Introduction
Jack Fujieda, The Open Group/ReGIIS
Jack Fujieda provided a very good introduction to the presenters and introduced the topic by laying the groundwork for the challenges of Open Systems and the rewards if you can meet the challenge successfully.
Open Systems Dependability – A New Approach for Huge and Complex Software Systems
Dr. Mario Tokoro, President, Sony R&D
DEOS and D-Case for Open Systems Dependability
Dr. Yutaka Matsuno, University of Tokyo
Dr. Tokoro and Dr. Matsuno provided excellent presentations on how to increase the dependability of Open Systems through the (DEOS) approach. Instead of using the typical formal methods approach, which they believe assumes a closed system, they advocate for an approach where the level of dependability should be agreed by stakeholders with the help of assurance cases in the design and operational phases. And based on assurance cases they have started to develop D-Case which is a method and tool for dependability agreement among stakeholders. They also discussed a graphical notation, the Goal Structuring Notation (GSN), which is a safety argument notation. Additionally, they covered the level of risk or dependability, which can be determined by introducing a monitor into the system to gather evidence on the system’s dependability. The presentation introduced their demo of a D-Case system and discussed their plans for standardization as follows: D-Case/Agda available in March 2012 as open source, and plans for a Dependability plug-in for TOGAF®, which could be an instantiation of the DEOS Process.
Panel Discussion
Moderated by Dave Lounsbury (CTO, The Open Group) with Dr. Tokoro, Dr. Matsuno, Dr. Yamamoto (Nagoya University), Jack Fujieda, and Ed Roberts (Elparazim)
Dr. Tokoro’s and Dr. Matsuno’s presentations were followed by a panel of subject matter experts with some very intriguing questions from the moderator Dave Lounsbury – and some very interesting responses from the panel. There was a good mix of business and technical discussion. The enthusiasm for this new direction was quite evident and contagious.
There were no additional presentations during the panel session.
Enforcing Security Policies with a MILS Architecture
Dylan McNamee, Galois Inc.
Dylan McNamee provided a very good presentation on MILS, reinforcing the idea that MILS is a robust security architecture that is useful for enforcing a wide range of policies. He covered the following areas: security policy and policy enforcement mechanisms, a comparison between the traditional approaches to policy enforcement, and the MILS approach to enforcing security policy. The traditional approach, revealing many gaps in achieving high assurance security, is in stark contrast to MILS, which offers physically separate systems and separation kernels and can offer a higher degree of assurance that a system will maintain its integrity. Dylan reinforced the idea that, although MILS is a flexible architecture that enables sufficient evidence for assurance and is a building block for trustworthy systems, it is not a panacea.
Assurance Cases: Motivations, Technologies, Development
Ed Roberts, Elparazim
Ed Roberts provided a very informative presentation on assurance cases – starting with a description of how and why assurance cases have been evolving – and how the industry has been moving away from formal methods as the only new approaches that support using assurance cases – one of the newly evolving paradigms is a “Safety Case”. Ed offered a look at several technologies in his presentation: Stephen Toulmin’s Model, ARM (Argumentation Metamodel), SAEM (Software Assurance Evidence Metamodel), SACM (Structured Assurance Case Metamodel), GSN (Goal Structured Notation) and CAE (Claim, Argument, Evidence Notation), DIOS and D-CASE, and others.