Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA
|
|
- Carol Phelps
- 5 years ago
- Views:
Transcription
1 Best Practices Process & Technology Sachin Dhiman, Senior Technical Consultant, LDRA
2 Best Quality Software Product Requirements Design Coding Testing 2
3 Product Requirement Feature Requirement Security Requirement Safety Requirement 3
4 Product Design Hardware Architecture Software Architecture 4
5 Coding is Critical Safety and Security Design Coding Code is good but design may have problems! Design is good but code may have Coding Defects! 5
6 Testing Requirement driven testing Testing of complete software by running in actual environment Testing of correctness of function 6
7 Leading Process Standard Avionics DO-178B (First Published 1992) DO-178C (2012) Industrial IEC (First Published 1998, Update 2010) Railway CENELEC EN (First published 2001) Nuclear IEC (First published 2001) Automotive ISO (Published 2011) Medical IEC (First published 2006) Process IEC (First published 2003) 7
8 Cybersecurity Standard Industrial & Control IEC/ISA NIST CSF Special Publication 800 Series 8
9 Requirements & Requirement Based Testing
10 Requirements Product Features What product will do? Safety Objectives What is at risk in case of software failure? Security Targets What we want to protect? 10
11 Three Level of Requirements Decomposition of Requirements System Level Requirements High Level or Functional Requirements Low Level or Detail Requirements 11
12 Linking Requirements, Code and Tests System Requirements H/S Integration Tests (6.4.3.a) Software High-level Requirements (5.1.1.a) Software Integration tests (6.4.3.b) Software Low-level Requirements (5.2.1.a) Software Unit Tests (6.4.3.c) Source Code (5.3.1.a) Object Code ( b) 12
13 What is Requirements Traceability? The requirements traceability is the ability to describe and follow the life of a requirement, in both a forward and backward direction, i.e. from its origins, through its development and specification, to its subsequent deployment and use, and through periods of ongoing refinement and iteration in any of these phases. Requirements Requirements Evolving Versions Users/Clients Design Testing Code Requirements Pre-Requirement Traceability Post-Requirement Traceability 13
14 Types of Traceability Forward Traceability we can check that requirements are covered in which test cases? Whether is the requirements are coved in the test cases or not? Backward Traceability This will help us in identifying if there are test cases that do not trace to any coverage item Helps to identify that a particular test case is covering how many requirements Bi-Directional Traceability Bi-Directional Traceability contains both Forward & Backward Traceability 14
15 Backward and Forward Traceability Video link 15
16 Traceability Issue All the functions map to Low Level Requirements, but there are some High Level Requirements that are not mapped to any Low Level Requirements 16
17 Requirement based testing Recommendations NIST Special Publication IEC/ISA Standard Chapter 2, Section 1 - Defines system security requirements and associated verification methods derived requirements mapped to system requirements to subsystems and components DO178 C Table A - Requirements are traceable up to source code ISO Section 9 Table 10 - Requirements based test IEC Verify software requirements EN Section Software requirements 17
18 Design Software Architecture
19 Design is foundation Security and Safety comes from Design Design Choosing Hardware Choosing right software architecture 19
20 Software Architecture Separation of Critical Code from Standard code Encrypting sensitive data Using security feature of Microprocessor/Microcontroller Securing Communication Security Policies 20
21 Software Architecture Monolith Microkernel Client Server Event Driven MILS Layered Architecture 21
22 Security Partition 1 Security Partition 2 Security Partition 3 Example MILS Architecture Multiple Independent Levels of Security (MILS) Architecture Multiple Software Components must be Segregated Minimize Security Vulnerabilities Software is developed as per Common Criteria Guidelines Middleware Middleware Middleware Microkernel Microprocessor 22
23 Design Recommendations NIST Special Publication IEC/ISA Standard Design Principles for Security Security Risk Assessment and System Design DO178 C A-4 - Verification of Outputs of Software Design Process ISO Part 4 - System Design IEC Section 7 - Software Design IEC Software Architectural Design EN Clause 10 - Software Design and Implementation 23
24 Coding Best Coding Practices
25 Coding Most vulnerabilities are due to Coding Errors Software defect can be very expensive Safety Security Top Software vulnerabilities Integer overflow Buffer overflow uncontrolled format string missing authentication incorrect authorization Reliance on untrusted inputs (aka tainted inputs) Best coding Practice 25
26 Software has to be bug free! Write bug free code Review Code to find Programming Errors Formal Review is required, to avoid human errors Programming Standards MISRA CERT CWE etc 26
27 Why Programming Standards? 27
28 Why Programming Standards?
29 MISRA C :2012 MISRA C:2012 Enhanced Guidelines 236 pages in MISRA C: pages in MISRA C:2004 C90 / C99 support Total of 159 Guidelines 143 Rules 16 Directives Each guideline classed as Mandatory, Required, or Advisory Rules classed as Undecidable or Decidable LDRA is represented on the MISRA C working group - three committee members. The compliance to the standard is published on the LDRA website. 29
30 MISRA C :2012 AMD 2 Establishes 14 new C coding rules to extend the coverage of security concerns highlighted by the ISO C Secure Guidelines Addresses specific issues pertaining to the use of untrustworthy data a well-known security vulnerability Is supported by MISRA C:2012 Addendum 2, which maps the coverage by MISRA C:2012 of ISO/IEC 17961:2013 Is an enhancement to and fully compatible with all existing editions of the MISRA language guidelines 30
31 Other C Coding Standards There are numerous other C coding standards, ex: CERT C Secure Coding Standard Reference standard for Security Supported by some compilers HIS (Hersteller Initiative Software) German Automotive standard Netrino Coding Standard Embedded standard also containing naming conventions and style guidelines Company Specific Standard Very popular is a company specific standard, based on MISRA 31
32 C++ Coding Standards - I JSF++ AV (F-35 Lightning II) project from Lockheed Martin Incorporates appropriate MISRA C rules Incorporates style rules 221 rules Validated by Bjarne Stroustrup (language inventor) LM Train Control Program (LMTCP) This coding standard has been devised by Lockheed Martin Maritime Systems & Sensors and is based mainly upon the JSF++ AV and HIC++ Standards together with a number of MISRA C:2004 and Reinhardt rules 408 rules 32
33 C++ Coding Standards - II MISRA C++:2008 This standard was released on 5 June 2008 and is an integration of JSF++ AV, HIC++ and other standards donated to the project by major international companies 228 rules High Integrity C++ (HIC++) Version 4 (October 2013) 155 rules (Reduced from 202) Covers C++11 LDRA is represented on the MISRA C++ working group chairman and committee members. 33
34 Advantage of Compliance with Coding Standard Program will behave in predictable manner Minimum or no software bug Portable Code 34
35 Code Review Recommendations DO178 C IEC ISO IEC EN Table A Source code conforms to standards Table B.1 1- Use of coding standard to reduce likelihood of errors Part 6 Table 1b - Use of language subsets software development standards Table A Coding Standard 35
36 Coding Guidelines for Cybersecurity Coding Guidelines CERT Secure Coding Standard Java, C/C++, Perl, Android MISRA Coding Standard with AMD 1 Open Web Application Security Project (OWASP) OWASP Code Review 36
37 Testing Validation & Verification
38 Testing Requirement based testing Testing to achieve 100 % Code Coverage Functional Testing 38
39 Requirement based testing Define Requirement Develop Code for Requirement Write Test Case to validate requirement Verify requirement by running Test case 39
40 Code Coverage Test complete code Run every statement/branch of the code in the lab Observe the behaviour of code Objective should be achieving100 Code Coverage 40
41 Advantage of 100 % Code Coverage Complete Testing Testing of complete portion of code Finding run time errors 41
42 Functional Testing Testing smallest software unit Correctness Robustness Error Guessing Fault Injection Test Analysis of Boundary Value 42
43 Low-level Testing Requirement Based Low level testing Verify Low Level Requirements Testing on Actual Hardware White Box and Black Box Achieve structural coverage objectives, verify low level requirements and greatly reduce verification costs 43
44 Advantage of Unit/Integration Testing Developed functions will be correct Functions will be tested against valid and invalid values Interface Testing find issue in Integration 44
45 Code Coverage and Unit Testing Recommendations NIST Special Publication Chapter 3 - Perform Security focused verification, Penetration Testing, misuse and abuse case testing, temper resistance testing DO178 C Table A 7 - Test coverage of Software Structure ( Statement, Decision, MCDC etc.) ISO Section 9 Table 12 Software unit Testing ( Coverage metrics Statement, Branch, MCDC) IEC Table B Structural Test coverage ( Statement, Decision, MCDC etc.) IEC Software integration and Unit testing EN Table A.21 - Test Coverage for Code ( Statement, Decision, Path etc.) 45
46 Any Questions Q & A 46
47 Contact Us Need more information?.com 47
Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd
Don t Be the Developer Whose Rocket Crashes on Lift off 2015 LDRA Ltd Cost of Software Defects Consider the European Space Agency s Ariane 5 flight 501 on Tuesday, June 4 1996 Due to an error in the software
More informationCoding Standards in FACE Conformance. John Thomas, Chris Edwards, and Shan Bhattacharya
Coding Standards in FACE Conformance John Thomas, Chris Edwards, and Shan Bhattacharya LDRA Overview Provider of Software Quality, Compliance Management & Testing Solutions Established 1975 ISO 9001 certified
More informationCoding Standards in FACE Conformance. John Thomas, Chris Edwards, and Shan Bhattacharya
Coding Standards in FACE Conformance John Thomas, Chris Edwards, and Shan Bhattacharya LDRA Overview Provider of Software Quality, Compliance Management & Testing Solutions Established 1975 ISO 9001 certified
More informationBy V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.
By V-cubed Solutions, Inc. Page1 Purpose of Document This document will demonstrate the efficacy of CODESCROLL CODE INSPECTOR, CONTROLLER TESTER, and QUALITYSCROLL COVER, which has been developed by V-cubed
More informationAutomating Best Practices to Improve Design Quality
Automating Best Practices to Improve Design Quality 임베디드 SW 개발에서의품질확보방안 이제훈차장 2015 The MathWorks, Inc. 1 Key Takeaways Author, manage requirements in Simulink Early verification to find defects sooner
More informationCertified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0
Surname, Name: Gender: male female Company address: Telephone: Fax: E-mail-address: Invoice address: Training provider: Trainer: Certified Automotive Software Tester Sample Exam Paper Syllabus Version
More informationStructural Coverage Analysis for Safety-Critical Code - Who Cares? 2015 LDRA Ltd 1
Structural Coverage Analysis for Safety-Critical Code - Who Cares? 2015 LDRA Ltd 1 What is Structural Coverage? Measurement of Test Effectiveness How effectively did tests exercise code? Exercised, entry
More informationCERTIFIED. Faster & Cheaper Testing. Develop standards compliant C & C++ faster and cheaper, with Cantata automated unit & integration testing.
CERTIFIED Faster & Cheaper Testing Develop standards compliant C & C++ faster and cheaper, with Cantata automated unit & integration testing. Why Industry leaders use Cantata Cut the cost of standards
More informationModel-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.
Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc. Tucson, AZ USA 2009 The MathWorks, Inc. Model-Based Design for High Integrity Software
More information정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석
정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석 Develop high quality embedded software 이영준 Principal Application Engineer 2015 The MathWorks, Inc. 1 Agendas Unit-proving of AUTOSAR Component and Runtime error Secure Coding
More informationVerification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.
Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd. 2015 The MathWorks, Inc. 1 Designing complex systems Is there something I don t know about
More informationIIRA and RAMI 4.0 Secure IIoT Applications Need Secure Application Code Mark.Richardson@ldra.com IIRA: Industrial Internet Reference Architecture RAMI: Reference Architecture Model for Industrie IIoT:
More informationCERTIFICATION ISSUES IN AUTOMOTIVE SOFTWARE
CERTIFICATION ISSUES IN AUTOMOTIVE SOFTWARE Speaker: Mario Fusani Systems and Software Evaluation Centre ISTI CNR, Pisa, Italy mario.fusani@isti.cnr.it 1 CONTENTS Certification What is certification? Definitions
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More informationAutomating Best Practices to Improve Design Quality
Automating Best Practices to Improve Design Quality Adam Whitmill, Senior Application Engineer 2015 The MathWorks, Inc. 1 Growing Complexity of Embedded Systems Emergency Braking Body Control Module Voice
More informationWHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development
WHITE PAPER 10 Reasons to Use Static Analysis for Embedded Software Development Overview Software is in everything. And in many embedded systems like flight control, medical devices, and powertrains, quality
More informationSimulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1
Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 2012 The MathWorks, Inc. 1 Agenda Formal Verification Key concept Applications Verification of designs against (functional) requirements Design error detection Test
More informationA Model-Based Reference Workflow for the Development of Safety-Related Software
A Model-Based Reference Workflow for the Development of Safety-Related Software 2010-01-2338 Published 10/19/2010 Michael Beine dspace GmbH Dirk Fleischer dspace Inc. Copyright 2010 SAE International ABSTRACT
More informationautomatisiertensoftwaretests
FunktionaleSicherheitmit automatisiertensoftwaretests SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICAION RTCA DO-178B RTCA Dynamisch& Statisch 0 Agenda Übersicht über Sicherheitsstandards
More informationHICPP, JSF++ and MISRA C++: a study of rule overlaps and effective compliance
WHITE PAPER HICPP, JSF++ and MISRA C++: a study of rule overlaps and effective compliance By Wojciech Basalaj, Senior Technical Consultant November 2011 Any organization wishing to adopt best practices
More informationDarshan Institute of Engineering & Technology for Diploma Studies
CODING Good software development organizations normally require their programmers to follow some welldefined and standard style of coding called coding standards. Most software development organizations
More informationVerification and Validation of High-Integrity Systems
Verification and Validation of High-Integrity Systems Chethan CU, MathWorks Vaishnavi HR, MathWorks 2015 The MathWorks, Inc. 1 Growing Complexity of Embedded Systems Emergency Braking Body Control Module
More informationIDE for medical device software development. Hyun-Do Lee, Field Application Engineer
IDE for medical device software development Hyun-Do Lee, Field Application Engineer Agenda SW Validation Functional safety certified tool IAR Embedded Workbench Code Analysis tools SW Validation Certifications
More informationIntro to Proving Absence of Errors in C/C++ Code
Intro to Proving Absence of Errors in C/C++ Code Develop high quality embedded software Kristian Lindqvist Senior Pilot Engineer MathWorks 2016 The MathWorks, Inc. 1 The Cost of Failure Ariane 5: Overflow
More informationProduction Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer
Production Code Generation and Verification for Industry Standards Sang-Ho Yoon Senior Application Engineer 2012 The MathWorks, Inc. 1 High-Integrity Applications Often Require Certification Software-based
More informationUsing Model-Based Design in conformance with safety standards
Using Model-Based Design in conformance with safety standards MATLAB EXPO 2014 Kristian Lindqvist Senior Engineer 2014 The MathWorks, Inc. 1 High-Integrity Applications Software-based systems that are
More informationModel-Based Design for Safety Critical Automotive Applications
Model-Based Design for Safety Critical Automotive Applications Mirko Conrad Senior Team Lead Simulink Certification and Standards 2008 The MathWorks, Inc. Model-Based Design for Safety-Critical Applications
More informationProcurement Language for Supply Chain Cyber Assurance
Procurement Language for Supply Chain Cyber Assurance Procurement Language for Supply Chain Cyber Assurance Introduction For optimal viewing of this PDF, please view in Adobe Acrobat. This document serves
More informationSimulink Verification and Validation
Simulink Verification and Validation Mark Walker MathWorks 7 th October 2014 2014 The MathWorks, Inc. 1 V Diagrams 3 When to Stop? A perfectly tested design would never be released Time spent on V&V is
More informationAutomatización de Métodos y Procesos para Mejorar la Calidad del Diseño
Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño Luis López 2015 The MathWorks, Inc. 1 Growing Complexity of Embedded Systems Emergency Braking Body Control Module Voice Recognition
More informationFrequently Asked Questions. AUTOSAR C++14 Coding Guidelines
Frequently Asked Questions AUTOSAR C++14 Coding Guidelines General Q: What is AUTOSAR? A: AUTOSAR (AUTomotive Open System ARchitecture) is a partnership of over 180 automotive manufacturers, automotive
More informationCERT C++ COMPLIANCE ENFORCEMENT
CERT C++ COMPLIANCE ENFORCEMENT AUTOMATED SOURCE CODE ANALYSIS TO MAINTAIN COMPLIANCE SIMPLIFY AND STREAMLINE CERT C++ COMPLIANCE The CERT C++ compliance module reports on dataflow problems, software defects,
More informationChapter 8 Software Testing. Chapter 8 Software testing
Chapter 8 Software Testing 1 Topics covered Introduction to testing Stages for testing software system are: Development testing Release testing User testing Test-driven development as interleave approach.
More informationVerification and Test with Model-Based Design
Verification and Test with Model-Based Design Flight Software Workshop 2015 Jay Abraham 2015 The MathWorks, Inc. 1 The software development process Develop, iterate and specify requirements Create high
More informationVector Software. Using VectorCAST to Satisfy Software Verification and Validation for ISO W H I T E P A P E R
Vector Software W H I T E P A P E R Using VectorCAST to Satisfy Software Verification and Validation for ISO 26262 Purpose This document is intended to serve as a reference to show how the VectorCAST products
More informationCTFL -Automotive Software Tester Sample Exam Paper Syllabus Version 2.0
Surname, Forename: Gender: male female Company address: Telephone: Fax: E-mail-address: Invoice address: Training provider: Trainer: CTFL -Automotive Software Tester Sample Exam Paper Syllabus Version
More informationSoftware Security and CISQ. Dr. Bill Curtis Executive Director
Software Security and CISQ Dr. Bill Curtis Executive Director Why Measure IT Applications? Six Digit Defects now affect Board of Directors CEO, COO, CFO Business VPs Corporate Auditors CIO accountable
More informationSAMATE (Software Assurance Metrics And Tool Evaluation) Project Overview. Tim Boland NIST May 29,
SAMATE (Software Assurance Metrics And Tool Evaluation) Project Overview Tim Boland NIST May 29, 2012 http://samate.nist.gov t.boland@nist.gov 1 NationaI Institute of Standards and Technology (NIST) NIST,
More informationLeveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group
Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group 2014 The MathWorks, Inc. 1 The Cost of Failure News reports: Recall Due to ECU software
More information1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake
Sample ISTQB examination 1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake 2 Regression testing should
More informationVerification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1
Verification and Validation Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1 Verification vs validation Verification: "Are we building the product right?. The software should
More informationSoftware Testing for Developer Development Testing. Duvan Luong, Ph.D. Operational Excellence Networks
Software Testing for Developer Development Testing Duvan Luong, Ph.D. Operational Excellence Networks Contents R&D Testing Approaches Static Analysis White Box Testing Black Box Testing 4/2/2012 2 Development
More informationImplementation and Verification Daniel MARTINS Application Engineer MathWorks
Implementation and Verification Daniel MARTINS Application Engineer MathWorks Daniel.Martins@mathworks.fr 2014 The MathWorks, Inc. 1 Agenda Benefits of Model-Based Design Verification at Model level Code
More informationBUILDING FUNCTIONAL SAFETY PRODUCTS WITH WIND RIVER VXWORKS RTOS
BUILDING FUNCTIONAL SAFETY PRODUCTS WITH WIND RIVER VXWORKS RTOS Alex Wilson Director, Market Development 2017 WIND RIVER. ALL RIGHTS RESERVED. For over 30 years, Wind River has helped the world's technology
More informationLecture 15 Software Testing
Lecture 15 Software Testing Includes slides from the companion website for Sommerville, Software Engineering, 10/e. Pearson Higher Education, 2016. All rights reserved. Used with permission. Topics covered
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationGuidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process
Guidelines for deployment of MathWorks R2010a toolset within a DO-178B-compliant process UK MathWorks Aerospace & Defence Industry Working Group Guidelines for deployment of MathWorks R2010a toolset within
More informationlnteroperability of Standards to Support Application Integration
lnteroperability of Standards to Support Application Integration Em delahostria Rockwell Automation, USA, em.delahostria@ra.rockwell.com Abstract: One of the key challenges in the design, implementation,
More informationProgramming Language Vulnerabilities within the ISO/IEC Standardization Community
Programming Language Vulnerabilities within the ISO/IEC Standardization Community Stephen Michell International Convenor JTC 1/SC 22 WG 23 Programming Language Vulnerabilities stephen.michell@maurya.on.ca
More informationSecure Development Processes
Secure Development Processes SecAppDev2009 What s the problem? Writing secure software is tough Newcomers often are overwhelmed Fear of making mistakes can hinder Tend to delve into security superficially
More informationMISRA C:2012 Addendum 2
Permit / Example / C:2012 / R.10.6.A.1 MISRA C:2012 Addendum 2 Coverage of MISRA C:2012 (including Amendment 1) against ISO/IEC TS 17961:2013 C Secure 2 nd Edition, January 2018 First published January
More informationTopics in Software Testing
Dependable Software Systems Topics in Software Testing Material drawn from [Beizer, Sommerville] Software Testing Software testing is a critical element of software quality assurance and represents the
More informationConsiderations in automotive embedded development Global Automotive Director Kiyo Uemura
Considerations in automotive embedded development Global Automotive Director Kiyo Uemura Agenda 1. IAR Systems Introduction 2. Background & ISO 26262 3. Software Development at the software level 4. Supporting
More informationCoverity Static Analysis Support for MISRA Coding Standards
Coverity Static Analysis Support for MISRA Coding Standards Fully ensure the safety, reliability, and security of software written in C and C++ Overview Software is eating the world. Industries that have
More informationSecure Development Lifecycle
Secure Development Lifecycle Strengthening Cisco Products The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness.
More informationS1.1: RESEARCH AND DEVELOPMENT IN EUROPE FOR COMPETITIVE MANUFACTURING. Competitiveness of Industry by means of Cross Fertilisation
S1.1: RESEARCH AND DEVELOPMENT IN EUROPE FOR COMPETITIVE MANUFACTURING Competitiveness of Industry by means of Cross Fertilisation STORYLINE: FOCUS ON KEY ENABLERS FOR DISTRIBUTED INDUSTRIALS SYSTEMS HOW
More informationFacts About Testing. Cost/benefit. Reveal faults. Bottom-up. Testing takes more than 50% of the total cost of software development
Reveal faults Goals of testing Correctness Reliability Usability Robustness Performance Top-down/Bottom-up Bottom-up Lowest level modules tested first Don t depend on any other modules Driver Auxiliary
More informationNo Source Code. EEC 521: Software Engineering. Specification-Based Testing. Advantages
No Source Code : Software Testing Black-Box Testing Test-Driven Development No access to source code So test cases don t worry about structure Emphasis is only on ensuring that the contract is met Specification-Based
More informationSoftware Testing. Software Testing. in the textbook. Chapter 8. Verification and Validation. Verification and Validation: Goals
Software Testing in the textbook Software Testing Chapter 8 Introduction (Verification and Validation) 8.1 Development testing 8.2 Test-driven development 8.3 Release testing 8.4 User testing 1 2 Verification
More informationVerification and Validation. Assuring that a software system meets a user s needs. Verification vs Validation. The V & V Process
Verification and Validation Assuring that a software system meets a user s needs Ian Sommerville 1995/2000 (Modified by Spiros Mancoridis 1999) Software Engineering, 6th edition. Chapters 19,20 Slide 1
More informationCS SOFTWARE ENGINEERING QUESTION BANK SIXTEEN MARKS
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CS 6403 - SOFTWARE ENGINEERING QUESTION BANK SIXTEEN MARKS 1. Explain iterative waterfall and spiral model for software life cycle and various activities
More informationFormal Verification and Automatic Testing for Model-based Development in compliance with ISO 26262
Formal Verification and Automatic Testing for Model-based Development in compliance with ISO 26262 Is your software safe? Do you have evidence? 2 BTC Embedded Systems AG proprietary all rights reserved
More informationPeople tell me that testing is
Software Testing Mark Micallef mark.micallef@um.edu.mt People tell me that testing is Boring Not for developers A second class activity Not necessary because they are very good coders 1 What is quality?
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationVerification, Validation, and Test with Model-Based Design
2008-01-2709 Verification, Validation, and Test with Model-Based Design Copyright 2008 The MathWorks, Inc Tom Erkkinen The MathWorks, Inc. Mirko Conrad The MathWorks, Inc. ABSTRACT Model-Based Design with
More informationPart 5. Verification and Validation
Software Engineering Part 5. Verification and Validation - Verification and Validation - Software Testing Ver. 1.7 This lecture note is based on materials from Ian Sommerville 2006. Anyone can use this
More informationAerospace Software Engineering
16.35 Aerospace Software Engineering Verification & Validation Prof. Kristina Lundqvist Dept. of Aero/Astro, MIT Would You...... trust a completely-automated nuclear power plant?... trust a completely-automated
More informationFault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO standard
Fault-Injection testing and code coverage measurement using Virtual Prototypes on the context of the ISO 26262 standard NMI Automotive Electronics Systems 2013 Event Victor Reyes Technical Marketing System
More informationFrom Design to Production
From Design to Production An integrated approach Paolo Fabbri Senior Engineer 2014 The MathWorks, Inc. 1 Do you know what it is? Requirements System Test Functional Spec Integration Test Detailed Design
More informationBlack Box Testing. EEC 521: Software Engineering. Specification-Based Testing. No Source Code. Software Testing
Black Box Testing EEC 521: Software Engineering Software Testing Black-Box Testing Test-Driven Development Also known as specification-based testing Tester has access only to running code and the specification
More informationFunctional Safety and Safety Standards: Challenges and Comparison of Solutions AA309
June 25th, 2007 Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309 Christopher Temple Automotive Systems Technology Manager Overview Functional Safety Basics Functional
More information2015 The MathWorks, Inc. 1
2015 The MathWorks, Inc. 1 신호처리응용을위한 Model Based Design Workflow 이웅재부장 2015 The MathWorks, Inc. 2 CASE: Software in Signal Processing Application (Medical) Medical devices are increasingly driven by complex
More informationTools for Security Testing
Tools for Security Testing 2 Due to cloud and mobile computing, new security breaches occur daily as holes are discovered and exploited. Security Testing Tools-When, What kind and Where Due to cloud and
More informationCompatible Qualification Metrics for Formal Property Checking
Munich - November 18, 2013 Formal Property Checking Senior Staff Engineer Verification Infineon Technologies Page 1 Overview Motivation Goals Qualification Approaches Onespin s Coverage Feature Certitude
More informationFOUR INDEPENDENT TOOLS TO MANAGE COMPLEXITY INHERENT TO DEVELOPING STATE OF THE ART SYSTEMS. DEVELOPER SPECIFIER TESTER
TELECOM AVIONIC SPACE AUTOMOTIVE SEMICONDUCTOR IOT MEDICAL SPECIFIER DEVELOPER FOUR INDEPENDENT TOOLS TO MANAGE COMPLEXITY INHERENT TO DEVELOPING STATE OF THE ART SYSTEMS. TESTER PragmaDev Studio is a
More informationLeveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance
Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance Prashant Mathapati Senior Application Engineer MATLAB EXPO 2013 The MathWorks, Inc. 1 The problem
More informationGAIO. Solution. Corporate Profile / Product Catalog. Contact Information
GAIO Solution Corporate Profile / Product Catalog Contact Information GAIO TECHNOLOGY Headquarters Tennouzu First Tower 25F 2-2-4 Higashi-Shinagawa, Shinagawa-ku, Tokyo 140-0002 Japan Tel: +81-3-4455-4767
More informationSDLC Maturity Models
www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications
More informationJay Abraham 1 MathWorks, Natick, MA, 01760
Jay Abraham 1 MathWorks, Natick, MA, 01760 Stringent performance requirements and shorter development cycles are driving the use of modeling and simulation. Model-Based Design core of this development
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More information18-642: Code Style for Compilers
18-642: Code Style for Compilers 9/6/2018 2017-2018 Philip Koopman Programming can be fun, so can cryptography; however they should not be combined. Kreitzberg and Shneiderman 2017-2018 Philip Koopman
More informationMISRA C:2012 WHITE PAPER
WHITE PAPER MISRA C:2012 Since its launch in 1998, MISRA C has become established as the most widely used set of coding guidelines for the C language throughout the world. Originally developed within the
More informationChapter 10. Testing and Quality Assurance
Chapter 10 Testing and Quality Assurance Different styles of doing code review Human Reviewer Code Inspection with continuous integration infrastructure Pinger s testing set up Testing Related topics 1.
More informationTest Design Techniques ISTQB (International Software Testing Qualifications Board)
Test Design Techniques ISTQB (International Software Testing Qualifications Board) Minsoo Ryu Hanyang University Testing Process Planning and Control Analysis and Design Implementation and Execution Evaluating
More informationSoftware architecture in ASPICE and Even-André Karlsson
Software architecture in ASPICE and 26262 Even-André Karlsson Agenda Overall comparison (3 min) Why is the architecture documentation difficult? (2 min) ASPICE requirements (8 min) 26262 requirements (12
More informationThe exida. IEC Functional Safety and. IEC Cybersecurity. Certification Programs
The exida IEC 61508 - Functional Safety and IEC 62443- Cybersecurity Certification Programs V1 R1 November 10, 2017 exida Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationCODE / CONFIGURATION COVERAGE
CODE / CONFIGURATION COVERAGE In all affairs it's a healthy thing now and then to hang a question mark on the things you have long taken for granted. - Bertrand Russell, 1872-1970 NASA Technical Fellow
More informationAchieving EN Compliance with QA C and QA C++
WHITE PAPER Achieving EN 50128 Compliance with QA C and QA C++ Jason Masters / Jill Britton March 2015 This paper discusses the Functional Safety Standard EN 50128:2011 ( Railway applications - Communication,
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More informationSECURITY TRAINING SECURITY TRAINING
SECURITY TRAINING SECURITY TRAINING Addressing software security effectively means applying a framework of focused activities throughout the software lifecycle in addition to implementing sundry security
More informationEnabling Safe, Secure, Smarter Cars from Silicon to Software. Jeff Hutton Synopsys Automotive Business Development
Enabling Safe, Secure, Smarter Cars from Silicon to Software Jeff Hutton Synopsys Automotive Business Development Safe Secure Smarter Systemic Complexity ADAS Autonomous V2X Infotainment Safe Secure Smarter
More informationAndrew van der Stock OWASP Foundation
Andrew van der Stock is among the many contributors to the OWASP project over the years. Andrew has presented at many conferences, including BlackHat USA, linux.conf.au, and AusCERT, and is a leading Australian
More informationSimplifying Functional Safety Certification with the ARM Keil µvision 5 IDE and the LDRA tool suite
Simplifying Functional Safety Certification with the ARM Keil µvision 5 IDE and the LDRA tool suite LDRA 2017 LDRA tool suite v9.7.0 August 2017 1 Goals Starting with some simple requirements written in
More informationFormal Methods and their role in Software and System Development. Riccardo Sisto, Politecnico di Torino
Formal Methods and their role in Software and System Development Riccardo Sisto, Politecnico di Torino What are Formal Methods? Rigorous (mathematical) methods for modelling and analysing (computer-based)
More informationCode Audit Report. Muhammad Uzair. May 25, 2017
Code Audit Report Muhammad Uzair May 25, 2017 Abstract Many applications are being used by individuals and businesses these days. Also, these applications becoming a part of daily life. These applications
More informationIncreasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks
Increasing Embedded Software Confidence Model and Code Verification Daniel Martins Application Engineer MathWorks Daniel.martins@mathworks.fr 1 What is the Cost of Software Failure Ariane 5 $7,500,000,000
More informationSeven Roadblocks to 100% Structural Coverage (and how to avoid them)
Seven Roadblocks to 100% Structural Coverage (and how to avoid them) White Paper Structural coverage analysis (SCA also referred to as code coverage) is an important component of critical systems development.
More informationOntology Summit 2013: Ontology Evaluation Across the Ontology Lifecyle Track B: Extrinsic Aspects of Ontology Evaluation
Ontology Summit 2013: Ontology Evaluation Across the Ontology Lifecyle Track B: Extrinsic Aspects of Ontology Evaluation Black Box Testing Paradigm in the TCPC #014168-PA Mary Balboni, Doug Toppin, Thanh-Van
More information