Building high-assurance systems using COTS components: whether, why, when and how?

Abstract

The implementation of COTS-based high assurance is becoming a major challenge today when cost concern has led to increased use of COTS products for critical applications. On the other hand, vendors remain reluctant to incorporate fault tolerance features into COTS products because doing so is likely to increase development and production costs and thus weaken the market competitiveness of their products. Therefore, it is crucial for us to cope with the current state of COTS.This panel brings together the researchers and practitioners with expertise, experiences and insights on using COTS components to build high-assurance systems. The purpose of the panel is to foster debating, exchanging and integrating opinions, ideas and solutions from various perspective (e.g., COTS software versus COTS hardware, COTS for long-life deep-space systems versus COTS for highly-available communication applications). We specially solicitate different opinions on the following issues: Whether can we build high-assurance systems using COTS components? Why is it inappropriate or impossible to build high-assurance systems using COTS components? (If the answer to the first question is "No.") Why is it possible to use COTS components that are not designed for critical applications to build high-assurance systems? (If the answer to the first question is "Yes.") When (that is, under which circumstances and conditions) is it appropriate to use COTS components for high-assurance systems? How do we derive solutions to mitigate the problems and inadequacies of COTS products?Among the particular questions we intend to discuss are: 1. What are the evaluation criteria and tradeoff strategies for COTS product selection for high-assurance systems?2. Is it viable to influence the vendors to provide or enhance high-assurance properties for the future versions of their COTS products? What are the strategies?3. Which will be the most practical and effective basis for us to develop methodologies that mitigate the effects of design faults and/or inadequacies of COTS software: fault predication, fault containment, or adaptive fault tolerance4. Is it possible and practical to integrate the methods for mitigating the effects of the design faults/inadequacies of COTS software and hardware in a high-assurance system? And how, if the answer is positive?