Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618569
Roymond S. C. Shanahan
This paper addresses opportunities to apply the ECBS discipline and reuse technology in the DoD information systems development environment and identifies relevant on-going initiatives. The application of ECBS principles, in concert with the reuse of processes, architectures, information, methods, and tools within DoD application domains or product lines, has the potential to significantly reduce DoD systems development costs.
{"title":"Applying engineering of computer-based systems (ECBS) and product line center (PLC) approaches to the development of mission critical systems for the Department of Defense (DoD)","authors":"Roymond S. C. Shanahan","doi":"10.1109/HASE.1996.618569","DOIUrl":"https://doi.org/10.1109/HASE.1996.618569","url":null,"abstract":"This paper addresses opportunities to apply the ECBS discipline and reuse technology in the DoD information systems development environment and identifies relevant on-going initiatives. The application of ECBS principles, in concert with the reuse of processes, architectures, information, methods, and tools within DoD application domains or product lines, has the potential to significantly reduce DoD systems development costs.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122448482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618568
J. Voas, F. Charron, K. Miller
At the 1995 Computer Assurance (COMPASS) conference, Voas and Miller (1995) presented a technique for assessing the failure tolerance of a program when the program was executing in unlikely modes (with respect to the expected operational profile). In that paper, several preliminary algorithms were presented for inverting operational profiles to more easily distinguish the unlikely modes of operation from the likely modes. This paper refines the original algorithms. It then demonstrates the new algorithms being used in conjunction with a failure tolerance assessment technique on two small programs.
{"title":"Investigating rare-event failure tolerance: reductions in future uncertainty","authors":"J. Voas, F. Charron, K. Miller","doi":"10.1109/HASE.1996.618568","DOIUrl":"https://doi.org/10.1109/HASE.1996.618568","url":null,"abstract":"At the 1995 Computer Assurance (COMPASS) conference, Voas and Miller (1995) presented a technique for assessing the failure tolerance of a program when the program was executing in unlikely modes (with respect to the expected operational profile). In that paper, several preliminary algorithms were presented for inverting operational profiles to more easily distinguish the unlikely modes of operation from the likely modes. This paper refines the original algorithms. It then demonstrates the new algorithms being used in conjunction with a failure tolerance assessment technique on two small programs.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"88 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121906008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618555
D. MacPherson
The Mk48 ADCAP torpedo is the US Navy's premier heavyweight submarine-launched torpedo and is widely recognized as the world's most capable anti-submarine weapon. ADCAP is a wire-guided, thermal torpedo launched through the full submarine's depth and speed profile. Following ADCAP's initial fleet introduction in 1988, software upgrades were begun to improve torpedo performance in the presence of countermeasures, under the arctic ice canopy and against high speed submarine targets. The ADCAP program has produced an extremely reliable and capable weapon system through over 16 years of development. Since ADCAP is a software controlled weapon, most performance enhancements require no hardware modification, can be made quickly and at low cost. Obviously, software enhancements must undergo testing before fleet introduction. This paper describes the ADCAP torpedo, the problems encountered during development and current status of the Mk48 ADCAP torpedo testing program.
{"title":"Mk48 ADCAP torpedo high-assurance testing","authors":"D. MacPherson","doi":"10.1109/HASE.1996.618555","DOIUrl":"https://doi.org/10.1109/HASE.1996.618555","url":null,"abstract":"The Mk48 ADCAP torpedo is the US Navy's premier heavyweight submarine-launched torpedo and is widely recognized as the world's most capable anti-submarine weapon. ADCAP is a wire-guided, thermal torpedo launched through the full submarine's depth and speed profile. Following ADCAP's initial fleet introduction in 1988, software upgrades were begun to improve torpedo performance in the presence of countermeasures, under the arctic ice canopy and against high speed submarine targets. The ADCAP program has produced an extremely reliable and capable weapon system through over 16 years of development. Since ADCAP is a software controlled weapon, most performance enhancements require no hardware modification, can be made quickly and at low cost. Obviously, software enhancements must undergo testing before fleet introduction. This paper describes the ADCAP torpedo, the problems encountered during development and current status of the Mk48 ADCAP torpedo testing program.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124147675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618566
R. Paul, M. F. Khan, Shahab Baqai, A. Ghafoor
The use of multimedia technology can provide cost effective methods for management and dissemination of information, and thus increase economic efficiency. Distributed, networked multimedia information systems will be a critical component of technology-based information infrastructures in the future. Several ground breaking applications have already appeared, and more are expected to follow. Innovations in hardware and software are feeding this revolution. In this paper, the notion of quality for multimedia data transferred over the networks is developed. Multimedia data synchronization requirements are specified to ensure high quality delivery of multimedia information. Accordingly we propose synchronization techniques in a client server environment.
