Title: Affordable Application of Formal Methods to Software Engineering
1Affordable Application of Formal Methods to
Software Engineering
- James F. Davis, Capt, USAF
- University of Maryland University College
- Adelphia, MD
- jim_at_thedavisnetwork.com
2Overview
1. Why Formal Methods?
2. Praxis Correctness by Construction
3. Affordable use of C-by-C
4. Summary
3Why Formal Methods? (1 of 3)
- Our reliance on systems is increasingly
outweighing the trust we have on those systems - Software complexity continues to grow
- Software users have the right to demand
correctness - Software Engineers have the responsibility to
provide this correctness
4Why Formal Methods? (2 of 3)
New York, 14 Aug 2003
http//galleries.news24.com/2003/blackout
http//www.worldpress.org/Americas/1580.cfm
http//www.noaanews.noaa.gov/nightlights/blackout0
81403-20hrsbefore-text.jpg
http//www.noaanews.noaa.gov/nightlights/blackout0
81503-7hrsafter-text.jpg
5Why Formal Methods? (3 of 3)
- Costs associated with Formal Methods are
lessening compared to impact-costs of not
performing these analyses to prevent failures - Below is a list of estimated revenue losses by
industry due to system downtime per hour
Shipping 28,000 Teleticket Sales
69,000 Airline Reservations 89,000 Home
Shopping 113,000 Pay-per-view
150,000 Credit Card Sales 2,650,000 Financial
Markets 6,450,000
http//www.cnsoftware.org/nss2report/Chen-NSS2v.3.
pdf
6Overview
1. Why Formal Methods?
2. Praxis Correctness by Construction
3. Affordable use of C-by-C
4. Summary
7Praxis Correctness by Construction
Know why youre testing
Remove errors prior to testing
Expect change
Seven Key Principles
S/W is not useful by itself
Easy to verify software
Develop by increments
Expect some difficulty
8Characteristics of C-by-C
Correctness by Construction
Generation certification/ evaluation evidence
9Overview
1. Why Formal Methods?
2. Praxis Correctness by Construction
3. Affordable use of C-by-C
4. Summary
10Affordable use of C-by-C
- Strict adherence to prescriptive software
engineering principles - Decouple and separate critical components of the
system based on - Risk Analysis Impact of a Threat factored by
the probability of its occurrence - Cost to implement the change or decisions versus
the results of the risk analysis - Bottomline BALANCE
11Summary
1. Why Formal Methods?
2. Praxis Correctness by Construction
3. Affordable use of C-by-C
12Questions?
- James F. Davis, Capt, USAF
- University of Maryland University College
- Adelphia, MD
- jim_at_thedavisnetwork.com
13References
- http//www.praxis-his.com/sparkada/pdfs/minepump.p
df - http//www.praxis-his.com/services/software/princi
ples.asp - http//www.safety-club.org.uk/resources/164/Martyn
Thomas.pdf - http//www.cs.virginia.edu/jck/cs651/slides/14.co
rrectness.by.construction.pdf - http//www.stsc.hill.af.mil/crosstalk/2002/03/amey
.html - http//www.eng.auburn.edu/department/csse/classes/
comp7370/resources/Correctness_by_Construction_dev
eloping_a_commercial_secure_system.pdf - http//www.secure-biz.net/Spring2004/speaker_prese
ntation/Martin20Croxford20final.pdf - http//www.sei.cmu.edu/tsp/tug-2004-presentations/
chapman.pdf