Model-based Development in Practice: Successful Selection and Deployment

Half-day Tutorial
Instructor: Jeremias Sauceda, CTO, EnSoft Corp., U.S.A.
Contact: pi@ensoftcorp.com
Model-based technologies such as UML, AADL, Simulink and many others can be used to analyze, implement, and document your system. This tutorial gives you the background necessary to successfully select and deploy a model-based process within your company.

Selecting a Model-based methodology
The key to selecting the right model-based methodology is to know what is at the root of the problem you are trying to solve. This requires asking critical questions such as:
- Are errors introduced into my application because the design must be manually translated from
a design document into code?
- Do I lack documentation of my system in a form that is useful for developers to implement
features or managers to make decisions?
- Has my application become so large it is difficult to understand all the relationships and
interactions within it?
Answers to questions like this will help in selecting a particular model-based methodology required to address your analysis, implementation, and documentation needs. This part of the workshop will discuss types of model-based methodologies and their applicability.

Deploying a Model-based Process
Deploying a model-based process involves many of the same issues as deploying other technologies that are part of your development process. However it also poses its own challenges. In this section of the tutorial we discuss the practical issues involved in deployment of a model-based methodology, including selecting a tool-chain, version control, team collaboration, etc.

Putting it all Together
We will put theory into practice by analyzing why AADL and Simulink are good choices to improve
reliability in a sample embedded software project and how deployment issues were addressed in this project.

Outcomes
After completing this tutorial you will be able to:
- Select the right model-based methodology to address your specific needs.
- Identify specific deployment issues early before they turn into problems.
- Successfully deploy a model-based process.

Participants
- Managers
- Senior Engineers
- Anyone involved in selecting or deploying a model-based process

About the Instructor: Jeremias Sauceda has extensive experience with model-based development (MBD) including consulting and product development. As the CTO of EnSoft, he has successfully launched MBD products that are used by more than 90 companies worldwide. He works with major avionics and automobile companies on deployment of MBD technology for safety-critical software. He was a speaker at the ESR Workshop at 2007 ISSRE conference.

Testing Program Security Vulnerabilities

Mohammad Zulkernine and Hossain Shahriar
School of Computing, Queen’s University, Kingston, Canada
{mzulker, shahriar}@cs.queensu.ca

Abstract
Today’s software (or program) is complex in nature and accessible to almost everyone. These programs are developed using implementation languages and library functions that often suffer from inherent vulnerabilities. As a result, exploitations of these known vulnerabilities through successful attacks are very common. Despite rigorous usage of various complementary techniques to detect and prevent vulnerabilities, numerous exploitations are still being reported. Researches have shown that effective quality assurance methods can prevent such vulnerabilities when applied during software development processes, and software security testing is the most important quality assurance methods. However, effective program security testing involves obtaining an adequate test suite that can reveal specific vulnerabilities. In this tutorial, we will first present the importance of program security testing and fundamentals of software testing. This will be followed by an introduction to the most common program vulnerabilities and related security testing approaches. Then, we will present the idea of applying mutation-based testing to obtain an adequate test suite that can reveal program security breaches. We will demonstrate how mutation operators can be applied to inject vulnerabilities systematically and assess a test suite quality for revealing the four worst vulnerabilities in programs namely buffer overflow, SQL Injection, format string bug, and cross site scripting. The tutorial will address one of the most crucial issues of software quality assurance. By attending this tutorial, software engineers, security engineers, programmers, software/security testers will be aware of vulnerabilities and address them proactively

Presenters

Model Based Testing of Control Systems

Audience: Aerospace (Private Industries in Aerospace and Government Labs) and automotive control engineers, students, safety critical control system developers

Takeaway: A glimpse of 20 years of experience in automated control system testing, dos and don’ts, methods of testing

Background: Control systems are a part of many safety critical systems like the aircraft, automotive and health care systems. The commercial aircrafts today are using fly-by-wire technology to provide comfort to the passengers and to reduce pilot workload. The automotive industry uses control system for brake management, fuel management and engine control. The health care system use control system to position the X-Ray systems automatically. Nuclear reactors use control systems to control the reaction speed. All these are examples of safety critical systems. A failure in such a system would cause loss of lives and money.

The control systems are developed using Matlab/Simulink software. The C/Ada code is generated automatically or manually. Testing the control system becomes a challenging task for the Verification and Validation group in any organization developing such systems. Aircrafts are certified based on DO-178B standards. This mandates a verification and validation process with proof of correctness to be submitted to certifying authorities. The control system blocks and the C code have to be verified against a design specification document.

Manual and automated testing is carried out to verify the control system at the lowest level. The control system is also tested at a system level with an aircraft or vehicle model in loop. The low level testing is done using model based test methods. Various automation methods can be explored to minimize the test time and increase the coverage. This tutorial covers the various blocks used in a control system; it describes the concept of model coverage, describes methods used in testing the C code against the model.

