Lecture Notes in Computer Science Edited by G. Goos, J. Hartmanis, and J. van Leeuwen
2434
3
Berlin Heidelberg New York Barcelona Hong Kong London Milan Paris Tokyo
Stuart Anderson Sandro Bologna Massimo Felici (Eds.)
Computer Safety, Reliability and Security 21st International Conference, SAFECOMP 2002 Catania, Italy, September 10-13, 2002 Proceedings
13
Series Editors Gerhard Goos, Karlsruhe University, Germany Juris Hartmanis, Cornell University, NY, USA Jan van Leeuwen, Utrecht University, The Netherlands Volume Editors Stuart Anderson Massimo Felici The University of Edinburgh, LFCS, Division of Informatics Mayfield Road, Edinburgh EH9 3JZ, United Kingdom E-mail: {soa, mas}@dcs.ed.ac.uk Sandro Bologna ENEA CR Casaccia Via Anguillarese, 301, 00060 Rome, Italy E-mail:
[email protected] Cataloging-in-Publication Data applied for Die Deutsche Bibliothek - CIP-Einheitsaufnahme Computer safety, reliability and security : 21th international conference ; proceedings / SAFECOMP 2002, Catania, Italy, September 10 - 13, 2002. Stuart Anderson ... (ed.). - Berlin ; Heidelberg ; New York ; Hong Kong ; London ; Milan ; Paris ; Tokyo : Springer, 2002 (Lecture notes in computer science ; Vol. 2434) ISBN 3-540-44157-3
CR Subject Classification (1998):D.1-4, E.4, C.3, F.3, K.6.5 ISSN 0302-9743 ISBN 3-540-44157-3 Springer-Verlag Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer-Verlag. Violations are liable for prosecution under the German Copyright Law. Springer-Verlag Berlin Heidelberg New York a member of BertelsmannSpringer Science+Business Media GmbH http://www.springer.de © Springer-Verlag Berlin Heidelberg 2002 Printed in Germany Typesetting: Camera-ready by author, data conversion by DA-TeX Gerd Blumenstein Printed on acid-free paper SPIN 10870130 06/3142 543210
Preface
Welcome to SAFECOMP 2002, held in Catania, Italy. Since its establishment SAFECOMP, the series of conferences on Computer Safety, Reliability, and Security, has contributed to the progress of the state of the art in dependable applications of computer systems. SAFECOMP provides ample opportunity to exchange insights and experiences in emerging methods and practical experience across the borders of different disciplines. Previous SAFECOMPs have already registered the need for multidisciplinarity in order better to understand dependability of computer-based systems in which human factors still remain a major criticality. SAFECOMP 2002 further addresses multidisciplinarity by collaborating and coordinating its annual activities with the Eleventh European Conference on Cognitive Ergonomics (ECCE-11). This year, SAFECOMP 2002 and ECCE-11 jointly organized an industry panel on Human-Computer System Dependability. The cross-fertilization among different scientific communities and industry supports the achievement of long-term results contributing to the integration of multidisciplinary experience in order to improve the design and deployment of dependable computer-based systems. SAFECOMP 2002 addressed the need to broaden the scope of disciplines contributing to dependability. The SAFECOMP 2002 program consisted of 27 refereed papers chosen from 69 submissions from all over the word. The review process was possible thanks to the valuable work of the International Program Committee and the external reviewers. SAFECOMP 2002 also included three invited keynote talks, which enhanced the technical and scientific merit of the conference. We would like to thank the International Program Committee, the organizing committee, the external reviewers, the keynote speakers, the panelists, and the authors for their work and support for SAFECOMP 2002. We would also like to thank the ECCE-11 people, who collaborated with us in organizing this week of events. We really enjoyed the work and we hope you appreciate the care that we put into organizing an enjoyable and fruitful conference. Finally, we will be glad to welcome you again to SAFECOMP 2003 in Edinburgh, Scotland.
