Component-Based Software Certification Based on Experimental Risk Assessment

Authors

Abstract

Third-party software certification should attest that the software product satisfies the required confidence level according to certification standards such as ISO/IEC 9126, ISO/IEC 14598 or ISO/IEC 25051. In many application areas, especially in mission-critical applications, certification is essential or even mandatory. However, the certification of software products using common off-the-shelf (COTS) components is difficult to attain, as detailed information about COTS is seldom available. Nevertheless, software products are increasingly being based on COTS components, which mean that traditional certification processes should be enhanced to take COTS into account in an effective way. This paper proposes a mean to help in the certification of component-based systems through an experimental risk assessment methodology based on fault injection and statistical analysis. Using the proposed methodology the certification authority or the system integrator can compare among components available the one that best fit for the system that is assembling a component that provides a specific functionality. Based on the results it is also possible to decide whether a software product may be considered certified or not in what concerns the risk of using a COTS into the system. The proposed approach is demonstrated and evaluated using a space application running on top of two alternative COTS real-time operating systems: RTEMS and RTLinux.

Keywords

Component-based system certification Experimental Risk Assessment Fault Injection

Subject

Dependability Evaluation, Risk Evaluation, Software Certification

Related Project

REVVIS – Rede de Especialistas em Verificação e Validação de Software

Book Chapter

Lecture Notes in Computer Science Volume, 1, pp. 179-197, Springer Berlin Heidelberg, September 2007

DOI