Separation of Concerns for Dependable Software Design Daniel - - PowerPoint PPT Presentation

separation of concerns for dependable software design
SMART_READER_LITE
LIVE PREVIEW

Separation of Concerns for Dependable Software Design Daniel - - PowerPoint PPT Presentation

Mar 12, 2024 582 likes •695 views

Separation of Concerns for Dependable Software Design Daniel Jackson and Eunsuk Kang MIT Nov 7 FoSER Workshop 2010 Achieving Dependability Traditional approach process + testing: necessary, but not sufficient * reliance on ex post

slide-1
SLIDE 1

Separation of Concerns for Dependable Software Design

Daniel Jackson and Eunsuk Kang MIT Nov 7⋅FoSER Workshop 2010

slide-2
SLIDE 2

Achieving Dependability

Traditional approach

  • process + testing: necessary, but not sufficient*
  • reliance on ex post facto analysis: too late?

Static analysis & verification

  • stronger guarantees, but need guidance
  • correctness proof ⇒ dependability

×

*D. Jackson, M. Thomas, and L. I. Millet. Software for Dependable Systems: Sufficient Evidence? The National Academies Press, Washington, DC, 2007.

slide-3
SLIDE 3

A Different Approach

Dependability case

  • explicit, end-to-end argument
  • ENV ∧ SPEC ⇒ REQ

Design for dependability

  • most critical requirements first
  • smaller trusted base ⇒ simpler case, lower cost
slide-4
SLIDE 4

Mixed-Criticality System

Many critical properties are partial

  • factor out from full functional requirements
  • ex. “perform good op X” vs. “prevent bad op Y”

Non-uniform allocation of resources

slide-5
SLIDE 5

Example: Online Bookstore

Two requirements

  • ordering: “fulfill a customer order”
  • secrecy: “don’t leak a customer’s credit card”
slide-6
SLIDE 6

Design Candidate

id address credit card shopping cart

  • rders

Customer ISBN title price reviews Book makeOrder books customer ShoppingCart number name expiry date Card charge CreditCardAPI fulfill date books customer Order

slide-7
SLIDE 7

Trusted Base for Secrecy

id address credit card shopping cart

  • rders

Customer ISBN title price reviews Book makeOrder books customer ShoppingCart number name expiry date Card charge CreditCardAPI fulfill date books customer Order Secrecy

slide-8
SLIDE 8

Alternative Design

id address shopping cart Customer ISBN title price reviews Book books customer ShoppingCart number name expiry date Card charge CreditCardAPI date entries customer id Order ISBN title price Entry cards: CustomerId -> Card Cards

  • rders: CustomerId -> Order

makeOrder fulfill Orders makeOrder fulfill Coordinator

slide-9
SLIDE 9

Reduced Trusted Base

Secrecy id address shopping cart Customer ISBN title price reviews Book books customer ShoppingCart number name expiry date Card charge CreditCardAPI date entries customer id Order ISBN title price Entry cards: CustomerId -> Card Cards

  • rders: CustomerId -> Order

makeOrder fulfill Orders makeOrder fulfill Coordinator

slide-10
SLIDE 10

Discussions

Dependability case

  • if you can’t say why it works, it probably doesn’t

Design for dependability

  • untapped potential; shift in research focus?

Our on-going research

  • design method for small trusted bases
  • case studies: Tokeneer, radiation therapy, e-voting