July 2002
Sandro Bologna Stuart Anderson Massimo Felici
General Chair Sandro Bologna, I
Program Co-chairs Stuart Anderson, UK Massimo Felici, UK
EWICS TC7 Chair Udo Voges, D
International Program Committee Stuart Anderson, UK Liam J. Bannon, IRL Antonia Bertolino, I Helmut Bezecny, D Robin Bloomfield, UK Andrea Bondavalli, I Helmut Breitwieser, D Peter Daniel, UK Bas de Mol, NL Istvan Erenyi, HU Hans R. Fankhauser, S Massimo Felici, UK Robert Garnier, F Robert Genser, A Chris Goring, UK Janusz Gorski, PL Erwin Grosspietsch, D Michael Harrison, UK Maritta Heisel, D Erik Hollnagel, S Chris Johnson, UK
Mohamed Kaˆ aniche, F Karama Kanoun, F Floor Koornneef, NL Vic Maggioli, US Patrizia Marti, I Odd Nordland, NO Alberto Pasquini, I Gerd Rabe, D Felix Redmill, UK Antonio Rizzo, I Francesca Saglietti, D Erwin Schoitsch, A Meine van der Meulen, NL Udo Voges, D Marc Wilikens, I Rune Winther, NO Stefan Wittmann, D Eric Wong, US Janusz Zalewski, US Zdzislaw Zurakowski, P
Organizing Committee Stuart Anderson, UK Antonia Bertolino, I Domenico Cantone, I Massimo Felici, UK Eda Marchetti, I
Alberto Pasquini, I Elvinia Riccobene, I Mark-Alexander Sujan, D Lorenzo Vita, I
Organization
External Reviewers Claudia Betous Almeida, F Iain Bate, UK Giampaolo Bella, I Stefano Bistarelli, I Linda Brodo, I L. H. J. Goossens, NL Bjørn Axel Gran, NO Fabrizio Grandoni, I Silvano Chiaradonna, I Andrea Coccoli, I Felicita Di Giandomenico, I Juliana K¨ uster Filipe, UK
Marc-Olivier Killijian, F Frank Koob, D Martin Lange, UK Eckhard Liebscher, D Eda Marchetti, I Marc Mersiol, F Stefano Porcarelli, I Andrey A. Povyakalo, UK Thomas Santen, D Mark-Alexander Sujan, D Konstantinos Tourlas, UK
VII
VIII
Organization
Scientific Sponsor
in collaboration with the Scientific Co-sponsors AICA – Associazione Italiana per l’Informatica ed il Calcolo Automatico ARCS – Austrian Research Centers Seibersdorf Interdisciplinary Research Collaboration in Dependability of Computer-Based Systems EACE – European Association of Cognitive Ergonomics ENCRESS – European Network of Clubs for Reliability and Safety of Software GI – Gesellschaft f¨ ur Informatik
IFAC – International Federation of Automatic Control IFIP – WG10.4 on Dependable Computing and Fault Tolerance IFIP – WG13.5 on Human Error, Safety and System Development ISA-EUNET OCG – Austrian Computer Society SCSC – Safety-Critical Systems Club SRMC – Software Reliability & Metrics Club
Organization
SAFECOMP 2002 Organization
SAFECOMP 2002 Management Tool
IX
List of Contributors
K. Androutsopoulos Department of Computer Science King’s College London Strand, London WC2R 2LS United Kingdom
Sandro Bologna ENEA CR Casaccia Via Anguillarese, 301 00060 - Roma Italy
Christopher Bartlett BAE SYSTEMS United Kingdom
R.W. Born MBDA UK Ltd. Filton, Brstol, United Kingdom
Iain Bate Department of Computer Science University of York York YO10 5DD United Kingdom M. Benerecetti Dept. of Physics University of Naples ”Federico II” Napoli Italy Helmut Bezecny Dow Germany Peter G. Bishop Adelard and Centre for Software Reliability, City University Northampton Square London EC1V 0HB United Kingdom Robin Bloomfield Adelard and Centre for Software Reliability, City University Northampton Square London EC1V 0HB United Kingdom A. Bobbio DISTA Universit` a del Piemonte Orientale 15100 - Alessandria Italy
Jan Bredereke Universit¨ at Bremen FB 3 · P.O. box 330 440 D-28334 Bremen Germany Jos´e Carlos Campelo Departamento de Inform´ atica de Sistemas y Computadoras, Universidad Polit´ecnica de Valencia, 46022 - Valencia Spain Luping Chen Safety Systems Research Centre Department of Computer Science University of Bristol Bristol, BS8 1UB United Kingdom E. Ciancamerla ENEA CR Casaccia Via Anguillarese, 301 00060 - Roma Italy D. Clark Department of Computer Science King’s College London Strand, London WC2R 2LS United Kingdom
List of Contributors
