated safety on machine and plant concepts
Impacts of integrated safety on machine and plant conceptsNinad Deshpande
 
Safety Verification and Software aspects of Automotive SoC
Safety Verification and Software aspects of Automotive SoCSafety Verification and Software aspects of Automotive SoC
Safety Verification and Software aspects of Automotive SoCPankaj Singh
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringVincenzo De Florio
 
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...IRJET Journal
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryTechWell
 
Overview of software reliability engineering
Overview of software reliability engineeringOverview of software reliability engineering
Overview of software reliability engineeringAnn Marie Neufelder
 
T89 introductiontofunctionalsafetyformachinery
T89 introductiontofunctionalsafetyformachineryT89 introductiontofunctionalsafetyformachinery
T89 introductiontofunctionalsafetyformachineryVo Quoc Hieu
 
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaT06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaVo Quoc Hieu
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security applicationRihab Chebbah
 

Similaire à 20140121 cisec-safety criticalsoftwaredevelopment (20)

Managing securityforautomotivesoc
Managing securityforautomotivesocManaging securityforautomotivesoc
Managing securityforautomotivesoc
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
 
WESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV TaguchiWESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV Taguchi
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
 
ConnectedAutos-Kymeta-7498-WP
ConnectedAutos-Kymeta-7498-WPConnectedAutos-Kymeta-7498-WP
ConnectedAutos-Kymeta-7498-WP
 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL Certification
 
Case-Based Reasoning for the Evaluation of Safety Critical Software. Applicat...
Case-Based Reasoning for the Evaluation of Safety Critical Software. Applicat...Case-Based Reasoning for the Evaluation of Safety Critical Software. Applicat...
Case-Based Reasoning for the Evaluation of Safety Critical Software. Applicat...
 
Asim abdulkhaleq final phd dissertation defense
Asim abdulkhaleq final phd dissertation defenseAsim abdulkhaleq final phd dissertation defense
Asim abdulkhaleq final phd dissertation defense
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testing
 
Impacts of integrated safety on machine and plant concepts
Impacts of integrated safety on machine and plant conceptsImpacts of integrated safety on machine and plant concepts
Impacts of integrated safety on machine and plant concepts
 
Safety Verification and Software aspects of Automotive SoC
Safety Verification and Software aspects of Automotive SoCSafety Verification and Software aspects of Automotive SoC
Safety Verification and Software aspects of Automotive SoC
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems Engineering
 
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
 
Control systems
Control systemsControl systems
Control systems
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
Overview of software reliability engineering
Overview of software reliability engineeringOverview of software reliability engineering
Overview of software reliability engineering
 
T89 introductiontofunctionalsafetyformachinery
T89 introductiontofunctionalsafetyformachineryT89 introductiontofunctionalsafetyformachinery
T89 introductiontofunctionalsafetyformachinery
 
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaT06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
 
Audit and security application
Audit and security applicationAudit and security application
Audit and security application
 

Plus de CISEC

20150127 cisec-aeoro spacesystems-jp-blanquart-ptraverse
20150127 cisec-aeoro spacesystems-jp-blanquart-ptraverse20150127 cisec-aeoro spacesystems-jp-blanquart-ptraverse
20150127 cisec-aeoro spacesystems-jp-blanquart-ptraverseCISEC
 
20150122 cisec mbsa-lismma
20150122 cisec mbsa-lismma20150122 cisec mbsa-lismma
20150122 cisec mbsa-lismmaCISEC
 
20140610 cisec-antescofo
20140610 cisec-antescofo20140610 cisec-antescofo
20140610 cisec-antescofoCISEC
 
20140425 cisec-human factor-f-reuzeau
20140425 cisec-human factor-f-reuzeau20140425 cisec-human factor-f-reuzeau
20140425 cisec-human factor-f-reuzeauCISEC
 
