John H R May

Using Influence Diagrams to Aid the Management of Software Change

In a large software management programme, the number of software changes and enhancements requested for inclusion in the next software release often far exceeds the implementation resources available. Thus, during the preceding months before the final decision is made on which changes to include, there needs to be a way of incorporating all the different factors that influence these possible changes into a coherent set of information to enable good decisions to be made. This paper describes the use of influence diagrams to implement a risk model to formalise the combining of these different factors to aid the decision process. This model not only reflects the likelihood of all the necessary criteria for a requested change to be viable being met, but also considers the financial or other benefits to the organisation that would result from the change being included in the next software release.

Structural Software Reliability Estimation

Structure is introduced to the process of software reliability estimation. An estimator for the overall software failure rate is constructed using estimators of subtask-failure rates. This is done for the case when testing reveals no failure. The obtained estimator depends on the number of subtasks present in the code and on the code structure. The model proposed covers sequential and simple branching structures

Test Statistics for System Design Failure

New statistics for software reliability are proposed to model the dependence of the reliability estimates on code structure.

Gaining confidence in the software development process using expert systems

Software safety standards recommend techniques to use throughout the software development lifecycle. These recommendations are a result of consensus building amongst software safety experts. Thus the reasoning underpinning compliance to these standards tends to be quite subjective. In addition, there are factors such as the size of the project, the effect of a review process on earlier phases of the development lifecycle, the complexity of the design and the quality of the staff, that arguably influence the assessment process but are not formally addressed by software safety standards. In this paper we present an expert system based on Bayesian Belief networks that take into account these and other factors when assessing the integrity at which the software was developed. This system has been reviewed by engineers working with software safety standard IEC61508. In this paper we illustrate some arguments that can be supported using the proposed system. This paper and the work it describes were partly funded by the Health and Safety Executive. The opinions or conclusions expressed are those of the authors alone and do not necessarily represent the views of the Health and Safety Executive.

Efficient modeling of correlated shadow fading in dense wireless multi-hop networks

Correlated shadow fading has a detrimental effect on the performance of wireless systems. Neglecting shadowing correlations could lead to inaccurate simulation results and unreliable wireless system design. In this paper, we propose and analyze a correlated shadow fading model based on Gaussian random fields. The model enables the generation of spatially correlated shadow fading for all meshed links in wireless multi-hop networks. Both analytical and numerical results show that the proposed model is in good agreement with the literature in terms of the statistical properties and correlation coefficients. Furthermore, the Circulant Embedding method of the proposed simulation model significantly reduces the computational cost.

A Face Centered Cubic Key Agreement Mechanism for Mobile Ad Hoc Networks

Mobile ad hoc networking is an operating mode for rapid mobile node networking. Each node relies on adjacent nodes in order to achieve and maintain connectivity and functionality. Security is considered among the main issues for the successful deployment of mobile ad hoc networks (MANETs). In this paper we introduce a weak to strong authentication mechanism associated with a multiparty contributory key establishment method. The latter is designed for MANETs with dynamic changing topologies, due to continuous flow of incoming and departing nodes. We introduce a new cube algorithm based on the face-centered cubic (FCC) structure. The proposed architecture employs elliptic curve cryptography, which is considered more efficient for thin clients where processing power and energy consumption are significant constraints.

Application of statistical testing to smart device code

Statistical testing can produce dependability information by estimating the probability of failure on demand for a system. In this paper we explore issues related to the construction of statistical test-cases for the firmware of a smart device. Our aim is to share our own experience with the technique and we expect to derive some general insights into what needs to be taken into account when designing such test-cases for smart devices. This provides useful information for situations where one would like to perform statistical testing but where no access to the device code is available. This paper describes the status quo of this project, further results are expected to emerge from this work

Assessment of the Benefit of Redundant Systems

The evaluation of the gain in reliability of mult-iversion software is one of the key issues in the safety assessment of high integrity systems. Fault simulation has been proposed as a practical method to estimate diversity of multi-version software. This paper applies data-flow perturbation as an implementation of the fault injection technique to evaluate redundant systems under various conditions. A protection system is used as an example to illustrate the evaluation of software structural diversity, optimal selection of channel-pairs and the assessment of different designs.

Empirical Assessment of Software On-Line Diagnostics Using Fault Injection

This paper is part of an on-going empirical research programme to develop an improved understanding of the implementation and evaluation of on-line diagnostics in software. In this study we have concentrated on the hypothesis that residual design errors exist because their coupling to the input space is very small, making them difficult to detect in normal testing. The objective of the reported experiment was basically to add a simple group of diagnostic checks to a reasonably complex program and use arbitrary fault injection to assess the error detection in relation to the coupling of the fault to the input space. The results were promising in that they demonstrated no significant deterioration in the effectiveness of the diagnostics as the fault coupling to the input space decreased. On this basis the use of diagnostics can be seen as supplementary to validation testing.

A case for new statistical software testing models

There is growing interest in statistical software testing (SST) as a software assurance technique. While the approach has major attractions, there is a need for new statistical models to infer failure probabilities from SST. The paper constructs a simple but realistic case in which the traditional binomial model does not work. The paper shows that if possible test failure dependencies are neglected, could the failure probability would be underestimated. The paper compares the results of our new probability model based on pairwise failures with results achieved when applying the traditional single-urn model, i.e., assuming no dependencies in the failure process