Abstract

Trustworthiness is a paramount concern for users and customers in the selection of a software solution, specially in the  context of complex and dynamic environments, such as Cloud and IoT.  

However, assessing and benchmarking trustworthiness (worthiness of  software/service for being trusted) is a challenging task, mainly due to the variety of application scenarios (e.g., safety-critical, business-critical), the large number of determinative quality attributes (e.g., safety, security, performance), and last, but foremost, due to the subjective notion of trust and trustworthiness.  

In this talk, we will address trustworthiness as a measurable notion  and discuss approaches for the assessment and benchmarking of  software systems. The main goal is to better understand how trustworthiness scores can be computed and the main components  involved in a trustworthiness benchmarking process.

Biography

Marco Vieira is a Full Professor at the University of Coimbra, Portugal. His current research interests include dependability and  security assessment and benchmarking, fault injection and vulnerability & attack injection, robustness and security testing, online failure prediction, and software verification and validation, subjects on which he has authored or co-authored more than 180 papers in refereed conferences and journals.

He has coordinated several research projects, both at the national and European level.  Marco Vieira has served has PC-chair of the major conferences in the  dependability area and acted as referee for many international conferences and journals.

At Intel and Mobileye, saving lives drives us. But in the world of automated driving, we believe safety is not merely an impact of AD, but the bedrock on which we all build this industry. And so we proposed Responsibility-Sensitive Safety (RSS), a formal model to define safe driving and what rules an automated vehicle, independent of brand or policy, should abide to always keep its passengers safe. We intend this open, non-proprietary model to drive cross-industry discussion; let’s come together as an industry and use RSS as a starting point to clarify safety today, to enable the autonomous tomorrow.

Now that we’re putting software and network connections into cars and medical devices, we’ll have to patch vulnerabilities, as we do with phones. But we can't let vendors stop patching them after three years, as they do with phones.

So in May, the EU passed Directive 2019/771 on the sale of goods. This gives consumers the right to software updates for goods with digital elements, for the time period the consumer might reasonably expect.  

In this talk I'll describe the background, including a study we did for the European Commission in 2016, and the likely future effects.

As sustainable safety, security and privacy become a legal mandate, this will create real tension with existing business models and supply chains. It will also pose a grand challenge for computer scientists.

What sort of tools and methodologies should you use to write software for a car that will go on sale in 2023, if you have to support security patches and safety upgrades till 2043?