1

Robinson Associates ©2009 www.robinsons.co.uk

Dependable Systems and Software

guaranteeing software for projects and products

by Brian Kirk and Stuart Doyle of Robinson Associates

2

Robinson Associates ©2009 www.robinsons.co.uk

Why dependable ?

1. Efficiency of the organisation or business2. Productivity and well being of users 3. Avoiding harm to people and property

3

Robinson Associates ©2009 www.robinsons.co.uk

Dependable Systems are everywhere

We depend on more and more systems … • Anti lock braking cars, trains, planes• Anti skid protection • Automated medical analysis• Medical treatment machines• Water management systems• Benefits payment systems (welfare)• Supermarket logistics systems (food)

and any system relying on software where a guarantee must be offered …

4

Robinson Associates ©2009 www.robinsons.co.uk

The bottom line …

Creating dependable systems and software

• Costs too much• Takes too long• Creates document mountains• By the time the system is delivered the

system’s needs have often changed !

and budgets are getting tighter …

5

Robinson Associates ©2009 www.robinsons.co.uk

But times have changed …

Increase the budget by a million George – certainly ! (not)

6

Robinson Associates ©2009 www.robinsons.co.uk

So what’s the problem ?

Simple: the current approach relies on

• Very detailed development processes• Expensive software tools• Use of techniques that ‘tick the boxes’ rather than

meeting needs• Developers being continually rigorous

Sadly there is little direct connection between the development process and the dependability achieved in use

7

Robinson Associates ©2009 www.robinsons.co.uk

Other business areas do better!

For example:

• Data on aviation and auto accidents and warranty failures is collected and collated

• Analysis finds any recurring failures and causes• Corrective action is used to improve

Existing products (recalls) Design of future products

(materials, techniques, processes, audit) Infrastructure

For most software and systems this rarely happens

So software and system development needs to be moredirectly related to the dependability goals of the system

8

Robinson Associates ©2009 www.robinsons.co.uk

Why don’t standards help ?

• They get out of date• No longer fully relevant• Cumbersome and

expensive to use• Discourage innovation• Provide little direct

connection between development process and the achieved dependability of the system

So is there a better way ?

What ever happened to that young Darwin chap?

9

Robinson Associates ©2009 www.robinsons.co.uk

Creating dependable systems

Here’s how: quantify the dependability of thesystem in an achievable way from the start by

Defining a set of measurable properties which ensure system dependability

Defining the evidence needed to show the properties will be met during operation of the system

Developing the system in ways thatthe properties are easily verifiable

Collecting evidence and demonstrating thecurrent and expected levels of dependability

10

Robinson Associates ©2009 www.robinsons.co.uk

But what about certification ?

OK, it’s still needed for many applications butnow the development process is focussed on

• Achieving dependability as first priority • Using the parts of the standards that are relevant

to system requirements and dependability • Using techniques that contribute directly to the

dependability to be achieved• Providing evidence that the properties will be

achieved whilst conforming to the standards

So how will the development approach change ?

11

Robinson Associates ©2009 www.robinsons.co.uk

How to guarantee dependability

The development approach has to change

• Define the system goals and boundaries • Define the properties that ensure dependability • Define a set of claims for each property• Define practical evidence and how to get it

for each claim• Implement the system and establish its dependability

step by step by building the evidence, verifying the claims and achieving the properties

• Use a document traceability tool to link it all http://www.slideshare.net/StuartJDoyle/doc-trace-traceability-matrix-tool-presentation

So what does the development process look like?

12

Robinson Associates ©2009 www.robinsons.co.uk

Achieving a Dependable System the cycle of refinement …

What the system has to achieve

1Refine the Business Vision

Concept Direction,Finance and Authority

2Define the dependability

properties, claims and evidence

3Building the software

so that evidence can be established

5Operating the System,

gathering evidence,establishing claims

4Designing and Building

the infrastructure to support the system and collect evidence

‘Paper’ Prototypes

Software Product Versions

System Versions

Dependable Productsand Systems

Project Sponsors

ProductDevelopersInfrastructure

Developers

Users

Definers

13

Robinson Associates ©2009 www.robinsons.co.uk

In summary ...

We believe that dependable software and systemscan be built (we’ve done it for 30 years!)

A new approach to development is needed basedon establishing system properties, claims andevidence

A credible guarantee of dependabilitycan be offered for the operation of a systemwhen the evidence has been verified

14

Robinson Associates ©2009 www.robinsons.co.uk

About Robinson Associates

If you are interested in developing moredependable systems then please contact us • Web www.robinsons.co.uk• Email enquiries@robinsons.co.uk• Phone +44 1452 813699

ask for Stuart Doyle or Brian Kirk

Thank you for viewing our slide show

15

Robinson Associates ©2009 www.robinsons.co.uk

Clients we’ve helped

Here are a few of the clients we have helpedto build or improve dependable systems

Philips Medical Systems (UK)Westinghouse Rail Systems (UK, Spain, Australian, USA)Hasler Rail Systems (Swiss)Soudronic AG Factory Automation Systems (Swiss)NEC/Philips Telecom and PDA Network Solutions (UK)AGIE AG Machine Tools (Swiss)Studer AG Professional Broadcast and Recording (Swiss)