City University London - Centre for Software Reliability (UK)

Profile and Expertise

The Centre for Software Reliability (CSR) is an independent research centre in the School of Informatics at City University, London. The Centre was founded in 1983 to address the new reliability problems posed by software. Its scope of research now covers various aspects of system dependability and resilience, including quantitative methods for security assessment, dependability of human-machine systems, and assessment of interdependent critical infrastructures. Over the years, CSR has attracted research funding from the UK Research Councils and the EU Framework Programmes (on many projects on dependability), from industry, such as British Energy, EdF, Rolls Royce, from other UK and international agencies and private foundations; and built an international reputation for research achievements, acknowledged as world-class in the periodic UK-wide "research assessment exercises".

CSR applies rigorous probabilistic/statistical methods and engineering expertise to difficult problems of prediction and decision. Throughout the years, CSR has been influential in advocating and in defining a rigorous, quantitative approach to reasoning about dependability and safety, and in this direction it has given substantial contributions, for instance in software reliability, software metrics, and diversity for dependability.

Main tasks

WP1 – CITY will contribute to the study of requirements with an emphasis on the needs for analysis and assessment in WP2 and WP3

WP2 – CITY will take part in the analysis and classification of mechanisms for safety and security, and contribute to the analysis with simple probabilistic models, applying its experience in modeling interdependencies via Stochastic Activity Networks.

WP3 – CITY will lead this workpackage; it will contribute to define the security and safety metrics of interest, and matching empirical techniques for assessing them by measurement at the building block and at the system level. It will also contribute to combined probabilistic modeling of security and safety, specifically to validation of models and arguments, using an “assurance case” approach, and where necessary taking into account uncertainty about modeling assumptions and parameter values.

WP4 – CITY will contribute to the development of the methodology and assist with making its models available via the tool chain.

WP5 – CITY will provide methodological support concerning the techniques it has contributed to WP2 and WP3, and assist with evaluating the use cases and providing feedback on the methods and tools.

WP6 – CITY will mainly contribute by publication of papers and presentations at conferences, as well as preparing material for inclusion in its courses and tutorials

Relevant Experience

CITY’s research and consultancy cover quantitative assessment of reliability, safety and security, using empirical and/or model-based methods, and rigorous integration of evidence from diverse methods (CSR pioneered the use of Bayesian networks in this application). Most of its applied work concerns safety-critical, embedded systems. Its research increasingly deals with both malicious and accidental risk (security and dependability), as exemplified in EU projects IRRIIS (Integrated Risk Reduction of Information-Based Infrastructure Systems), ReSIST (Resilience for Survivability in Information Society Technologies) and AMBER (Assessing, Measuring, and Benchmarking Resilience). Besides operating on probabilistic models with various tools, we have built front-ends that support rapid specification of complex models by application experts without deep knowledge of the specialist tools. Recent research has involved examining the European Railway Traffic Management (ERTMS) specifications from a security perspective rather than a safety perspective. Our dissemination activities include scientific publications and tutorials for industry. CSR has extensive experience of collaborative projects with all the other major European research centres in dependability, and with many industrial companies. In particular, CSR has close working links with Adelard, a consultancy in safety-critical systems and participant in SESAMO.