Forum Home  •   About  •   Mailing Lists  •   Meeting Materials  •   News  •   Next Meeting

Agenda

Agenda Version 1.2 -- (dated 16 October 2001)

For Amsterdam , the forum is taking the form of an open plenary on the topic of Safety , Safety Critical and/or Critical Infrastructure, which ties in the main conference theme of Active Loss Prevention which has sessions on the preceeding two days.

Wednesday October 24th

9:00 - 9:15 Introduction

This session led by Andrew Josey, forum director. The general session gives an introduction to the forum and a status report on current activities.

9:15 - 10:30 Keynote Speaker: Dr. Martin Timmerman, Dedicated Systems Experts

The keynote presentation will define what SAFE embedded systems are, and include an overview of actual and future markets for such systems. Today's technical solutions will be discussed together with new approaches. Different building blocks for SAFE embedded sytems will be reviewed. Emphasis will go to the fact that building safe systems heavily relies in the first place on good methodological approaches supported by adequate tools. The lack of these will be discussed in detail together with a list of challenges to be met.

Break

11:00 - 11:45 Safety Critical Software -- David Emery, Principal Engineer, The Mitre Corporation

11:45 - 12:30 Using LynxOS in Safety Critical Applications, Chris Clark, LynuxWorks

Lunch

2:00 - 2:45 The OSE Systems experience for taking an RTOS through DO-178B certification, Vance Hilderman, President of Enea TekSci.

This session will present the different strategies of RTOS certification. This will include the pros/cons for each certification path, the basic roadmap to performing a RTOS certification and the way OSE is going and what OSE has achieved.

Going through certification has requirements and creates changes on OSE's business and OSE certification provides increased benefits potential customers. But certification of a RTOS also implies some work that the RTOS customers have to do themselves as part of using a certifiable RTOS. With OSE Systems, this is greatly reduced.

Following the certification standards such as DO-178B and IEC-61508 has also benefits to the adoption of SEI/CMM processes in an organization and safety in other related markets such as telecom/datacom. Learn the Top-10 lessons learned and tips for achieving certification.

2:45 - 3:30 The Cost-Effectiveness of Precision, Peter Amey, Praxis Critical Systems Ltd.

It is generally assumed that critical systems will be more expensive to produce than non-critical systems. The steps needed to achieve certification are regarded as extra work and therefore an extra cost. For systems developed to Level A under DO-178B the extra work is sometimes claimed to increase the cost by 500%.

There is increasing evidence that it is possible to align the apparently conflicting goals of high integrity and low cost. Techniques which emphasise a stepwise "correctness by construction" approach can reduce cost through early error elimination while at the same time generating evidence which will assist with certification. The foundations for such an approache are precision of expression and logical reasoning throughout all stages of development; this is is stark contrast to the informal development followed by extensive test and debug that is prevalent today. Correctness by construction is facilitated by a kind of "pragmatic formalism" which uses tools and languages with precise mathematical foundations in straightforward, approachable ways.

Projects that have adoped the correctness by construction approach include the Lockheed C130J avionics update which achieved certification at less than a quarter of the cost of previous projects; the SHOLIS helicopter landing system in which formal verification activities were shown to be substantially more cost-effective than testing; and the Mondex Certification Authority, a mixed-language, COTS-based development designed to meet the ITSEC E6 security requirements.

Each of these projects shows that precision of expression can both reduce cost and increase quality.

Break

4:00 - 5:00 Panel Discussion

5:00 Close

Thursday October 25th -- Working Group Sessions

0900-12:30 (includes a break at 10:30)

Safety-Critical COTS initial work session (2-3 hrs)

Session Leader: Dave Emery

The objectives of this session are as follows:

1. Develop a work plan for the safey critical work, including (a) COTS vendor deliverables, (b) common criteria for various safety levels -across- software safety standards (c) other activities?

2. Develop an initial set of deliverables for safety-critical COTS, based on (RTOS) vendor experience and prime system integrator requirements.

15:00-16:15

Requirements for Hard Real-time Behavior in Java®

Session leaders: Glen Logan/Robert Allen.

This will continue the discussion from the last meeting looking at the requirements.

1. Achieving Adequate Virtual Machine Performance

   1. Hardware and Software Accelerators

      1. Just In Time (JIT) Compilers

      2. Hot Spot Compilers

      3. Hardware Accelerators

      4. Specialized Processors (Java Machines)

   2. Constraining the Virtual Machine Environment

      1. Java 2 Platform, Micro Edition (J2ME) Configurations and Profiles

      2. Other Approaches

2. Certification Issues for High Integrity Systems

   1. Issues from Commercial Aviation

      1. FAA Certification Concerns

   2. Issues from Other Industries

16:30-

Security Working Group

The security working group will be holding a teleconference.