20140318 cisec-critical-hmi
20140318 cisec-critical-hmi20140318 cisec-critical-hmi
20140318 cisec-critical-hmiCISEC
 
20140218 cisec-emc-in-aeronautics
20140218 cisec-emc-in-aeronautics20140218 cisec-emc-in-aeronautics
20140218 cisec-emc-in-aeronauticsCISEC
 
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraftCISEC
 
20140128 cisec-continental-automotive-electronics-development-and-assurance
20140128 cisec-continental-automotive-electronics-development-and-assurance20140128 cisec-continental-automotive-electronics-development-and-assurance
20140128 cisec-continental-automotive-electronics-development-and-assuranceCISEC
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastrucCISEC
 

Plus de CISEC (9)

20150127 cisec-aeoro spacesystems-jp-blanquart-ptraverse
20150127 cisec-aeoro spacesystems-jp-blanquart-ptraverse20150127 cisec-aeoro spacesystems-jp-blanquart-ptraverse
20150127 cisec-aeoro spacesystems-jp-blanquart-ptraverse
 
20150122 cisec mbsa-lismma
20150122 cisec mbsa-lismma20150122 cisec mbsa-lismma
20150122 cisec mbsa-lismma
 
20140610 cisec-antescofo
20140610 cisec-antescofo20140610 cisec-antescofo
20140610 cisec-antescofo
 
20140425 cisec-human factor-f-reuzeau
20140425 cisec-human factor-f-reuzeau20140425 cisec-human factor-f-reuzeau
20140425 cisec-human factor-f-reuzeau
 
20140318 cisec-critical-hmi
20140318 cisec-critical-hmi20140318 cisec-critical-hmi
20140318 cisec-critical-hmi
 
20140218 cisec-emc-in-aeronautics
20140218 cisec-emc-in-aeronautics20140218 cisec-emc-in-aeronautics
20140218 cisec-emc-in-aeronautics
 
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
 
20140128 cisec-continental-automotive-electronics-development-and-assurance
20140128 cisec-continental-automotive-electronics-development-and-assurance20140128 cisec-continental-automotive-electronics-development-and-assurance
20140128 cisec-continental-automotive-electronics-development-and-assurance
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc
 

Dernier

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingSelcen Ozturkcan
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Dernier (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

