SSRC has, in consultation with its current partners, identified key safety research focus areas for their potential impact on future research and industry practice. The targeted research areas covers a wide spectrum and specifically are,
The purpose of software reliability testing is finding software faults within the software system. Statistical Software Testing (SST) can serve as a method to (1) improve the quality of the software by removing software faults during the development of the software, (2) verify and validate the software by determining that its specifications are met and its outputs are correct and (3) estimate the dependability of the program by generating populations of failure data.
SSRC established the feasibility of using SST to estimate the dependability of complex industrial software. An initial validation of SST has been carried out on smart sensors of British Energy. New models are being explored to make this truly quantitative technique a wide-ranging and cost-effective solution to software safety assurance. SSRC is a recognised international leader in SST research.
Commercial-off-the-shelf (COTS) software based components are increasingly being included within complex safety critical systems. Therefore it is vital both to distinguish adequate software components from inadequate ones as well as to determine the effect of COTS software based components replacement on the overall system's dependability. Yet the know-how to construct dependable safety critical applications from dependable COTS software based components represents the ‘holy grail’ within the software engineering community.
SSRC has produced new software reliability models based on SST for assessing the dependability of safety critical applications assembled from COTS software-based component. It is currently working towards a widely applicable solution. Also SSRC is developing design techniques for enhancing fault tolerant COTS Software Wrappers, which include multi-wrappers and coded diagnostics, in order to maintain the dependability of safety critical systems after replacing COTS software-based components. Wrappers enable to replace one COTS software component within the safety critical system by another without significantly modifying the wrapper itself.
Software based safety critical systems are developed according to safety standards such as IEC61508. These standards require a safety case to support the dependability of the software used in safety critical systems. The evidence for the software safety justifications is generally measured in terms of Safety Integrity Level (SIL) or Development Assurance Level (DAL). However safety guidelines and standards can be very complicated and the safety arguments within them can be opaque. Both the interpretation of safety rules and arguments as well as how to apply them can be subjective and/or is left to the discretion of the safety responsible.
SSRC is building Bayesian Belief Network models which enable to simplify the understanding of the safety standards requirements and to guide effectively the user in their application, with particular reference to IEC61508. Such models can provide confidence measures or metrics that the safety standard has been applied correctly so to satisfy the regulators.
Complex systems are composed of diverse ‘hard’ and ‘soft’ parts that interact in nonlinear ways. System failures emerge from the interactions among these parts rather than the individual parts. System thinking approach provides a framework which enables to obtain new insights and better understanding in assessing the dependability of a complex system. A holistic systems’ approach strives for wholeness thus addressing the many facets of dependability of a complex system is an inherently interdisciplinary process.
SSRC is investigating potential tools which capture technical and non technical aspects of software related dependability as one integrated process.
‘Wicked’ systems are difficult to understand because of the many interlocking constraints existing among the parts. One way to design and analyse ‘wicked’ or complex systems is to use hierarchical modelling. According to this approach the ‘wickedness’ of the system is decomposed downwards into elementary parts on several hierarchical levels of detail. Each level in the hierarchy has its own ‘wickedness’ which cannot be derived from the degree of ‘wickedness’ of the lower level. Also this approach facilitates the integration within one approach of ‘hard’ and ‘soft’ evidence from disparate sources derived from instrumentation data through expert elicitation.
SSRC is demonstrating the feasibility of the hierarchical approach for structuring and assessing safety cases related to (a) non nuclear proliferation, (b) nuclear proliferation resistance, (c) oil and LNG carriers and (d) arms detection.
The use of computers in integrated complex systems is motivated by perceived improved safety and decreased human workload. These infusions of complexity are changing radically the nature of human-machine interactions in their computer-assisted monitoring and control activities. In most cases human factors related to human-machine interaction in safety-critical systems remains vital.
SSRC is collaborating with the Department of Experimental Psychology at Bristol University to investigate new forms of human-machine interaction which can minimise human failure within safety critical systems. These can be built into the design of safety-critical systems to make them more human error tolerant.
The underlying concept of software fault tolerance assumes that any system has unavoidable and undetectable software faults no matter how thoroughly the software has been debugged, modularised, verified and tested. Hence programming strategies to prevent or recover from software failures must be built within a complex safety critical system such that it can provide service even in the presence of software faults. Current programming strategies are classified as (1) N-Version Programming Scheme, (2) Recovery Block Scheme and (3) Self-Checking Version Scheme. Fault injection-based techniques are employed to assess the dependability of software based systems.
SSRC is actively involved in developing methods for improving software fault tolerance based on improved N-Version Programming Scheme with design techniques to increase inter-version diversity. These designs are assessed for their dependability by using fault injection techniques.
System safety is addressed under the assumptions that the way a critical safety system behaves is known exactly and that it processes only correct information and data. However behaviour can be partially unknown and information can be uncertain, i.e. corrupted, inaccurate, missing, incomplete or random. Because safety critical systems modify their behaviour based on the information they process it is important to assess their uncertainty tolerance, i.e. the capability of the system to continue providing the service despite the presence of uncertainty.
SSRC is beginning a new research strand for investigating how autonomous systems can contribute in making safety critical systems capable of performing appropriately even under uncertain circumstances. The methods and techniques found can offer considerable benefits in a wide range of safety critical engineering applications.