XI
Tim Clement Adelard Drysdale Building Northampton Square London EC1V 0HB United Kingdom
Thomas Droste Institute of Computer Science, Dept. of Electrical Engineering and Information Sciences, Ruhr Univ. Bochum, 44801 Bochum Germany
Paulo S´ergio Cugnasca Escola Polit´ecnica da Universidade de S˜ ao Paulo, Dept of Computer Engineering and Digital Systems, CEP 05508-900 - S˜ ao Paulo Brazil
G. Franceschinis DISTA Universit` a del Piemonte Orientale 15100 - Alessandria Italy
Ferdinand J. Dafelmair ¨ S¨ TUV uddeutschland Westendstrasse 199 80686 M¨ unchen Germany Dino De Luca NOKIA Italia S.p.A. Stradale Vincenzo Lancia 57 95121 Catania Italy ´Italo Romani de Oliveira Escola Polit´ecnica da Universidade de S˜ ao Paulo, Dept of Computer Engineering and Digital Systems, CEP 05508-900 - S˜ ao Paulo Brazil S. D. Dhodapkar Reactor Control Division Bhabha Atomic Research Centre Mumbai 400085 India Theo Dimitrakos CLRC Rutherford Appleton Laboratory (RAL) Oxfordshire United Kingdom
Rune Fredriksen Institute For Energy Technology P.O. Box 173 1751 Halden Norway R. Gaeta Dipartimento di Informatica Universit` a di Torino 10150 - Torino Italy Bjørn Axel Gran Institute For Energy Technology P.O. Box 173 1751 Halden Norway M. Gribaudo Dip. di Informatica Universit` a di Torino 10149 - Torino Italy Sofia Guerra Adelard Drysdale Building Northampton Square London EC1V 0HB United Kingdom Mark Hartswood School of Informatics University of Edinburgh United Kingdom
XII
List of Contributors
Denis Hatebur ¨ TUViT GmbH System- und Softwarequalit¨ at Am Technologiepark 1, 45032 Essen Germany Klaus Heidtmann Departement of Computer Science Hamburg University Vogt-K¨ olln-Str. 30 D-22527 Hamburg Germany Monika Heiner Brandenburgische Technische Universit¨ at Cottbus Institut f¨ ur Informatik 03013 Cottbus Germany Maritta Heisel Institut f¨ ur Praktische Informatik und Medieninformatik Technische Universit¨ at Ilmenau 98693 Ilmenau Germany Bernhard Hering Siemens I&S ITS IEC OS D-81359 M¨ unchen Germany Erik Hollnagel CSELAB, Department of Computer and Information Science University of Link¨ oping Sweden A. Horv´ ath Dept. of Telecommunications Univ. of Technology and Economics Budapest Hungary
Gordon Hughes Safety Systems Research Centre Department of Computer Science University of Bristol Bristol, BS8 1UB United Kingdom Jef Jacobs Philips Semiconductors, Bld WAY-1, Prof. Holstlaan 4 5656 AA Eindhoven The Netherlands Tim Kelly Department of Computer Science University of York York YO10 5DD United Kingdom Tai-Yun Kim Department of Computer Science & Engineering, Korea University Anam-dong Seungbuk-gu Seoul Korea John C. Knight Department of Computer Science University of Virginia, 151, Engineer’s Way, P.O. Box 400740 Charlottesville, VA22904-4740 USA Monica Kristiansen Institute For Energy Technology P.O. Box 173 1751 Halden Norway Axel Lankenau Universit¨ at Bremen FB 3 · P.O. box 330 440 D-28334 Bremen Germany K. Lano Department of Computer Science King’s College London Strand, London WC2R 2LS United Kingdom
List of Contributors
XIII
Bev Littlewood Centre for Software Reliability City University, Northampton Square, London EC1V 0HB United Kingdom
Yiannis Papadopoulos Department of Computer Science University of Hull Hull, HU6 7RX United Kingdom
John May Safety Systems Research Centre Department of Computer Science University of Bristol Bristol, BS8 1UB United Kingdom
Bernard Pavard GRIC – IRIT Paul Sabatier University Toulouse France
M. Minichino ENEA CR Casaccia Via Anguillarese, 301 00060 - Roma Italy Ali Moeini University of Tehran n. 286, Keshavarz Blvd 14166 – Tehran Iran MahdiReza Mohajerani University of Tehran n. 286, Keshavarz Blvd 14166 – Tehran Iran Tom Arthur Opperud Telenor Communications AS R&D Fornebu Norway Frank Ortmeier Lehrstuhl f¨ ur Softwaretechnik und Programmiersprachen Universit¨ at Augsburg D-86135 Augsburg Germany M. Panti Istituto di Informatica University of Ancona Ancona Italy