20140121 cisec-safety criticalsoftwaredevelopment

  • 1. Seminar CISEC 2013/2014 Software for embedded safety critical systems Toulouse, january 2014 Hugues Bonnin
  • 2. cisec Plus d’information à http://asso-cisec.org 2013-2014 Le lundi mardi, de 17h à 19h Série de Conférences Ingénierie des systèmes embarqués critiques 1- Introduction, systèmes critiques Aéronautique (P. Traverse, Airbus, 18/11/2013) Espace (JP. Blanquart, Astrium, 25/11/2013) Automobile (H. Foligné, Continental Automotive, 2/12/2013 Reportée, date à fixer) 2- Sûreté, historique Histoire de la sécurité du Concorde à l’A380 (JP. Heckmann, Apsys, 9/12/2013) Comparaison de normes de sûreté (JP. Blanquart, Astrium, JM. Astruc, Continental, 16/12/2013) 3- Développement logiciel, assurance (H. Bonnin, Capgemini, 21/1/2014) 4- Développement matériel, assurance Automobile (JP. Loncle, Continental, 28/1/2014) Aéronautique (P. Pons, Airbus, 11/2/2014) 5- Intégration système et compatibilité électromagnétique (JC. Gautherot, DGA) Partie 1, 18/2/2014 Partie 2, 25/2/2014 6- Interactions homme-système (F, Reuzeau, Airbus, P. Palanque, IRIT, 18/3/2014) 7- Chaîne de production d’électronique pour l’automobile (Continental, 25/3/2014) 8- Diagnostic et maintenance de systèmes (Actia, 1/4/2014) 9- Systèmes autonomes dans les transports (drones, aide à la conduite automobile) (ONERA, Continental, 8/4/2014) 10- Les systèmes domotiques (R. Alami, LAAS, 15/4/2014)
  • 3. Abstract Software occupy an increasingly prominent place in the critical embedded systems : their size and complexity is increasing , while their criticality also continues to rise. In this context, how the aeronautical, space , automotive, industrial domains are facing these challenges ? Application of international standards is essential to define the scope of practices recognized by the community as " state of the art " in terms of producing safety critical software . What are these practices, the principles on which they are built ? Starting with (re)defining the concept of software criticality and placing this concept in the whole system, then we will try to answer all these questions. During this presentation , we will illustrate the point with examples from aeronautics, air traffic control , space , automotive or railway . Finally, we will take a look at some trends , particularly through standards recently released . Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 3
  • 4. Contents 1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 4
  • 5. 1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 5
  • 6. Principles : software is everywhere Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 6
  • 7. Principles : software complexity increases Software Size 1000000 1 GLOC - A380 100000 12MB A330/A340 5MB - A320 2MB - A310 10000 1000 200KB - A300FF 100 23KB - A300B 10 4KB - Concorde 1 1960 1970 1980 1990 2000 2010 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 7
  • 8. Principles : “brain juice”  Software is not material, it’s only « brain juice »…  It is a result of engineering, but without any physical manufacturing  At most it is a formalization understandable by machines.  As software is not physical, there is no real failure, but only errors. So, how to deal with that sort of problem ? How to kill bugs ? Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 8
  • 9. Principles : the bibles DO178(B,C) /ED12(B,C) ISO 26262-chap6 … ECSS-Q-ST-80-C EN50128 ED153 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 9
  • 10. 1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 10
  • 11. Regulation & Standards short story ICAO Navigabilité CS25 SES Circulation Aérienne EC 482/2008 CS25-1309 ARP-4754 DO178(B,C) DO-278(-,A) (See course chapter 2 « standards ») Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 11
  • 12. 1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 12
  • 13. Level and system : assurance level definition  Embedded software is part of a system, which is submitted to safety analysis, and for which is assigned a safety objective (i.e. a maximum frequence of failure) linked to the criticality. (See course chapter 1 « avionic systems »)  Standards establishes a relationship between this criticality and the level of « severity » to which the software has to be developped  This relationship is more or less direct (depending on domain/standard) : Effect severity class Hazardous A Serious incident Major incident Significant incident 1 2 3 4 SWAL1 SWAL2 SWAL3 SWAL4 Possible Catastrophic Software level Accident Very Possible Criticallity SWAL2 SWAL3 SWAL3 SWAL4 Unlikely SWAL3 SWAL3 SWAL4 SWAL4 Very Unlikely SWAL4 SWAL4 SWAL4 SWAL4 likelyhood of generating such an effect B Major C Minor D DO178(B,C) approach ED153 approach Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 13
  • 14. Level and System : different scales of level CNS/ATM ESARR, SAM, ECxx SWAL 1 SWAL 2 SWAL 3 SWAL 4 CNS/ATM ED109/ DO278 AL 1 AL 2 AL 3 AL 4 AL 5 AL 6 Aeronautical embedded software ED12B/ DO178B A B C other domains (nuclear, railway...) IEC 61508, EN 50128... SIL 4 SIL 3 SIL 2 D E SIL 1 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 14
