Alberto Pasquini CARE Workshop 141542001

1
CARE Workshop

• Alberto Pasquini
• Assessment of Software Intensive and Interactive
  Systems
• Deep Blue

2
The problem (1)

• Software Intensive and Interactive Systems

System functions are used in a process and are
the results of a combination of computerized
tools and human agents Humans have a central role
in performing the activities needed for the for
the process goals Large amount of information are
stored and managed and elaborated by
computers Organizational structures, rules,
operative procedures, training, other hardware
and software tools play a key role in the process
3
The problem (2)

• Potential benefits of the quantitative analysis
  of Software Intensive and Interactive Systems

Provide inputs for decision making during design,
certification, assessment and operation Quantitati
ve risk assessment in safety analysis and safety
cases Easy comparison between different systems
and different architectural solutions
4
State of the art

• State of the art in the quantitative analysis of
  Software Intensive and Interactive Systems

Used for design decision (when to stop testing,
etc.) Limited confidence in the quantitative
measure
Reliability growth models can provide information
about failure rate, or number of residual
faults, or failure on demand

When combined with information about software
architectures and operative usages they can give
us information about the reliability of these
architectures
5
Limitations of the state of the art (1)
The operative environment changes (Arianne 5)
Interactions with operators changes with skill
and training (Therac 25) Procedures and rules are
revised and up-dated (Italian railways)
Static characterisation of the operational
profile of these systems
Probability Activity 3x10-3 Error of omission
where the items being omitted are embedded in
a procedure rather than at the
end 3x10-2 General human error of commission
Chernobyl (deliberated deactivation of the
reactor protection system) Colwich, Purely,
Cowden, Watford Junction, etc. (train driver
failing to apply the brakes after acknowledging
receipt of audible and visual warning of red
signal)
Still based on task models of errors when
considering the interaction with human agents
6
Limitations of the state of the art (2)
Extended System boundary
10-4
System boundary
10-3
10-2
Adapted from Fault Tree Handbook Nuclear
Regulatory Commission
7
The research proposal

• What can reasonably be done

(Considering that as we enlarge the circle we are
dealing with a more and more uncertain
environment)
A research proposal based on Distributed
Cognition and Reliability Engineering switching
the focus on the knowledge needed for the process
and on its availability
8
Distributed Cognition (1)
Distributed Cognition developed to analyse the
interaction of humans with cognitive
artefacts Human cognition (and activity) mediated
by artefacts (rules, tools, representations),
internal and external to the mind Ability of the
human mind in processing symbolic information
strongly bounded, and complex activity requires
the aid of artefacts Knowledge for human
cognitive activity not located exclusively in the
brain, but distributed among brain and cognitive
artefacts employed to carry out the activity
writing, printing and computers shopping list,
book-marker
9
Distributed Cognition (2)
Knowledge can be distributed in different ways
between human and cognitive artefacts needed for
the activity Distribution changes with
time Knowledge stored in artefacts from which it
can be activated and used
easily and naturally context sensitive help, or
hardware tool with "affordance"
with difficulty guideline, difficult to locate,
or with unclear procedures
Knowledge more or less easy to maintain and to
up-date, depending on the type of components
wherein it is stored
10
Distributed Cognition Reliability Engineering
Model of knowledge distribution within a
process Analysis of different possible
distributions and of their evolution Estimation
of the probability that knowledge is available
and correctly activated (for example a software
procedure containing the knowledge of the
designers)
Comparison of different possible design solutions
with different distributions of knowledge
11
Cross fertilisation of Communities (or ads.)
Safecomp Safety and Reliability of Industrial
Computer Systems Budapest, Hungary, 26 - 28 Sept.
2001 ISSRE Software Reliability Engineering Hong
Kong, China, 28 Nov. - 1 Dec. 2001 With
associated workshop on Software Assessment