Chin-Feng Fan

Prescriptive metrics for software quality assurance

Most current software metrics tend to be descriptive with weak prescriptive power; they are not rigid enough to support a successful engineering task as hardware metrics do. We propose the concept of software prescriptive metrics, which set up specific goals to achieve, and thus facilitate, quality control tasks. A general derivation procedure has been developed and applied to derive prescriptive metrics for the review process, a key software QA task, to assure its quality and progress.<<ETX>>

Accident sequence analysis of human–computer interface design

Abstract It is important to predict potential accident sequences of human–computer interaction in a safety-critical computing system so that vulnerable points can be disclosed and removed. We address this issue by proposing a Multi-Context human–computer interaction Model along with its analysis techniques, an Augmented Fault Tree Analysis, and a Concurrent Event Tree Analysis. The proposed augmented fault tree can identify the potential weak points in software design that may induce unintended software functions or erroneous human procedures. The concurrent event tree can enumerate possible accident sequences due to these weak points.

Anatomy of safety-critical computing problems

Abstract This paper analyzes the obstacles faced by current safety-critical computing applications. The major problem lies in the difficulty to provide complete and convincing safety evidence to prove that the software is safe. We explain this problem from a fundamental perspective by analyzing the essence of safety analysis against that of software developed by current practice. Our basic belief is that in order to perform a successful safety analysis, the state space structure of the analyzed system must have some properties as prerequisites. We propose the concept of safety analyzability, and derive its necessary and sufficient conditions; namely, definability, finiteness, commensurability, and tractability. We then examine software state space structures against these conditions, and affirm that the safety analyzability of safety-critical software developed by current practice is severely restricted by its state space structure and by the problem of exponential growth cost. Thus, except for small and simple systems, the safety evidence may not be complete and convincing. Our concepts and arguments successfully explain the current problematic situation faced by the safety-critical computing domain. The implications are also discussed.

Handling malicious code on control systems

After the 911 terrorist attacks, the American government thoroughly investigated the vulnerabilities of infrastructure environment and found that the lack of security protection of most automated control systems is a vulnerable point. In order to ensure security in control systems, it is urgent to investigate the issue of potential malicious code, especially that made by insiders. This paper first discusses the undecidability of identifying all kinds of malicious code on control systems. However, effort to analyzing malicious code pays since it may increase the difficulty of insider attacks and improve the safety and security of the system. This paper then classifies malicious codes based on control system characteristics. The potential malicious code classifications include time-dependent, data-dependent, behavior-dependent, input-dependent, violation of a certain theorem, and so on. Finally, the paper presents possible approaches to prevention and detection of malicious code on control systems.

Safety Markup Language: Concept and Application

This paper proposes a method to expedite hypertext construction and improve document reading efficiency by using meaningful tags. Hazard Life Cycle is proposed as the common semantic framework for documents in safety engineering practice. Under this framework, we developed Safety Markup Language (SML) to annotate the major concepts in software-related nuclear regulation. A computer tool has been constructed to convert these SML tags into desired hyperlinks for review purpose. This approach reduces the manual effort in hyperlink construction, and supports information retrieval in a concept unit, which is closer to human cognition than that obtained from a conventional approach. Potential improvements achieved by this SML-based method include efficient checking of information completeness, tracing of review issues, and reduction of clerical work in license review.

A Platform for Simulation and Analysis of Critical Infrastructure Protection

The modeling and analysis of Critical (Informational) Infrastructure Protection (CIIP or CIP) is a relatively new and important field of study. Major countries have developed simulation tools to assess their CIIP performance. Taiwan should also establish its own capability in CIIP evaluation. In the meantime, a common platform to simulate different protection targets is desirable. This paper describes a proposed platform for simulation and analysis of CIIP. We defined a process along with common components to modularize CIIP simulation tools so as to simplify their development. We have applied this approach to the implementation of a simulator for physical infrastructure protection and a simulator for critical materials transportation, along with the on-going implementation of a simulator for interdependency analysis. These simulators can simulate potential combinations of attack scenarios and compute the probabilities of successful defense. By comparing different scenarios, we can identify vulnerabilities of the examined CIIP, and then improvement can be designed.

Software Safety Application Applied in Nuclear Power Plant-Using Frame-Based Technique to Derive and Analyze Failure Events for Digital and Control System

Techniques for analyzing the safety and reliability of systems which include digital computer are difficult to refer to the intuition. Simulation-based method provides a directly understanding of the dynamic behavior of digital I&C system. Lessons learned from historical accident data are being incorporated into improved prevention, mitigation, and identify hazard. This paper presents and discusses the development of a frame-based technique, including physical frame, logical frame, and cognitive frame, to simulate digital I&C failure events derivation and analysis for generic ABWR. This technique will identify the conflicts among plant status, computer: status, and human cognitive status. In the event derivation, a well-trained operator can take early corrective actions to avoid the system hazard. This paper also discusses the advantage of Simulation- based method, which can investigate more in-depth dynamic behavior of digital I&C system than other approaches. In order to let our experiment be more concrete, we will set up one real simulation platform in the future, and its environmental structure is sketch in the future work of this paper.