Validation of Ultra-High Dependability
for Software-based Systems
By Lorenzo Strigini and Bev Littlewood; Communications
of the ACM, Vol. 36, No. 11, November 1993, pp. 69-80
Modern society depends on computers for a number of critical tasks in
which failure can have very high costs. As a consequence, high levels
of dependability (reliability, safety, etc.) are required from such computers,
including their software. Whenever a quantitative approach to risk is
adopted, these requirements must be stated in quantitative terms, and
a rigorous demonstration of their being attained is necessary. For software
used in the most critical roles, such demonstrations are not usually supplied.
The fact is that the dependability requirements often lie near the limit
of the current state of the art, or beyond, in terms not only of the ability
to satisfy them, but also, and more often, of the ability to demonstrate
that they are satisfied in the individual operational products (validation).
We discuss reasons why such demonstrations cannot usually be provided
with the means available: reliability growth models, testing with stable
reliability, structural dependability modelling, as well as more informal
arguments based on good engineering practice. We state some rigorous arguments
about the limits of what can be validated with each of such means. Combining
evidence from these different sources would seem to raise the levels that
can be validated; yet this improvement is not such as to solve the problem.
It appears that engineering practice must take into account the fact that
no solution exists, at present, for the validation of ultra-high dependability
in systems relying on complex software.
The full text of this paper is available in .pdf
See also: "Validation of ultra-high dependability..." - 20 years on