S.E. Paynter MBDA UK Ltd. Filton, Brstol, United Kingdom Peter Popov Centre for Software Reliability City University Northampton Square, London United Kingdom L. Portinale DISTA Universit` a del Piemonte Orientale 15100 - Alessandria Italy Rob Procter School of Informatics University of Edinburgh United Kingdom S. Ramesh Centre for Formal Design and Verification of Software IIT Bombay, Mumbai 400076 India Wolfgang Reif Lehrstuhl f¨ ur Softwaretechnik und Programmiersprachen Universit¨ at Augsburg D-86135 Augsburg Germany
XIV
List of Contributors
Yoon-Jung Rhee Department of Computer Science & Engineering, Korea University Anam-dong Seungbuk-gu Seoul Korea Francisco Rodr´ıguez Departamento de Inform´ atica de Sistemas y Computadoras, Universidad Polit´ecnica de Valencia, 46022 - Valencia Spain Thomas Rottke ¨ TUViT GmbH System- und Softwarequalit¨ at Am Technologiepark 1, 45032 Essen Germany Mark Rouncefield Department of Computing University of Lancaster United Kingdom Job Rutgers Philips Design The Netherlands Titos Saridakis NOKIA Research Center PO Box 407 FIN-00045 Finland Gerhard Schellhorn Lehrstuhl f¨ ur Softwaretechnik und Programmiersprachen Universit¨ at Augsburg D-86135 Augsburg Germany Juan Jos´e Serrano Departamento de Inform´ atica de Sistemas y Computadoras, Universidad Polit´ecnica de Valencia, 46022 - Valencia Spain
Andrea Servida European Commission DG Information Society C-4 B1049 Brussels Belgium Babita Sharma Reactor Control Division Bhabha Atomic Research Centre Mumbai 400085 India Roger Slack School of Informatics University of Edinburgh United Kingdom L. Spalazzi Istituto di Informatica University of Ancona Ancona Italy Ketil Stølen Sintef Telecom and Informatics, Oslo Norway S.Tacconi Istituto di Informatica University of Ancona Ancona Italy Andreas Thums Lehrstuhl f¨ ur Softwaretechnik und Programmiersprachen Universit¨ at Augsburg D-86135 Augsburg Germany Helmut Trappschuh Siemens I&S ITS IEC OS D-81359 M¨ unchen Germany
List of Contributors
Jos Trienekens Frits Philips Institute Eindhoven University of Technology Den Dolech 2 5600 MB Eindhoven The Netherlands E. Tronci Dip. di Informatica Universit` a di Roma ”La Sapienza” 00198 - Roma Italy Alexander Voß School of Informatics University of Edinburgh United Kingdom
XV
Robin Williams Research Centre for Social Sciences University of Edinburgh United Kingdom Wenhui Zhang Laboratory of Computer Science Institute of Software Chinese Academy of Sciences P.O.Box 8718, 100080 Beijing China
Table of Contents
Human-Computer System Dependability (Joint ECCE-11 & SAFECOMP 2002) Human-Computer System Dependability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Panel moderators: Sandro Bologna and Erik Hollnagel Dependability of Joint Human-Computer Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Erik Hollnagel
Keynote Talk Dependability in the Information Society: Getting Ready for the FP6 . . . . . . 10 Andrea Servida
Human Factors A Rigorous View of Mode Confusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Jan Bredereke and Axel Lankenau Dependability as Ordinary Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Alexander Voß, Roger Slack, Rob Procter, Robin Williams, Mark Hartswood, and Mark Rouncefield
Security Practical Solutions to Key Recovery Based on PKI in IP Security . . . . . . . . . . 44 Yoon-Jung Rhee and Tai-Yun Kim Redundant Data Acquisition in a Distributed Security Compound . . . . . . . . . .53 Thomas Droste Survivability Strategy for a Security Critical Process . . . . . . . . . . . . . . . . . . . . . . . 61 Ferdinand J. Dafelmair
Dependability Assessment (Poster Session) Statistical Comparison of Two Sum-of-Disjoint-Product Algorithms for Reliability and Safety Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Klaus Heidtmann
