Justifying the Dependability of Computer-based Systems

Safety is a paradoxical system property. It remains immaterial, intangible and invisible until a failure, an accident or a catastrophy occurs and, too late, reveals its absence. And yet, a system cannot be relied upon unless its safety can be explained, demonstrated and certified. The practical and difficult questions which motivate this study concern the evidence and the arguments needed to justify the safety of a computer based system, or more generally its dependability. Dependability is a broad concept integrating properties such as safety, reliability, availability, maintainability and other related characteristics of the behaviour of a system in operation. How can we give the users the assurance that the system enjoys the required dependability? How should evidence be presented to certification bodies or regulatory authorities? What best practices should be applied? How should we decide whether there is enough evidence to justify the release of the system? To help answer these daunting questions, a method and a framework are proposed for the justification of the dependability of a computer-based system. The approach specifically aims at dealing with the difficulties raised by the validation of software. Hence, it should be of wide applicability despite being mainly based on the experience of assessing Nuclear Power Plant instrumentation and control systems important to safety. To be viable, a method must rest on a sound theoretical background.

Pierre-Jacques Courtois is a professor of computer science in the engineering department of the Catholic University of Louvain-la-Neuve in Belgium. He has degrees in electrical engineering and nuclear physics, and a doctorate in applied sciences. Formerly with the Philips Research Laboratory in Brussels, he has been working for the last fifteen years at the Belgian authorized inspection agency for nuclear installations, where he is in charge of the assessment of safety critical software based systems used in nuclear power plants. He has served as a consultant to the OECD and to the IAEA for issuing guidance on the design and validation of software important to nuclear safety. He has also served as the chairman of the European Commission nuclear regulator task force on licensing issues of nuclear safety critical software, and he has been active in several European research projects on dependable computer systems and nuclear safety.