|
||
|
| Home |
| Program |
| Registration |
| Call for Papers |
| Submit Papers |
|
Question or Comment
|
Can Certification Be Made More Scientific?John Rushby SRI International Stringent certification must consider every contingency and malfunction that may arise among and between the system, its components, and its environment. These considerations involve human judgment (to pare the vast space of potentially relevant issues), technical analysis (to provide evidence for correct and appropriate behavior in all cases), and human judgment again (to evaluate the evidence produced). I will sketch some conventional processes for certification and outline more recent approaches based on "safety cases". All aspects of these processes are hugely expensive and I will suggest how the costs might be reduced by expanding and automating the technical analysis component (i.e., making the overall activity "more scientific"). I will also describe issues in attempting to make certification compositional. |