1. Status of RFI to Vendor RT Community --

   • RFI reviewed by group

   • Changes to RFI

   • Distribution of RFI

2. Charter for RT security Group

   • Draft distributed

   • Discussion

   • Approval vote

3. Time line / Milestones Update

   • RFI schedule

   • Future meetings

   • Critical issues

4. Update on Security Working Group relationship with NIST's PCSRF (Process Control Security Requirements Forum) (Joe Bergmann)

5. Review actions of DII COE in the RT area and consider impact on our directions/approach.

6. Summary and assignments.

   ---

   Speaker Biographies

   (in alphabetical order)

   Peter Amey, Praxis Critical Systems Ltd.

   Peter Amey is an aeronautical engineer by original professional training. He served as an engineering officer in the Royal Air Force and spent several years at the Boscombe Down test establishment working on the certification of aircraft armament systems. Peter joined Program Validation Limited to develop SPARK and the SPARK Examiner and continues that work today with Praxis Critical Systems. As well developing SPARK he has used it on major programmes including Tornado, Eurofighter and the Lockheed C130J. Peter teaches SPARK and Ada on a regular basis and has lectured widely on the development of critical systems.

   David Emery, Principal Engineer, The Mitre Corporation

   David Emery is a Principal Engineer in MITRE's Army Information Systems department, providing systems and software engineering on a variety of military command and control and weapon systems. He previously worked for Hughes Aircraft of Canada, Siemens Research and Computer Sciences Corporation, and served on active duty with the U.S. Army.

   Mr. Emery received his B. S. in Mathematics from Norwich University, Northfield, VT in 1978. He was commissioned a Second Lieutenant, Field Artillery, and served in a variety of artillery and automation assignments on active duty. He became interested in Ada and large-scale software engineering problems while in the military, and his professional career has been involved in Ada, software engineering and software standardization.

   He is active in both the IEEE and the ACM, and has participated in several international standards activities. His IEEE activities include Technical Editor of IEEE P1003.5, the Ada Binding to POSIX and contibuted to the recently approved IEEE Std 1471, Recommended Practice for Architecture Descriptions for Software Intensive Systems. He has served as Secretary and Treasurer for ACM's Special Interest Group on Ada, and as a member of ACM's Technical Standards Committee. Within ISO, he has been a member of the US Delegation to ISO/IEC SC22 (Programming Languages and Interfaces) and to ISO/IEC SC22 WG9 (Ada), and has chaired WG9's Ada Uniformity Rapporteur Group.

   Mr. Emery has been honored with the IEEE Third Millenium Medal, Outstanding Contribution and Meritorious Service awards, and selection to the IEEE Computer Society's "Golden Core". SIGAda recently awarded him its Outstanding Contribution Award. He is published on Ada programming language bindings, software portability and architectural approaches for software-intensive systems. His paper Experiences Applying a Practical Architectural Method won Best Paper award at Ada-Europe '96.

   ---

   Vance Hilderman President of Enea TekSci.

   Vance Hilderman is the co-founder in 1990 and President of Enea TekSci, sister company of OSE Systems. Mr. Hilderman's degrees are in Electrical Engineering (BS), Computer Engineering (MS), and Business (MBA). Enea TekSci has 125 employees and is the largest independent safety critical embedded software consulting company in the US. Mr. Hilderman lead the engineering teams that pioneered commercial software product certification to stringent standards such as RTCA DO178B. He has lead or participated in many of Enea TekSci's projects, including over 100 different avionics, medical, and telecommunications embedded projects. TekSci lead or contributed to software development, verification, or safety certification of fifty commercial products in the past five years, including four off-the-shelf Real-Time Operating Systems (RTOSs).

   ---

   Dr. Martin Timmerman, Dedicated Systems Experts

   Martin is Founder and Chief Executive Officer of DS-Experts. He received a Bachelors degree in Telecommunications Engineering from the Royal Military Academy (RMA), Brussels, Belgium, and was subsequently awarded a Doctorate in Applied Science from Gent State University (1982).

   As a specialist in Computer Engineering, he established, in 1983, the System Development Centre for the Belgian Armed Forces. Today, he remains consultant to the Joint Staff in areas concerning Information System Methodologies and CASE tools. He has been the Belgian representative to NATO in several technical commissions.

   Martin is best known, however, for Dedicated Systems Experts. In fact, until 1st January 2000, the company was known by the name "Real Time Consult". The change of name directly reflects the evolution of real time and embedded systems.

   There is now a plethora of names and terminologies, leading to ambiguity & confusion (mobile v. ubiquitous v. nomadic v. fault tolerant v. real time v. deeply embedded v. smart appliance v ?). So as to remove a good deal of the ambiguity, the all-embracing term "dedicated system" has been coined by Martin : "the functionality is once and for all tied up in the system hardware and software".