Safety and Security Assurance for Engineering High Confidence Software in Information Systems

信息系统高可信软件工程的安全保障

• 批准号: RGPIN-2014-06499
• 负责人: Weber, Jens
• 金额: $ 2.84万
• 依托单位: University of Victoria
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2020
• 资助国家: 加拿大
• 起止时间: 2020-01-01 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=708324
• 关键词: Safety; Security; Assurance; Engineering; Confidence

This discovery grant application is a continuation of my ongoing research program on security assurance in complex information system software, including an extended focus on safety. Software-based information systems (IS) are playing an increasingly critical role in knowledge-intensive industries, e.g., healthcare, defense, transport, energy, etc. Despite anticipated benefits of deploying and networking such systems, there has been mounting evidence on risks and hazards. Safety, Security and Privacy concerns are at the forefront of these concerns. Example hazards (in healthcare) include misdiagnosis and wrong treatment decisions and confidentiality breaches that may lead to identity theft, loss of reputation and livelihood.Given numerous cases were IS software faults caused harm or suffering, regulators and users have called for better software engineering practices. Comparisons are often made with more traditional industries that employ critical software for automation and control (e.g., manufacturing, transportation, and power generation) and have a higher degree of maturity when it comes to quality assurance.However, IS software is significantly different from automation and control software and the models, methods and tools established in these more traditional industries cannot simply be transferred to knowledge-intensive industries. In the light of these difficulties, regulators have shied away from a product-focussed approach to quality assurance and adopted a process-focussed strategy instead. In other words, rather than assessing direct evidence about safety and security of the IS software products, regulators focus on the software development processes employed in developing the product (indirect evidence). This approach has been criticized as ineffective by many researchers, e.g., Parnas: "A rational design process: How and why to fake it", Wassyng et al. "On Software Certification: We Need Product-Focused Approaches". The development of product-focussed software assurance methods is seen as an important research challenge and a prerequisite for enabling truly evidence-based software certification practices. The objective of my research program is to research and develop innovative models, methods and tools for generating product-focussed (direct, evidence-based) quality assurances for the safety and security of critical IS software. Specific objectives include the development of(1) a system-theoretic IS hazard model (SIHM) as a foundation to analyze safety & security concerns and discern software-induced incidents from environmental factors, e.g., human error;(2) methods to engineer high confidence IS software (and systems of systems) based on the foundational SIHM and conducive to product-focussed assurance; and(3) product-focussed methods to verify, validate and certify safety and security-related properties of high confidence IS software.Our scientific approach involves (1) theory-building using a mixed method approach, (2) reduced-scale prototyping as exploratory case studies and proofs of concepts , and (3) empirical studies of applying the proposed methods "at scale" to real-world IS software. We will primarily study healthcare IS but also other domains, e.g., defense, aviation.The proposed research will generate novel and high impact results that will enable software engineers and regulators (e.g., Health Canada) to implement safer IS software. The results will help save lives and avert harm from Canadians. Student trainees will play an important role. Students at all levels will be trained in a highly collaborative, team-based setting, with exposure to other disciplines as well industrial and academic collaborators. HQP with software assurance skills are in high demand in Canada.

这项发现拨款申请是我正在进行的复杂信息系统软件安全保障研究项目的延续，包括对安全性的扩展关注。基于软件的信息系统（IS）在知识密集型产业中发挥着越来越重要的作用，例如医疗保健、国防、交通、能源等。尽管预计部署和联网这样的系统会带来好处，但也有越来越多的证据表明存在风险和危害。安全、安保和隐私问题是这些问题的首要问题。（在医疗保健领域）的危害示例包括误诊和错误的治疗决策以及可能导致身份盗用、声誉损失和生计损失的机密泄露。鉴于IS软件故障造成伤害或痛苦的案例众多，监管机构和用户呼吁更好的软件工程实践。通常将其与更传统的行业进行比较，这些行业采用关键的自动化和控制软件（例如，制造、运输和发电），并且在质量保证方面具有更高的成熟度。然而，信息系统软件与自动化和控制软件有很大不同，在这些更传统的行业中建立的模型、方法和工具不能简单地转移到知识密集型行业。鉴于这些困难，监管机构已经放弃了以产品为中心的质量保证方法，转而采取了以过程为中心的战略。换句话说，与其评估关于信息系统软件产品的安全性和安全性的直接证据，监管机构更关注于开发产品所采用的软件开发过程（间接证据）。这种方法被许多研究人员批评为无效，例如，Parnas：“一个理性的设计过程：如何以及为什么要伪造它”，Wassyng等人。关于软件认证：我们需要以产品为中心的方法。以产品为中心的软件保证方法的开发被视为一项重要的研究挑战，也是实现真正基于证据的软件认证实践的先决条件。我的研究项目的目标是研究和开发创新的模型、方法和工具，以产生以产品为中心的（直接的、基于证据的）质量保证，以保证关键信息系统软件的安全性。具体目标包括：(1)系统理论的信息系统危害模型（SIHM）的发展，作为分析安全和安保问题的基础，并从环境因素（如人为错误）中辨别软件引起的事件；(2)基于基础SIHM并有利于以产品为中心的保证的高置信度IS软件（和系统的系统）的设计方法；(3)以产品为中心的方法来验证、验证和认证高置信度信息系统软件的安全和安全相关属性。我们的科学方法包括(1)使用混合方法建立理论，(2)缩小规模的原型作为探索性案例研究和概念证明，以及(3)将所提出的方法“大规模”应用于现实世界的IS软件的实证研究。我们将主要研究医疗保健信息系统，但也包括其他领域，如国防、航空。拟议的研究将产生新颖和高影响力的结果，使软件工程师和监管机构（例如，加拿大卫生部）能够实施更安全的信息系统软件。研究结果将有助于挽救生命，避免加拿大人的伤害。实习学生将发挥重要作用。各级学生将在一个高度协作、以团队为基础的环境中接受培训，并接触其他学科以及工业和学术合作者。具有软件保证技能的HQP在加拿大需求量很大。