Today, mission-critical software assurance engineering must encompass both safety and cyber-security. Critical missions, whether in defense, government, banking, or healthcare depend on ensuring that a system meets safety requirements, and it does not fail under cyber attack. Mobile, cloud and Internet of Things (IoT) have made software assurance integral to our everyday lives, whether it is a life-saving medical device, the integrity of the power grid, a soldier with a heads-up-display, or running a global supply chain. Cyberspace is so pervasive that the US Department of Defense has put cyberspace on par with land, sea, and air as a war-fighting domain, and the White House reports point to the urgent national need to shift the cybersecurity posture from defending computer networks to assuring critical missions.
We will present case studies distilled from our research findings through participation in DARPA cybersecurity programs, work with automotive and avionics companies, verification of the Linux kernel, and studies of the NIST test suites Juliet and SARD. The goal will be to help the participants develop a good understanding of: (a) the core of technical challenges for mission-critical software assurance, and (b) how and why techniques such as testing, bug finders, quality metrics, reliability analysis, and formal verification fall short in addressing these challenges. The tutorial will conclude with a discussion of two key ideas to address the challenges of mission-critical software assurance.
Venue: 27th International Symposium on Software Reliability Engineering (ISSRE 2016), Ottawa, Canada, October 23, 2016
Authors: Suresh Kothari, Jeremías Sauceda