back icon
close icon

Capture phrases in quotes for more specific queries (e.g. "rocket ship" or "Fred Lynn")

Conference Paper  August 1, 2008

How Do We Certify for the Unexpected?

SRI Authors John Rushby


By their very nature, loss of control accidents are unanticipated and rare, and their precursors are rare also. Onboard systems to detect and mitigate these precursors must work—and work correctly—when required but must not introduce new malfunctions or unintended functions. How can we provide assurance that software invoked in such rare and unanticipated circumstances is fit for certification? We argue that software systems such as these are but an extreme example of general trends that undermine much of the standards-based approach to software assurance used in aircraft certification. These trends include component-based software, complex integration, continuous modification, and load- and run-time adaptation. We propose that safety cases based on explicit goals, evidence, and argument provide a firmer foundation for assurance, and a framework within which it is possible to address the rare and the unexpected. Specifically, we propose that just as methods to prevent loss of control move certain software adaptation processes to runtime, so should some of the assurance and verification processes move to runtime also. The paper outlines a technical approach to such “just-in-time certification.”

How can we help?

Once you hit send…

We’ll match your inquiry to the person who can best help you. Expect a response within 48 hours.

Our Privacy Policy