Survivability in Embedded Systems

Safety-critical systems have made extensive use of software for some time, and they have a very good overall safety record. The size and complexity of these systems is increasing, however, and while software development technology is advancing, it is unclear that the pace of that advancement is rapid enough to match the increase in complexity. This research proposes to develop the key aspects of an approach to the implementation of complex safetycritical systems that enables them to maintain crucial safety properties with a high degree of assurance even in cases where full functionality cannot be guaranteed; and to develop analysis techniques that afford strong system safety assurance arguments. I plan to address this problem by creating a framework in which application developers can build the complex functionality desired while retaining dependability properties required of safety-critical function. The framework is based on the idea of survivability similar to that used in networked information systems. A survivable system implements a primary specification and one or more simpler alternative specifications that define reduced or different functionality but which maintain crucial safety properties. The important advantage is that the alternatives can be simpler and, therefore, significantly more amenable to analysis than the primary—which enables comprehensive analysis of crucial portions of the system. The unique elements of the survivability approach that I propose are that it is specification driven, that is general and broadly applicable, and that it is supported by rigorous analytic techniques that permit strong assurance arguments to be developed.