Safety and Security Assurance for Engineering High Confidence Software in Information Systems

信息系统高可信软件工程的安全保障

• 批准号: RGPIN-2014-06499
• 负责人: Weber, Jens
• 金额: $ 2.84万
• 依托单位: University of Victoria
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2014
• 资助国家: 加拿大
• 起止时间: 2014-01-01 至 2015-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=567848
• 关键词: Safety; Security; Assurance; Engineering; Confidence

This discovery grant application is a continuation of my ongoing research program on security assurance in complex information system software, including an extended focus on safety. Software-based information systems (IS) are playing an increasingly critical role in knowledge-intensive industries, e.g., healthcare, defense, transport, energy, etc. Despite anticipated benefits of deploying and networking such systems, there has been mounting evidence on risks and hazards. Safety, Security and Privacy concerns are at the forefront of these concerns. Example hazards (in healthcare) include misdiagnosis and wrong treatment decisions and confidentiality breaches that may lead to identity theft, loss of reputation and livelihood.Given numerous cases were IS software faults caused harm or suffering, regulators and users have called for better software engineering practices. Comparisons are often made with more traditional industries that employ critical software for automation and control (e.g., manufacturing, transportation, and power generation) and have a higher degree of maturity when it comes to quality assurance.However, IS software is significantly different from automation and control software and the models, methods and tools established in these more traditional industries cannot simply be transferred to knowledge-intensive industries. In the light of these difficulties, regulators have shied away from a product-focussed approach to quality assurance and adopted a process-focussed strategy instead. In other words, rather than assessing direct evidence about safety and security of the IS software products, regulators focus on the software development processes employed in developing the product (indirect evidence). This approach has been criticized as ineffective by many researchers, e.g., Parnas: "A rational design process: How and why to fake it", Wassyng et al. "On Software Certification: We Need Product-Focused Approaches". The development of product-focussed software assurance methods is seen as an important research challenge and a prerequisite for enabling truly evidence-based software certification practices. The objective of my research program is to research and develop innovative models, methods and tools for generating product-focussed (direct, evidence-based) quality assurances for the safety and security of critical IS software. Specific objectives include the development of(1) a system-theoretic IS hazard model (SIHM) as a foundation to analyze safety & security concerns and discern software-induced incidents from environmental factors, e.g., human error;(2) methods to engineer high confidence IS software (and systems of systems) based on the foundational SIHM and conducive to product-focussed assurance; and(3) product-focussed methods to verify, validate and certify safety and security-related properties of high confidence IS software.Our scientific approach involves (1) theory-building using a mixed method approach, (2) reduced-scale prototyping as exploratory case studies and proofs of concepts , and (3) empirical studies of applying the proposed methods "at scale" to real-world IS software. We will primarily study healthcare IS but also other domains, e.g., defense, aviation.The proposed research will generate novel and high impact results that will enable software engineers and regulators (e.g., Health Canada) to implement safer IS software. The results will help save lives and avert harm from Canadians. Student trainees will play an important role. Students at all levels will be trained in a highly collaborative, team-based setting, with exposure to other disciplines as well industrial and academic collaborators. HQP with software assurance skills are in high demand in Canada.

这项发现拨款申请是我正在进行的复杂信息系统软件安全保证研究计划的继续，包括对安全的扩展关注。基于软件的信息系统(IS)在医疗、国防、交通、能源等知识密集型行业发挥着越来越重要的作用。尽管部署和联网此类系统预期会带来好处，但越来越多的证据表明存在风险和危险。安全、安保和隐私问题是这些问题的首要问题。例如，(在医疗保健领域)危害包括误诊和错误的治疗决定，以及可能导致身份盗窃、名誉损失和生计的机密性泄露。鉴于大量案例是软件故障造成的伤害或痛苦，监管机构和用户呼吁更好的软件工程实践。人们经常将其与更传统的行业进行比较，这些行业使用关键软件进行自动化和控制(例如制造、运输和发电)，在质量保证方面更成熟。但软件与自动化和控制软件有很大不同，在这些更传统的行业中建立的模型、方法和工具不能简单地转移到知识密集型行业。鉴于这些困难，监管机构避免了以产品为中心的质量保证方法，而是采取了以过程为中心的战略。换句话说，监管机构不是评估有关IS软件产品安全性的直接证据，而是将重点放在开发产品时使用的软件开发过程上(间接证据)。这一方法被许多研究人员批评为无效，例如，帕纳斯：“理性设计过程：如何以及为什么要伪造它”，Wassyng等人。关于软件认证：我们需要以产品为中心的方法。以产品为中心的软件保证方法的开发被视为一项重要的研究挑战，也是实现真正基于证据的软件认证实践的先决条件。我的研究计划的目标是研究和开发创新的模型、方法和工具，以生成以产品为重点的(直接的、基于证据的)质量保证，以确保关键信息系统软件的安全。具体目标包括：(1)发展(1)系统论IS危险模型(SIHM)作为分析安全问题和从环境因素(例如人为错误)中识别软件引发事件的基础；(2)基于基础SHM设计高置信度IS软件(和系统的系统)的方法，并有助于以产品为中心的保证；我们的科学方法包括(1)混合方法的理论构建，(2)作为探索性案例研究和概念证明的缩小规模的原型，以及(3)将所提出的方法应用于真实世界的实证研究。我们将主要研究医疗信息系统，但也将研究其他领域，如国防、航空。拟议的研究将产生新的和高度影响的结果，使软件工程师和监管机构(如加拿大卫生部)能够实施更安全的信息系统软件。这一结果将有助于拯救生命，避免加拿大人的伤害。学员将发挥重要作用。所有级别的学生都将在高度协作、以团队为基础的环境中接受培训，接触其他学科以及工业和学术合作者。在加拿大，具有软件保证技能的HQP需求量很大。