Course Contents

1. 1. Safety Critical Control Systems in the Industry
   Examples
   2. A typical control system
2. Control system elements
3. Control System Specification
   3. Testing the Controller
4. Block coverage
   Signal generation
   Manual testing
   Random testing
   Orthogonal Array Testing
   Automated thresholds
   MCDC coverage
   Error seeding
   4. Things you can try
   Optimization – genetic algorithm, simulated annealing
   Use an excel spreadsheet to design test cases and documentation
   Use of tools like V&V toolbox, Reactis, Simdiff

Instructor Profile

Yogananda Jeppu: Software Specialist, Moog India, jyogananda @moog.com
20 years experience in the field of control system design, coding and testing for aerospace domain. 20 years of experience in using Matlab and Simulink software in the control systems domain. Use of optimization algorithm in generating model based test cases. Several papers on test case generation, automation and optimization.
Dr Selvamurugan B Hariram
13 years of experience in teaching control systems. He is currently working on automated control system testing for commercial fly-by-wire aircrafts. He has several publications on VLSI, FPGA based motor controllers, and DSP implementations. He has conducted several courses on simulation, DSP implementations and motor control.

Structured Safety and Assurance Cases: Concepts, Practicalities and Research Directions

Duration: Half day

Overview of Tutorial:
This tutorial will develop the motivation and context of Safety and Assurance Cases. In particular it will introduce the concept of Structured Safety Cases using the standard Safety Case notations: ‘Claim-Argument-Evidence’ and Goal Structuring Notation. It will discuss a phased approach to Safety Case development: determining safety requirements; demonstrating satisfaction of these requirements at an equipment level and at an operational level; showing on-going safety under maintenance and modification; and finally safe disposal/decommissioning. The tutorial will be illustrated using Adelard’s Assurance and Safety Case Environment (ASCE). We will provide an overview of current research directions in assurance cases drawing on our work in a variety of sectors and discuss recent work we have been doing on Security Justification.

Audience: Assumptions, background, and experience.
No particular experience is assumed, but some background in assurance concepts and engineering reliable and trustworthy systems would be useful.

Take Aways: What will the student learn, and what are the benefits to their job.
Upon successful completion of this tutorial, the attendee will attain:
1. a good understanding of the concepts of structural safety and assurance cases
2. an understanding the key phases of Assurance Case development
3. familiarity with realistic safety case structures based on ASCE examples
4. an understanding of the issues in developing Assurance cases for different qualities

A survey of verification tools for software reliability

Authors: professors from Indian Institute of Science

Quality Assurance (QA) in software development is a difficult process.
While studies show that up to 50% of the effort in software projects
currently goes towards QA, a lot of bugs and vulnerabilities still typically remain in software released to customers. The research community has suggested that automated verification tools and techniques be used
at all stages of software development to alleviate this problem. In
recent years this suggestion has found an audience with the software
development industry, with various companies (e.g., Coverity, Grammatech,
Klocwork successfully marketing verification tools to the industry. Many
leading companies have also established in-house research and development
groups focusing on verification, e.g., General Motors, IBM, Intel, and Microsoft.

In this tutorial we first introduce the general flavor of verification
tools and the verification process. We then give the theoretical
underpinnings of and demonstrate several tools that have been used
in realistic projects, such as Alloy (to identify errors at the design stage), FindBugs (to find violations of coding conventions), ESC/Java (to verify whether programmer-placed assertions will always succeed), and Pex (to automatically generate test-cases with the goal of increased test coverage). This tutorial is aimed at industry practitioners, researchers, and students interested in knowing about selected tools at the cutting-edge of software verification practice.

Establishing an Effective Industrial Test Program selecting the best Methods and Metrics

If you have these questions:

• How do you make verification and validation more effective?
  
• What testing methods are best for industrial software development?
  
• How do I effectively measure verification and validation?

This tutorial will provide the means to answer them.

We will present a tutorial on industry best practices for testing including test methods and metrics. The tutorial will emphasize effective verification and validation methods that ABB applies to their industrial software development. These methods have been demonstrably effective in improving testing in a variety of industrial product verification and validation settings. We will discuss techniques for selecting the most effective test methods for your particular development environment and life-cycle model. We will discuss a core set of test metrics and how to choose metrics that will provide the most value for an industrial environment.

Agenda:

• Survey of industrial test methods and applicability for the following categories of methods (Brian P. Robinson, PhD.):
  
  
  
  • Black-box Testing Methods
    
  • Grey-box Testing Methods
    
  • White-Box Testing Methods
    
  • Positive (valid) case testing
    
  • Negative (invalid) case testing
    
  • Fault-based Testing Methods
    
  • Regression Testing
    
  
  
• Survey of industrial test metrics (Will Snipes)
  
  
  
  • Unit Test Metrics
    
  • Common Testing Metrics for formal testing
    
  • Integration Testing Metrics
    
  • Requirements Testing Metrics
    
  
  
• Open Question and Answer
  

Organizers