{"title":"Ensuring quality in distributed multimedia systems","authors":"R. Paul, M. F. Khan, Shahab Baqai, A. Ghafoor","doi":"10.1109/HASE.1996.618566","DOIUrl":"https://doi.org/10.1109/HASE.1996.618566","url":null,"abstract":"The use of multimedia technology can provide cost effective methods for management and dissemination of information, and thus increase economic efficiency. Distributed, networked multimedia information systems will be a critical component of technology-based information infrastructures in the future. Several ground breaking applications have already appeared, and more are expected to follow. Innovations in hardware and software are feeding this revolution. In this paper, the notion of quality for multimedia data transferred over the networks is developed. Multimedia data synchronization requirements are specified to ensure high quality delivery of multimedia information. Accordingly we propose synchronization techniques in a client server environment.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"191 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123747524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618607
Q. Shi, Ning Zhang
At present, security properties for components composition have two major shortcomings. First, they do not properly consider connectivity between components. This leads to the imposition of over strong security requirements on the components. Consequently their functionality and performance may be sacrificed unnecessarily. Secondly, these properties usually demand components and their system to comply with the same or compatible security requirements. This greatly restricts their applicability. To rectify these problems, we aim to present a composable security property that permits different components to meet different security requirements, and appropriately enforces the requirements on the components with regard to their connectivity.
{"title":"A general approach to secure components composition","authors":"Q. Shi, Ning Zhang","doi":"10.1109/HASE.1996.618607","DOIUrl":"https://doi.org/10.1109/HASE.1996.618607","url":null,"abstract":"At present, security properties for components composition have two major shortcomings. First, they do not properly consider connectivity between components. This leads to the imposition of over strong security requirements on the components. Consequently their functionality and performance may be sacrificed unnecessarily. Secondly, these properties usually demand components and their system to comply with the same or compatible security requirements. This greatly restricts their applicability. To rectify these problems, we aim to present a composable security property that permits different components to meet different security requirements, and appropriately enforces the requirements on the components with regard to their connectivity.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131269192","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618573
K.H. Kim, C. Subbaraman
An extension of the conventional object structuring approach, called the RTO.k object structuring approach, has been established as a unified scheme for object-oriented structuring of both real-time applications and non-real-time applications while enabling the system designer to provide design-time guarantees of timely service capabilities of the objects designed. In another area, the DRB/PSP scheme has been established as a concrete scheme for achieving scalable time-bounded fault tolerance in distributed and parallel computer systems. We present a new scheme called the primary-shadow (PS)-RTO.k replication (PSRR) scheme that integrates the RTO.k object structuring scheme and the basic principle of the DRB/PSP scheme. A partial validation of the PSRR scheme has been performed through incorporation of a simple version of the scheme into a defense application running on a PC LAN. This paper first introduces a new structuring rule that can be imposed on the RTO.k object structuring scheme in order to further simplify the task of the system designer in providing design-time guarantee of timely service capabilities of application systems. Thereafter, the core of the PSRR scheme, the basic operational rules and the basic structuring rules, are discussed.
{"title":"PSRR: a scheme for time-bounded fault tolerance in distributed object-based systems","authors":"K.H. Kim, C. Subbaraman","doi":"10.1109/HASE.1996.618573","DOIUrl":"https://doi.org/10.1109/HASE.1996.618573","url":null,"abstract":"An extension of the conventional object structuring approach, called the RTO.k object structuring approach, has been established as a unified scheme for object-oriented structuring of both real-time applications and non-real-time applications while enabling the system designer to provide design-time guarantees of timely service capabilities of the objects designed. In another area, the DRB/PSP scheme has been established as a concrete scheme for achieving scalable time-bounded fault tolerance in distributed and parallel computer systems. We present a new scheme called the primary-shadow (PS)-RTO.k replication (PSRR) scheme that integrates the RTO.k object structuring scheme and the basic principle of the DRB/PSP scheme. A partial validation of the PSRR scheme has been performed through incorporation of a simple version of the scheme into a defense application running on a PC LAN. This paper first introduces a new structuring rule that can be imposed on the RTO.k object structuring scheme in order to further simplify the task of the system designer in providing design-time guarantee of timely service capabilities of application systems. Thereafter, the core of the PSRR scheme, the basic operational rules and the basic structuring rules, are discussed.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"4 30","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132580060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618565
Victor L. Winter
As our society becomes more technologically complex, computers (and the software that they run) are being used in a potentially alarming number of high consequence safety-critical applications. When these systems fail, the outcome can be devastating. Formal methods provide what, by a growing number of experts, is considered to be the best approach to making the software construction process more reliable. What makes formal methods so attractive, from a reliability standpoint, is that one has the ability to conclude, with mathematical certainty, that a software component is correct. In this context, when we say a software component is correct, we mean it satisfies its formal specification. The paper discusses the problems of software reliability and the use of formal methods.