  • 15. Level and System : « feedback » to system level EAR/JAR/FAR Airworthiness requirements System Operational requirements SYSTEM LIFE CYCLE PROCESSES System Safety Assessment Process System Requirements Allocated to S/W S/W levels Design Constraints Derived Requirements Error Sources Identified/Eliminated Partitioning, ROM, RAM size, CPU, redundancy SOFTWARE LIFE CYCLE PROCESSES DO178(B,C) approach Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 15
  • 16. Level and system : examples of software level  EN50128/SIL4 : Railway odometer of ERTMS  DO178B/Level B : BSCU  DO178B/Level C : FMS  ED109*/AL 4 : Display in ATM Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 16
  • 17. 1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 17
  • 18. Standards : ground principles  Air Traffic Management regulation (ESARR6, and EC 482/2008), defines 4 General Safety Requirements :     Software requirements management Software implementation satisfy its requirements Software requirements traceability Software configuration management • NB : a 5th is added : no function which adversely affect safety  All these requirements are inherent in each standards of software development in aeronautics, the principle is « to be sure that the software is really what you want, and only what you want, at any time of its lifecycle » Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 18
  • 19. Standards : ground principles Requirements Verification Verification measure Implementation  Requirements, Verification, Traceability Development Activity Verification Activity Verification of Verification Traceability Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 19
  • 20. Standards : ground principles spec. test spec. test spec. test spec. test cov. cov. cov. implem. cov. implem. implem. space implem. space  Requirements, Verification, Traceability, Configuration management Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 20
  • 21. Standards : ground principles Reason theory, the « swiss cheese » Rules, Controls Initial event Errors -Design -Operations -Maintenance incident accident Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 21
  • 22. Standards : processes  « Cheese Slices Principle » in standards like DO178B Development Verification Verification of Verification Configuration Management Quality Certification Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 22
  • 23. Standards : processes Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 23
  • 24. Standards : processes System Requirements A3-2 Accuracy&Consistency A3-3 HW Compatiblity A3-4 Verifiability A3-1 Compliance A2-1,2 A3-6 Traceability A3-5 Conformance A3-7 Algorithm Accuracy High Level Requirements A4-8 Compatibility A4-9 Consitency A4-10 HW Compatiblity A4-11 Verifiability A4-12 Conformance A4-13 Partition Integrity A4-1 Compliance A4-6 Traceability A2-3,4,5 Software Architecture A5-2 Compliance A5-3 Verifiability A5-4 Conformance A5-6 Accuracy&Consitency Low Level Requirements A2-6 Source Code A5-7 Complete & Correct A2-7 A6-5 HW Compatiblity DO178B « christmas tree » Executable Object Code A4-2 A4-3 A4-4 A4-5 A4-7 Accuracy&Consistency HW Compatiblity Verifiability Conformance Algorithm Accuracy A5-1 Compliance A5-5 Traceability A6-1 Compliance A6-2 Robustness A6-3 Compliance A6-4 Robustness A7-1 Tests Correct A7-2 Results Correct A7-3,4 Reqs Coverage A7-5..8 Struct. Coverage Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 24
  • 25. Standards : requirement processes  Requirements ellicitation, definition, refinement, is key in all standards  Granularity is hard to define, but fundamental for the total effort needed for the product  Example of ATM, where this point is not clearly defined Visibility depth Traceability links SWAL4 specifications SWAL3 architecture design SWAL2 code SWAL1 executable Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 25
  • 26. Standards : design processes  Architecture has to be as simple as possible, to be demonstrable  For example, determinism allows to show, easily, that resources are sufficient It allows to prove, to show (even not formaly) It gives confidence Basics of « certification »  General principles are written, but no recommanded practices or solution are given  In DO178B/C activities (design, coding), to show that resources are sufficient (CPU, space) Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 26
  • 27. Standards : coding processes  Programming languages can be used (using their compiler) ; constraints on them are more or less strong :  EN50128 imposes languages characteristics depending on level : ex. « strong typing language » for SIL 4  DO178B gives no recommandation : there is no difference between Ada usage, and assembly usage. • Theoritically, quite all languages can be used, given some « extra demonstration » is done • for level A, demonstration of « direct traceability » bw exec. code and source code (tricky) • NB : formal languages (like SCADE) not considered as programming languages, but specification languages  Coding rules are imposed : to « filter » the « bad practices » (i.e. risky ones) Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 27