XVIII Table of Contents
Safety and Security Analysis of Object-Oriented Models . . . . . . . . . . . . . . . . . . . .82 Kevin Lano, David Clark, and Kelly Androutsopoulos The CORAS Framework for a Model-Based Risk Management Process . . . . . 94 Rune Fredriksen, Monica Kristiansen, Bjørn Axel Gran, Ketil Stølen, Tom Arthur Opperud, and Theo Dimitrakos
Keynote Talk Software Challenges in Aviation Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106 John C. Knight
Application of Formal Methods (Poster Session) A Strategy for Improving the Efficiency of Procedure Verification . . . . . . . . . 113 Wenhui Zhang Verification of the SSL/TLS Protocol Using a Model Checkable Logic of Belief and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Massimo Benerecetti, Maurizio Panti, Luca Spalazzi, and Simone Tacconi Reliability Assessment of Legacy Safety-Critical Systems Upgraded with Off-the-Shelf Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Peter Popov
Reliability Assessment Assessment of the Benefit of Redundant Systems . . . . . . . . . . . . . . . . . . . . . . . . . .151 Luping Chen, John May, and Gordon Hughes Estimating Residual Faults from Code Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Peter G. Bishop
Design for Dependability Towards a Metrics Based Verification and Validation Maturity Model . . . . . 175 Jef Jacobs and Jos Trienekens Analysing the Safety of a Software Development Process . . . . . . . . . . . . . . . . . . 186 Stephen E. Paynter and Bob W. Born Software Criticality Analysis of COTS/SOUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Peter Bishop, Robin Bloomfield, Tim Clement, and Sofia Guerra
Table of Contents
XIX
Safety Assessment Methods of Increasing Modelling Power for Safety Analysis, Applied to a Turbine Digital Control System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212 Andrea Bobbio, Ester Ciancamerla, Giuliana Franceschinis, Rossano Gaeta, Michele Minichino, and Luigi Portinale Checking Safe Trajectories of Aircraft Using Hybrid Automata . . . . . . . . . . . . 224 ´ Italo Romani de Oliveira and Paulo S´ergio Cugnasca Model-Based On-Line Monitoring Using a State Sensitive Fault Propagation Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236 Yiannis Papadopoulos
Keynote Talk On Diversity, and the Elusiveness of Independence . . . . . . . . . . . . . . . . . . . . . . . . 249 Bev Littlewood
Design for Dependability (Poster Session) An Approach to a New Network Security Architecture for Academic Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 MahdiReza Mohajerani and Ali Moeini A Watchdog Processor Architecture with Minimal Performance Overhead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Francisco Rodr´ıguez, Jos´e Carlos Campelo, and Juan Jos´e Serrano
Application of Formal Methods Model-Checking Based on Fluid Petri Nets for the Temperature Control System of the ICARO Co-generative Plant . . .273 M. Gribaudo, A. Horv´ ath, A. Bobbio, E. Tronci, E. Ciancamerla, and M. Minichino Assertion Checking Environment (ACE) for Formal Verification of C Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 B. Sharma, S. D. Dhodapkar, and S. Ramesh Safety Analysis of the Height Control System for the Elbtunnel . . . . . . . . . . . 296 Frank Ortmeier, Gerhard Schellhorn, Andreas Thums, Wolfgang Reif, Bernhard Hering, and Helmut Trappschuh
XX
Table of Contents
Design for Dependability Dependability and Configurability: Partners or Competitors in Pervasive Computing? . . . . . . . . . . . . . . . . . . . . . . . . 309 Titos Saridakis Architectural Considerations in the Certification of Modular Systems . . . . . 321 Iain Bate and Tim Kelly A Problem-Oriented Approach to Common Criteria Certification . . . . . . . . . .334 Thomas Rottke, Denis Hatebur, Maritta Heisel, and Monika Heiner Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347
