|Title||Model-Based Information Flow Analysis to Support Software Certification|
|Afilliation||Software Engineering, Software Engineering, Software Engineering|
|Project(s)||The Certus Centre (SFI)|
|Publication Type||Talk, keynote|
|Year of Publication||2014|
|Location of Talk||VSSE 2014 - Validation Strategies for Software Evolution, Grenoble, France|
The research presented in this talk is part of an ongoing industrial collaboration with Kongsberg Maritime (KM), one of the largest suppliers of maritime systems worldwide. The division that we work with specializes in computerized systems for safety monitoring and automatic corrective actions on unacceptable hazardous situations. The overall goal of the collaboration is to provide our partner with software analysis tooling that provides source based evidence to support software certification. In particular, we study a family of complex safety-critical embedded software systems that connect software control components to physical sensors and mechanical actuators. A frequently advocated approach to manage the development of such complex software systems is to compose them from reusable components, instead of starting from scratch. Components may be implemented in different programming languages and are tied together using configuration files, or glue code, defining instantiation, initialization and interconnections. Although correctly engineering the composition and configuration of components is crucial for the overall behavior, there is surprisingly little support for incorporating this information in the static verification and validation of these systems. Analyzing the properties of programs within closed code boundaries has been studied for some decades and is well-established. The presentation will discuss the techniques we developed to support analysis across the components of a component-based system. We build upon OMG's Knowledge Discovery Metamodel to reverse engineer fine-grained homogeneous models for systems composed of heterogeneous artifacts. Next, we track the information flow in these models using slicing, and apply several transformations that enable us to visualize the information flow at various levels of abstraction, trading off between scope and detail and aimed to serve both safety domain experts as well as developers. Our techniques are implemented in a prototype toolset that has been successfully used to answer software certification questions of our industrial partner.