ICT Risk and Dependability

Work in this area has been the main activity for more than twenty years. Previously it was undertaken by the section “Safety and Reliability of Computerised Systems”/ “Software Engineering Laboratory”. Since 2007 the activities belongs to the division ICT Risk and Dependability (RID).

The research activities have been based on the following principles:

I: To produce safe and reliable programs by

• fault avoidance through
• guidelines for software development
• quality assurance principles
• formal development methods
• fault detection through
• program analysis
• testing
• fault tolerance through
• software diversity
• safety checks

II: To get confidence in their safe application based on

• software reliability models
• safety assessment of programmable systems

Research Activities in RID

The research activities are for the major part made under the umbrella of the OECD Halden Reactor Project. Some current activities are:

• "integrating requirement engineering and risk assessment"
• "development of a tool supporting an approach for dependable requirement engineering"
• "software fault tolerance - with focus on assessment of source code"
• "development of methods for assessing the reliability of compound software"
• "assessment of integrated tool environments"

Examples of some past activities are:

• The establishment of a complete methodology for the practical application of algebraic specifications in formal software development, and a tools set, the HALDEN Prover, facilitating this methodology. This is a system that integrates an inductive theorem prover with various support tools and functions, using a graphical interface.
• Investigation of a method using Bayesian Belief Nets to combine qualitative and quantitative evidences into a reliability measure as the basis for safety assessment of digital systems. The method has been applied on realistic test cases.
• The establishment of a framework for model based risk analysis. This framework will be obtained through adapting, refining, extending, and combining methods for risk analysis developed within the safety domain, semiformal description methods, and computerised tools.
• Investigation of risk analysis methods that are applicable to situations where pre-developed software (e.g. Commercial Off-The-Shelf (COTS) software) is used in a safety-critical application.

Joint Projects

In addition, the department participates in other joint projects, comprising:

• Since 2005 IFE has contributed to the research within safety of computer based in nuclear power plants through a number of projects. In the COMPSIS project, established and administrated by OECD-NEA, IFE has the role as Operational Agent. Focus is on the development of a database for reporting and assessing events reports from nuclear installations.
• In the project MORE, funded by Nordisk kjernesikkerhetsforskning (NKS), IFE is leading the research focusing on the treatment of large amount of requirements in a modernisation process. Results from the project is a model for tracing requirements from theirs origin, through development, to their final version.

Examples of some previous joint projects are:

• CORAS (A Platform for Risk Analysis of Security Critical Systems) - EU-research project IST-2000-25031. The overall objective for the project CORAS is to provide an integrated methodology to aid the design of secure systems and thus establish trust and confidence in products.
• A Nordic co-operative project on "Traceability and Communication of Requirements in Digital I&C Systems Development" (TACO). The overall aim of the project is to identify the main issues related to traceability and communication of requirements in digital I&C systems development. Particular concern is given to interfaces between customer and vendor. TACO constitutes a network where experiences and information on this subject can be shared.
• HMS Petroleum, a competence development project on Change, Organisation, and Technology in the petroleum sector. The project focuses on organisational and technological changes of importance for health, environment, and safety (HES) in Norwegian petroleum processing. The overall aim is to develop new knowledge that will improve the abilities of the different actors involved in petroleum processing to handle HES under these changes.

Consultancy

The research is complemented by consultancy activities towards Norwegian and foreign companies.

The activities at IFE on giving support for risk analyses, safety analyses and safety documentation of ATM systems have been present for some years. The main customer has been Park Air Systems, which is one of the world leading providers of systems and solutions for ATM, and the provider of a large delivery of improved equipment for ”Air Traffic Control Voice Communications Systems” to the National Air Traffic Services (NATS) in UK.

In addition IFE has contributed in projects for an other provider ARTech, and IFE is supporting Avinor on the operational safety assessment related to the use of a satellite based landing systems (SCAT-I).

RID is also active in the project Integrated Operations (IO).

Previously members of the department have also been involved in projects forcompanies as: Petroliumstilsynet, Navita og Alcatel.