Trustworthiness Benchmarking of Safety Critical Systems
Marco Vieira (University of Coimbra, Portugal)
Trustworthiness is a paramount concern for users and customers in the selection of a software solution, specially in the context of complex and dynamic environments, such as Cloud and IoT.
However, assessing and benchmarking trustworthiness (worthiness of software/service for being trusted) is a challenging task, mainly due to the variety of application scenarios (e.g., safety-critical, business-critical), the large number of determinative quality attributes (e.g., safety, security, performance), and last, but foremost, due to the subjective notion of trust and trustworthiness.
In this talk, we will address trustworthiness as a measurable notion and discuss approaches for the assessment and benchmarking of software systems. The main goal is to better understand how trustworthiness scores can be computed and the main components involved in a trustworthiness benchmarking process.
Marco Vieira is a Full Professor at the University of Coimbra, Portugal. His current research interests include dependability and security assessment and benchmarking, fault injection and vulnerability & attack injection, robustness and security testing, online failure prediction, and software verification and validation, subjects on which he has authored or co-authored more than 180 papers in refereed conferences and journals.
He has coordinated several research projects, both at the national and European level. Marco Vieira has served has PC-chair of the major conferences in the dependability area and acted as referee for many international conferences and journals.
An Open, Transparent, Industry-Driven Approach to AV Safety
Jack Weast (Intel, USA)
At Intel and Mobileye, saving lives drives us. But in the world of automated driving, we believe safety is not merely an impact of AD, but the bedrock on which we all build this industry. And so we proposed Responsibility-Sensitive Safety (RSS), a formal model to define safe driving and what rules an automated vehicle, independent of brand or policy, should abide to always keep its passengers safe. We intend this open, non-proprietary model to drive cross-industry discussion; let’s come together as an industry and use RSS as a starting point to clarify safety today, to enable the autonomous tomorrow.
The Sustainability of Safety, Security and Privacy
Ross Anderson (University of Cambridge, UK)
Now that we’re putting software and network connections into cars and medical devices, we’ll have to patch vulnerabilities, as we do with phones. But we can't let vendors stop patching them after three years, as they do with phones.
So in May, the EU passed Directive 2019/771 on the sale of goods. This gives consumers the right to software updates for goods with digital elements, for the time period the consumer might reasonably expect.
In this talk I'll describe the background, including a study we did for the European Commission in 2016, and the likely future effects.
As sustainable safety, security and privacy become a legal mandate, this will create real tension with existing business models and supply chains. It will also pose a grand challenge for computer scientists.
What sort of tools and methodologies should you use to write software for a car that will go on sale in 2023, if you have to support security patches and safety upgrades till 2043?