{"title":"Software on the edge","authors":"Victor L. Winter","doi":"10.1109/HASE.1996.618565","DOIUrl":"https://doi.org/10.1109/HASE.1996.618565","url":null,"abstract":"As our society becomes more technologically complex, computers (and the software that they run) are being used in a potentially alarming number of high consequence safety-critical applications. When these systems fail, the outcome can be devastating. Formal methods provide what, by a growing number of experts, is considered to be the best approach to making the software construction process more reliable. What makes formal methods so attractive, from a reliability standpoint, is that one has the ability to conclude, with mathematical certainty, that a software component is correct. In this context, when we say a software component is correct, we mean it satisfies its formal specification. The paper discusses the problems of software reliability and the use of formal methods.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133492843","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618567
V. Winter, J. M. Boyle
The construction of a high-assurance system requires some evidence, ideally a proof, that the system as implemented will behave as required. Direct proofs of implementations do not scale up well as systems become more complex and therefore are of limited value. In recent years, refinement-based approaches have been investigated as a means to manage the complexity inherent in the verification process. In a refinement-based approach, a high-level specification is converted into an implementation through a number of refinement steps. The hope is that the proofs of the individual refinement steps will be easier than a direct proof of the implementation. However, if stepwise refinement is performed manually, the number of steps is severly limited, implying that the size of each step is large. If refinement steps are large, then proofs of their correctness will not be much easier than a direct proof of the implementation. We describe an approach to refinement-based software development that is based on automatic application of refinements, expressed as program transformations. This automation has the desirable effect that the refinement steps can be extremely small and, thus, easy to prove correct. We give an overview of the TAMPR transformation system that we use for automated refinement. We then focus on some aspects of the semantic framework that we have been developing to enable proofs that TAMPR transformations are correctness preserving. With this framework proofs of correctness for transformations can be obtained with the assistance of an automated reasoning system.
{"title":"Proving refinement transformations for deriving high-assurance software","authors":"V. Winter, J. M. Boyle","doi":"10.1109/HASE.1996.618567","DOIUrl":"https://doi.org/10.1109/HASE.1996.618567","url":null,"abstract":"The construction of a high-assurance system requires some evidence, ideally a proof, that the system as implemented will behave as required. Direct proofs of implementations do not scale up well as systems become more complex and therefore are of limited value. In recent years, refinement-based approaches have been investigated as a means to manage the complexity inherent in the verification process. In a refinement-based approach, a high-level specification is converted into an implementation through a number of refinement steps. The hope is that the proofs of the individual refinement steps will be easier than a direct proof of the implementation. However, if stepwise refinement is performed manually, the number of steps is severly limited, implying that the size of each step is large. If refinement steps are large, then proofs of their correctness will not be much easier than a direct proof of the implementation. We describe an approach to refinement-based software development that is based on automatic application of refinements, expressed as program transformations. This automation has the desirable effect that the refinement steps can be extremely small and, thus, easy to prove correct. We give an overview of the TAMPR transformation system that we use for automated refinement. We then focus on some aspects of the semantic framework that we have been developing to enable proofs that TAMPR transformations are correctness preserving. With this framework proofs of correctness for transformations can be obtained with the assistance of an automated reasoning system.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115752850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618560
I. Yen
Over the past two decades, substantial research efforts have been devoted to the design and development of high assurance systems, including general approaches and specific systems. Researchers in fault tolerant systems have developed effective approaches to handle hardware and software failures and provide high system reliability and availability. Techniques for developing high assurance systems span a wide spectrum, ranging from informal to formal methods, from cost-effective to highly expensive approaches, and from ad-hoc to theoretically sound mechanisms. As an informal classification, the paper categorizes these techniques into the good, the bad, and the ugly.
{"title":"High assurance engineering: the good, the bad, and the ugly","authors":"I. Yen","doi":"10.1109/HASE.1996.618560","DOIUrl":"https://doi.org/10.1109/HASE.1996.618560","url":null,"abstract":"Over the past two decades, substantial research efforts have been devoted to the design and development of high assurance systems, including general approaches and specific systems. Researchers in fault tolerant systems have developed effective approaches to handle hardware and software failures and provide high system reliability and availability. Techniques for developing high assurance systems span a wide spectrum, ranging from informal to formal methods, from cost-effective to highly expensive approaches, and from ad-hoc to theoretically sound mechanisms. As an informal classification, the paper categorizes these techniques into the good, the bad, and the ugly.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126750701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618559
Ramkumar V. Pichai, J. E. Urban
Software validation is the process of checking whether the software performs as required. Validation assumes much importance in the case of high assurance (real time, reliable, safety critical, and secure) systems, us even a slight deviation from the desired behavior is unacceptable. Descartes is an executable specification language. Specifications in Descartes are validated through rapid prototyping. This paper explains a traceability approach for validating Booch object oriented designs against validated object oriented Descartes specifications. The CASE tool developed in support of the technique is also explained in brief.
{"title":"A technique for validating Booch object-oriented designs from extensions to the Descartes specification language","authors":"Ramkumar V. Pichai, J. E. Urban","doi":"10.1109/HASE.1996.618559","DOIUrl":"https://doi.org/10.1109/HASE.1996.618559","url":null,"abstract":"Software validation is the process of checking whether the software performs as required. Validation assumes much importance in the case of high assurance (real time, reliable, safety critical, and secure) systems, us even a slight deviation from the desired behavior is unacceptable. Descartes is an executable specification language. Specifications in Descartes are validated through rapid prototyping. This paper explains a traceability approach for validating Booch object oriented designs against validated object oriented Descartes specifications. The CASE tool developed in support of the technique is also explained in brief.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131510126","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: