This document summarizes a panel discussion on software assurance and reliability. It discusses how reliability has traditionally focused on intended functions within stated conditions and time periods. However, modern software is more complex, ubiquitous, and dynamic. The document therefore questions whether reliability should instead focus on robustness, which aims to operate within a narrow band of predefined states, or resilience, which allows a system to adapt to an evolving environment and broad spectrum of states through monitoring and healing. Key challenges discussed include balancing composability with analyzability, and predictability with adaptability.

1. Software Assurance: What Should We Do next?
Software Design for Reliability
Ivica Crnkovic
Mälardalen University, Sweden
ivica.crnkovic@mdh.se, www.idt.mdh.se/~icc
COMPSAC July 24, Kyoto

2. 7/24/2013 COMPSAC 2013, Panel "Software Assurance - what should we do next?" , Kyoto 2
Panel Chair
Mohammad Zulkernine, Queen's University, Canada
Panelists
Ivica Crnkovic, Mälardalen University, Sweden
T.H. Tse, The University of Hong Kong, Hong Kong
Bruce McMillin, Missouri University of Science & Technology, USA
Tetsutaro Uehara, Kyoto University, Japan

3. Mälardalen University, Västerås,
Sweden
COMPSAC 2014
July 21-25
7/24/2013 3COMPSAC 2013, Panel "Software Assurance - what should we do next?" , Kyoto
ASE 2014
Sep 14-19

4. Reliability – is that enough?
• Reliability is defined as the probability that a
system will perform its intended function during a
specified period of time under stated conditions.
• Assumptions:
– Reliability is predicated on "intended function:” i.e. a
particular operation without failure.
– Reliability applies to a specified period of time.
– Reliability is restricted to operation under stated (or
explicitly defined) conditions.
7/24/2013 4COMPSAC 2013, Panel "Software Assurance - what should we do next?" , Kyoto

5. Microkernel Complexity - function call graph 2011
NICTA (ABN: 62 102 206 173)
(this is simple)
Software Complexity
7/24/2013 5COMPSAC 2013, Panel "Software Assurance - what should we do next?" , Kyoto
What is software of today?
The Blue Brain Project
http://bluebrain.epfl.ch/cms/lang/en/pid/56882

6. What is Software of Today?
7/24/2013 6
8 years of Unix evolution
http://www.levenez.com/unix/unix.pdfSoftware Evolution
COMPSAC 2013, Panel "Software Assurance - what should we do next?" , Kyoto

7. What is software of today?
7/24/2013 7
Software ubiquity
Augmented reality
Dynamic EnvironmentCOMPSAC 2013, Panel "Software Assurance - what should we do next?" , Kyoto

8. Reliability: Robustness vs. Resilience ?
7/24/2013
COMPSAC 2013, Panel "Software Assurance -
what should we do next?" , Kyoto
8
Robust & resistant systems”
states
• Highly controlled
• Operates in a narrow band
• Predefined states (“modes”)
• Top-down design
• Challenge: predict all states
caused by the environment
• A broad spectrum of possible equilibrium state
• Not necessary all states are predicted
• Adaptive and evolving systems
• impact of the system on the environment
• Challenge:
• Adaptation
• Optimal performance in different states
• Minimize unwanted impact on the
environment
“Resilient systems”

9. Software Design
7/24/2013 9
Reliability
Robustness
Adaptability
Resilience
COMPSAC 2013, Panel "Software Assurance - what should we do next?" , Kyoto

10. Challenges
• Design
– Bottom-up vs. top-down
– Composability vs. analyzability
– Static vs. dynamic deployment
– Robustness vs. adaptability
– Predictability vs. monitoring and healing
– Embedded vs. service-oriented
– Design by Contract
7/24/2013 10COMPSAC 2013, Panel "Software Assurance - what should we do next?" , Kyoto