Logo PTI Logo FedCSIS

Proceedings of the 18th Conference on Computer Science and Intelligence Systems

Annals of Computer Science and Information Systems, Volume 35

Risk-Based Continuous Quality Control for Software in Legal Metrology

, , ,

DOI: http://dx.doi.org/10.15439/2023F6171

Citation: Proceedings of the 18th Conference on Computer Science and Intelligence Systems, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 35, pages 451461 ()

Full text

Abstract. Measuring instruments are increasingly defined by complex software while using simple hardware sensors. For such systems, software conformity between certified prototypes and devices in the field is usually demonstrated using version numbers and hashes over executable code. Legal requirements for regulated instruments could equally be satisfied if prototype and device in the field display identical functional behavior even if hashes differ. Such functional identification can give instrument manufacturers room for software patches and bugfixes without the need for recertification. Based on the L∗ algorithm, which is used to learn the language which deterministic finite automata accept, a risk-based method is proposed that realizes automatic functional identification of software to a certain extent, thereby enabling quality control of regularly updated measuring instruments without the need for frequent manual inspections. Risk assessment may be used to identify critical state transitions in monitored devices, which can be used to trigger recertifications if needed.

References

  1. M. Jang, Linux Patch Management: Keeping Linux Systems Up To Date, 1st ed. Prentice Hall, Jan. 2006. ISBN 978-0132366755
  2. S. Windmüller, J. Neubauer, B. Steffen, F. Howar, and O. Bauer, “Active continuous quality control,” in Proceedings of the International Symposium on Component-Based Software Engineering. ACM, Jun. 2013. http://dx.doi.org/10.1145/2465449.2465469 pp. 111–120.
  3. J. Neubauer, S. Windmüller, and B. Steffen, “Risk-based testing via active continuous quality control,” International Journal on Software Tools for Technology Transfer, vol. 16, pp. 569–591, 2014. http://dx.doi.org/10.1007/s10009-014-0321-6
  4. EC, “Directive 2014/32/EU of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of measuring instruments,” European Union, Council of the European Union; European Parliament, Directive, February 2014.
  5. “WELMEC 7.2 Software Guide,” European cooperation in legal metrology, WELMEC Secretariat, Braunschweig, Standard, Mar. 2022.
  6. M. Sipser, Introduction to the theory of computation, 2nd ed. Boston, Massachusetts: Thomson, 2006. ISBN 0-534-95097-3
  7. G. H. Mealy, “A method for synthesizing sequential circuits,” The Bell System Technical Journal, vol. 34, no. 5, pp. 1045–1079, 1955. http://dx.doi.org/10.1002/j.1538-7305.1955.tb03788.x
  8. D. Angluin, “Learning regular sets from queries and counterexamples,” Information and Computation, vol. 75, no. 2, pp. 87–106, 1987. http://dx.doi.org/10.1016/0890-5401(87)90052-6
  9. M. Shahbaz and R. Groz, “Inferring mealy machines,” in FM 2009: Formal Methods, A. Cavalcanti and D. R. Dams, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-05089-3_14. ISBN 978-3-642-05089-3 pp. 207–222.
  10. M. S. Lund, B. Solhaug, and K. Stølen, Model-Driven Risk Analysis - The CORAS Approach. 0314 Oslo, Norway: Springer, 2011. ISBN 978-3-642-12323-8
  11. M. Esche, F. Grasso Toro, and F. Thiel, “Representation of attacker motivation in software risk assessment using attack probability trees,” in Proceedings of the Federated Conference on Computer Science and Information Systems, Prague, Czech Republic, September 2017. http://dx.doi.org/10.15439/2017F112 pp. 763–771.
  12. ISO/IEC, “ISO/IEC 27005:2011(e) Information technology - Security techniques - Information security risk management,” International Organization for Standardization, Geneva, CH, Standard, June 2011.
  13. ——, “ISO/IEC 18045:2008 Common Methodology for Information Technology Security Evaluation,” International Organization for Standardization, Geneva, CH, Standard, September 2008, Version 3.1 Revision 4.
  14. M. Esche and F. Grasso Toro, “Developing defense strategies from attack probability trees in software risk assessment,” in Proceedings of the Conference on Computer Science and Information Systems, 2020. http://dx.doi.org/10.15439/2020F21 pp. 527–536.
  15. “Guide to the expression of uncertainty in measurement - part 6: Developing and using measurement models,” Joint Committee for Guides in Metrology (JCGM), BIPM, Sèvres Cedex FRANCE, techreport, Mar. 2020.
  16. S. Yan, B. Tang, J. Luo, X. Fu, and X. Zhang, “Unsupervised anomaly detection with variational auto-encoder and local outliers factor for kpis,” in 2021 IEEE Intl. Conf. on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking. IEEE, 2021, pp. 476–483.