Runtime Certification
John Rushby
Invited paper, RV 2008, held in association with ETAPS, Budapest,
Hungary, April 2008. Published in "Eighth Workshop on Runtime
Verification: RV08", Martin Leucker, Ed., Springer Verlag Lecture
Notes in Computer Science, vol. 5289, pp. 21--35.
Abstract
Software often must be certified for safety, security, or other
critical properties. Traditional approaches to certification require
the software, its systems context, and all their associated assurance
artifacts to be available for scrutiny in their final, completed
forms. But modern development practices often postpone the
determination of final system configuration from design time to
integration time, load time, or even runtime. Adaptive systems go
beyond this and modify or synthesize functions at runtime.
Developments such as these require an overhaul to the basic framework
for certification, so that some of its responsibilities also may be
discharged at integration-, load- or runtime.
We outline a suitable framework, in which the basis for certification
is changed from compliance with standards to the construction of
explicit goals, evidence, and arguments (generally called an
"assurance case"). We describe how runtime verification can be used
within this framework, thereby allowing certification partially to be
performed at runtime or, more provocatively, enabling "runtime
certification."
gzipped postscript,
or
plain postscript
or
PDF
or
crude ascii (for your Palm Pilot)
Slides
gzipped postscript,
or
plain postscript
or
PDF
or
crude ascii (for your Palm Pilot)
BibTeX Entry
TBD
Having trouble reading our papers?
Return to John Rushby's bibliography page
Return to the Formal Methods Program home page
Return to the Computer Science Laboratory home page