报告题目:复杂系统与软件安全性
报告人:John Mcdermid 教授
John Mcdermid 教授是英国皇家工程院院士,大英帝国勋章获得者,英国约克大学软件工程教授,计算机系首席研究员,IEE、BCS、ACM会员。英国凯时KB88可信性计算系统中心技术总监,劳斯莱斯公司技术指导。1996年带领的高完整性系统工程团队获英女王周年庆典奖。John McDermid教授的主要研究领域是高完整性计算机系统(High Integrity Computer Systems),目前已出版或编著专著6部,发表350余篇学术论文。在国际上享有极高的学术地位和国际声誉。他首创的方法广泛用于安全关键系统的开发和评估。目标结构表示方法(GSN)是开发安全性用例的事实标准。
报告时间:9月1日至9月3日 上午 9:00-12:00 下午 1:30-5:00
报告地点: 新主楼 会议中心 第二报告厅
内容简介:
The two lecture series will address specific aspects of the development and assurance of safety-critical systems, especially software-intensive systems. The lectures will be based on the assumption that the audience understands the basic concepts of safety and safety engineering. If this is not the case then an introductory lecture on these concepts could be presented. The two series are intended to be “stand alone” but it is preferable that series 1 precedes series 2 as this gives a better flow for those attending both series.
He will also give a separate public lecture intended for a more general audience.
Lecture Series 1: Safety-Critical Software Development
The lectures will cover some key concepts and principles of safety-critical software development and focus on the possibility of using agile methods in safety-critical applications. It will also consider industrial achievements. The lecture series will assume a basic knowledge of the concepts of software engineering.
Lecture 1: Principles, Concepts and Standards
The lecture will set out key concepts in achieving and assuring safety-critical software, particularly the notion of controlling and managing systematic causes of failure. It will also explain some basic principles that are believed to help in developing and assuring safety-critical software and compare these to what are found in some of the standards used in a range of industries.
Lecture 2: Agile Safety-Critical Software Development
The lecture will compare the “agile manifesto” with the principles for developing and assuring safety-critical software set out in the first lecture, and identify where they are in harmony or (apparently) in conflict. It will also propose some ways of resolving the conflicts to produce practical agile safety-critical software development processes.
Lecture 3: Achievements and Challenges
The lecture will summarise what is achieved in developing safety-critical software in terms of fault density and cost per line of code, considering a range of industries, but particularly aerospace. It will give an illustration of an agile safety-critical software development process, and finish by drawing out some challenges for the next generation of safety-critical systems development.?
Lecture Series 2: Safety Cases
In a number of domains, although not aerospace, it has become common to use safety cases as a way of expressing the rationale why a system is believed to be safe enough to deploy. The lectures will cover the key concepts of safety cases, address the issues of producing safety cases for software, and consider some more advanced issues, such as dealing with autonomy.
Lecture 1: Principles and Concepts
The lecture will set out the motivation for using safety cases, and introduce the key concepts of arguments and evidence used for structuring safety cases. Evidence is typically drawn from classical engineering activities, including safety engineering. The representation of arguments is less familiar as a concept; the lecture will consider some of the issues in presenting arguments and illustrate one particular graphical notation for expressing arguments.
Lecture 2: Software Safety Cases
The lecture will consider the key issues in justifying the safety of software in its system context. This will present argument patterns which address the key issues in assuring software safety in its system context, based on the principles articulated in the previous lecture series, including issues of validation of software safety requirements. It will also briefly consider the sorts of evidence needed to support safety arguments.
Lecture 3: Dependability, Autonomy, Systems of Systems and Other Challenges
The lecture will consider some current challenges in arguing about safety, including the need to make trade-offs with other properties, e.g. availability; this leads to the notion of dependability cases. Similarly the lecture will consider issues in arguing about the safety of autonomy and systems of systems both of which are emerging concerns, e.g. for unmanned air systems.
编辑:贾爱平