  • 28. Standards : verification processes (1/2)  Verification is fundamental  Several forms of verifications are accepted  Tests are the most accepted  But analysis and reviews are sometimes mandatory too (see « Christmas tree » of DO178B) • Peer reviews • Formal reviews • Demonstrations by analysis : – example : response times, WCET Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 28
  • 29. Standards : verification processes (2/2)  Standards defines « high level tests », « low level tests »…  => in fact, it depends of the requirement level the test is aimed to cover  DO178 imposes that only requirement based tests are recognized (no structural testing)  Note that it inderectly answers to the problem of requirements granularity Direct link requirement/ structure Requirement Req. test Struct. Coverage test mesurement Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 29
  • 30. Standards : composition (=> reuse)  Aeronautic : IMA (Integrated Modular Approach) (=> DO 297)  Principles are to make independant tests at each level + integration tests with the whole system Applicative Module Applicative Module  Problem of « Java Virtual Machine » : sort of composition ; it is helped by DO-332 (one of the DO178-C supplement) with Java (an extra-code) Applicative Module  To mix different assurance level  Platform has to be developped at highest Applicative Module  To communalise hardware and HW dependant software Executive (RTOS, BSP) Hardware Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 30
  • 31. Standards : COTS (=> reuse)  COTS (Commercial On The Shelf) problem  By definition, not very compatible with the « show me how you work and I will be confident » principle : the processes are often « black boxes »  Two solutions :  Either the vendor is interested by direct application of standards to its processes • Its COTS become a « normal certifiable software »  Either the COTS is really not compliant to the processes transparency principle • Alternative means should be found : Very difficult to be standardised (see DO278A working group history…). Alternative methods DO278A Example Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 31
  • 32. 1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 32
  • 33. Industrialization  All the processes imposed by standards demands efforts  Reproductibility of processes are demanded  Certification principles ask for proofs  => solution to productivity, reproductibility and provability is to have as more as possible tooled and automated processes. Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 33
  • 34. Industrialization : Capgemini example Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 34
  • 35. Qualification des outils (1/2) Specification Design Code Specification Executable Design Tool Qualified Tool Certification Efforts Transfert Code Certification Credit Development Activity Verification Activity Verification of Verification Executable Development Tool Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 35
  • 36. Qualification des outils (2/2) Specification Certification Efforts Transfert Design Code Specification Executable Design Tool Qualified Tool Certification Credit Development Activity Verification Activity Verification of Verification Code Executable Qualified Verification Tool for embedded safety critical systems | january 2014 Software Copyright © Capgemini 2014. All Rights Reserved 36
  • 37. 1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 37
  • 38. Contents 1- Software confidence principles : a brain and cheese story Page 5 2 - Regulation, Standards Page 10 3 - Assurance level (SWAL, AL, SIL…) and System relationship Page 12 4 - Common rules Page 17 5 - Industrial and tooled processes Page 33 6 - Conclusion Page 39 Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 38
  • 39. Conclusion  Formal methods will (or not) enter into processes ?  EN50128 make them mandatory for a long time  DO178-C formal Method Supplement (DO333) introduce them precisely in aeronautic  What about COTS, intensive reuse, etc. vs safety constraints ?  Cf Hardware COTS problems (example of batteries….)  Is there a schism between software approaches for safety critical software and « normal? » software ? Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 39
  • 40. The end Thank you. Any question ? Hugues Bonnin Critical Software Consultant hugues.bonnin@capgemini.com Software for embedded safety critical systems | january 2014 Copyright © Capgemini 2014. All Rights Reserved 40
  • 41. About Capgemini With more than 120,000 people in 40 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2011 global revenues of EUR 9.7 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business ExperienceTM, and draws on Rightshore ®, its worldwide delivery model. Rightshore® is a trademark belonging to Capgemini www.capgemini.com The information contained in this presentation is proprietary. © 2012 Capgemini. All rights reserved.