Verocel, CSI Awarded FAA Research Contract to Study Use of Reverse Engineering for Safety-Critical Avionics Software Projects

WESTFORD, MA and EASTSOUND, WA--(Marketwire - November 10, 2009) - Verocel Inc., an independent software verification company, and Certification Services, Inc. (CSI), a consultancy specializing in airborne and ground-based aviation-related digital systems, announced today that they have won a research contract from the Federal Aviation Administration (FAA) to study the use of reverse engineering techniques, which are prevalent in the development of safety-critical software for avionics and digital systems applications. The research promises to have a profound impact on accepted development practices in the multi-billion dollar avionics industry, and also will apply to reverse engineering of commercial off the shelf (COTS) software. Reverse engineering processes are those where the development of requirements, design and code are not performed in a strict sequence.

The two-year project calls for Verocel and CSI to review current industry practices in reverse engineering and potential safety concerns, and will result in a proposed framework to help reduce potential risks. The ensuing guidance criteria that would implement such a framework are intended to be published as a report to help the FAA formulate future policies.

"Reverse engineering is widespread in the software avionics development industry, but guidance in this area is misunderstood and not applied uniformly, leading to confusion," says Mike DeWalt, chief scientist of CSI. Adds George Romanski, president of Verocel, "With the separation and globalization of the development and verification processes for high-integrity software, it is important to establish well-defined and coordinated process plans and procedures that provide confidence in the safety critical product."

Examples of reverse engineering include the development of source code before requirements are developed, or formalizing the design after the code is complete. However, concerns about using reverse engineering for software-critical avionics applications have been raised by the Certification Authority Software Team (CAST) in their position paper (CAST-18). "These concerns will be addressed in this study," says Romanski, "which will result in a proposed framework of processes and procedures for the FAA that does not compromise safety expectations regarding the use of reverse engineering."

There are two phases to the research. Phase 1 will gather information across a wide range of sources using literature searches, direct solicitation from certification and industry authorities, information extracted from available data, and information gathered from regulatory materials. These activities are expected to lead to the formulation of a recommended reverse engineering framework. Phase 2 activities will validate this framework through review of the results, performance of completeness checks, and the execution of a case study to demonstrate the applicability and efficacy of the proposed framework.

Pros and Cons of Reverse Engineering

Software development that starts from some design artifact such as the source code or low level requirements, and is followed by design and requirements development is called reverse engineering. This approach has become popular, especially where the development of certification evidence is outsourced to offshore developers.

"Software development for safety-critical systems with taxing real-time constraints and robustness requirements is particularly difficult," says DeWalt. "In these systems, the required behavior is not always understood before the system is constructed. Reverse engineering has been used to develop prototype systems to help understand the system. In effect, the program is a specification of the intended behavior. Because the software development process is expensive, if the prototype proves successful, it is often used as the basis for the actual implementation. This is why reverse engineering has become so ingrained in the development of avionics applications."

However, the reverse engineering approach raises a number of potential problems in system development that may not satisfy requirements at the system level, or may contain additional behavior in the software that is not required. Reverse engineering traceability between software and system requirements that have been reverse engineered themselves may add vulnerabilities due to the process itself. These must be addressed to ensure confidence in the resultant system.

"The many issues raised in CAST-18 summarize the problems associated with reverse engineering. Among these are poor methodologies, inexperienced practitioners, and poor quality," DeWalt says. "However, other problems are much more profound. These include the potentially large differences in levels of abstraction, the extraction of intended design data from actual implementation data, and so on."

"Our research will explore the errors that can potentially be introduced by reverse engineering and provide techniques for mitigating these errors," Romanski says. "The research will also identify those areas and practices of reverse engineering that could produce results that cannot be shown to be compliant with current guidelines, or that represent potential safety problems. Once these have been determined, the research will propose guidance that can be used to provide assurance that DO-178B objectives can be fulfilled. If there is a need to provide alternate approaches, these will also be identified."

About Verocel, Inc.

Verocel (www.verocel.com) provides expertise and services for software verification in the safety-critical software industry. With a strong presence in the U.S. and in Europe, Verocel has extensive experience providing safety-critical software services in the avionics, nuclear, and railway industries. Services include development and review of software plans and standards, software requirement and test development, software structural coverage analyses, life cycle data traceability, and outsource support.

In addition to consulting services, Verocel has a suite of tools that makes developing certification materials considerably more efficient. The Verocel tool suite automates the labor-intensive, manual processes required for software certification and approval. The tools, including VeroTrace™, VeroStyle™, VerOCode™ and VerOLink™, can automatically generate additional traceability artifacts and documents, and manage all these related artifacts in a configuration management (CM) system. Verocel's tool suite has received praise from FAA designated engineering representatives (DERs) for its ability to automate traceability artifacts and documents, making their auditing job much easier.

About Certification Services, Inc.

Certification Services, Inc. (CSI, www.certification.com), was founded in 1995 to assist aircraft manufacturers, systems suppliers, civil air authorities and military organizations with regulatory approval of their products and equipment. The company has supported hundreds of regulatory approvals, serving more than 250 clients in North and South America, Europe, Japan, China, South Korea, South Africa, Canada, Australia, and the Middle East.

All technical staff at CSI are FAA designees, authorized by the FAA to approve or to recommend approval of safety assessments, environmental qualification test data, software, complex electronic hardware, structural and electrical modifications to existing aircraft, flammability data, conformity inspections, and other data.

CSI provides extensive training in aircraft-level certification and program management, complex system engineering under SAE ARP4754, system safety assessment under SAE ARP4761, complex-hardware design assurance under RTCA/DO-254, software assurance under RTCA/DO-178B, approval of aircraft structure (loads, flutter, fatigue, and damage tolerance), flight test engineering, flight test piloting, and manufacturing inspection.

All trademarks, service marks and company names are the property of their respective owners.

Contact Information: Media Contact: Bill Bradley Bottom Line Communications 978/692-7422 Media Contact: Frank McCormick 360/376-8110