DEVELOPMENT OF RELIABLE, SAFE AND SECURE SOFTWARE
Learning outcomes of the course unit
The ultimate goal of the course is to convey the basics of all the steps involved in the making of software with strong reliability, safety and security requirements, with a particular emphasys on critical embedded systems. Taking for granted software literacy in C/C++, the course covers software specification, design, coding and verification, all in the context of the software development processes prescribed by industry standards for the realization of safety- and security-related systems.
Knowledge and understanding
The course introduces important topics concerning the development of software in industry, especially in critical sectors. These topics are all the more important in that, in all graduate or post-graduate studies, they are often overlooked or limited to exposures of principle without any concrete connection with industrial reality. The course mentions the formal methods and their potential, but does not go into them (leaving their in-depth analysis to other courses with strong logical-mathematical prerequisites), aiming instead at understanding the relationship between costs and benefits of formal, semi-formal and informal methods applied to industrial contexts.
Applying knowledge and understanding
The knowledge presented is always applied to the resolution of specific problems. The course develops around a concrete example of embedded software chosen at the beginning of the course. For this example, students will attend (and compete to carry out) all stages of development, from the drafting of requirements to verification.
The course is developed around the requirements of the industrial functional-safety standards. These standards refer to specific objectives to be achieved and to division of roles (developers, verifiers, assessors and certification bodies) that do require independent judgment. In the end, it is not just a matter of achieving objectives, but of arguing for their adequacy and achievement in front of peers.
A consequence of what has already been said, is that the course makes pressing reference to the need for general precision and communicative clarity (for example, in drawing up the requirements). More specifically, the course teaches the basics of building structured arguments, supported by adequate evidence, which justify the fact that a system is acceptably safe for a given application in a given operating environment. These arguments (safety cases) require the refinement of the student's communication skills.
Almost all the teaching material has extra-university origin. If on the one hand this requires students to be highly flexible (in moving from one source to another, in the need to interpolate the information available in the various sources), on the other hand it stimulates them to practice the way of finding information and assimilating the concepts that will be a constant of their entire professional life.
Course contents summary
I. Reliability, safety and security in systems with software components
II. Software development processes and functional safety standards
III. Specification of high-level and low-level requirements
IV. Software design for critical systems
V. Coding for critical systems
VI. Software verification
Nancy G. Leveson. Engineering a Safer World: Systems Thinking Applied to Safety. The MIT Press, 2012. ISBN 978-0-262-01662-9.
Mauro Pezzè, Michal Young. Software Testing and Analysis: Process, Principles and Techniques. Wiley, 2008. ISBN 0471455938.
Michael Jackson. Software Requirements & Specifications: a lexicon of practice, principles and prejudices. ACM Press/Addison-Wesley, 1995. ISBN 978-0-201-87712-0.
FAA - Air Traffic Organization. Requirements Engineering Management Handbook. U.S. Department of Transportation, Federal Aviation Administration, 2009.
Derek M. Jones. Evidence-based Software Engineering (based on the publicly available data). http://www.knosof.co.uk/ESEUR/ESEUR-draft.pdf
Standard classes with assisted exercise sessions.
Assessment methods and criteria
Learning outcomes and methods of verification
Ability to carry out, with due competence, all phases of the development of a critical system. Understand the main requirements of the industrial standards for functional safety and how these affect all stages of the development process. Ability to argue, in front of peers of comparable competence and experience, the adequacy of the choices and results of each phase of the development process.
Learning assessment / examination
The exam consists of a final project followed by an oral interview. The project deliverables must be submitted at least 15 days before the date of the exam session in which the student wishes to be interviewed. The evaluation of the project deliverables is notified to the student at least 7 days before the exam session. In the event of a negative evaluation of the deliverables, the student has the option to improve and resubmit them (without changing the topic and specifications of the final project), always respecting the minimum distance of 15 days between the deliverables’ submission date and the date of the exam session in which the interview will take place.