CISM • International Centre for Mechanical Sciences

Reliable Software Design And Production

Meetings and events

Software has bugs, this is well known. Unfortunately, bugs in some critical application contexts (e.g., avionics) can be quite dangerous. Reliable software development follows processes that have been developed in order to guarantee (as much as possible) no software errors. Historically, such processes have been applied only to niche areas, recognized as critical. However, nowadays, with the development of the IoT, software correctness is becoming more and more important, since a small bug in an apparently harmless appliance can be exploited (actually, they have been exploited in quite a few occasions) in order to carry out attacks against critical infrastructures. The objective of this course is to teach techniques for the development of critical software. The course is organized in three parts. The first part of the course is an introduction to software correctness and certification; the second part concentrates on one specific technique, namely the use of the Ranvenscar profile in the context of safety-critical concurrent software; finally, the last part gives an introduction to "engineering-level" cryptography and its correct use in critical applications.

Riccardo Bernardini (University of Udine, Italy)

December 16 - DAY 2 Introduction to cryptography
Software correctness is clearly a condition necessary for security, but it is not sufficient. A piece of software can be correct (in the sense that it behaves as desired), however if informations are not protected during transmission a malicious opponent could disrupt the system.
Cryptography provides a set of tools that can be used to protect the system. It can hide the transmitted information so that unauthorized recipient cannot access it; it can guarantee for the correctness of the received information so that users know that it was not tampered with; it can be used to authenticate the user, guaranteeing that only authorized users can actually use the system.
Cryptography can be taught at three different levels. At the most abstract level we find theoretical cryptography, a branch of mathematics, aiming to develop new cryptographic tools and primitives. The least abstract level is of interest of system managers and practitioners who need to know, for example, how to set up a certificate in a server. This part of the course will refer to the intermediate "engineering" level, that is how to use the tools developed at the most abstract level to design and build a system that satisfies some security requirements.
At the end of this part the participants will know the cryptography jargon, the main cryptography building blocks (cyphers, hash functions, signatures, ...) and the most common attack techniques together with the corresponding countermeasures.

Massimo Bombino (Software Sicuro srl, Italy)

December 15 - DAY 1 Software certification
Software certification has a long history of applications in contexts where a bug can result in important damages, including loss of human lives. The classical application context of software certification is aerospace where certification proved its usefulness: up today not a single death in flight accident can be ascribed to software bugs. Nowadays, everything is interconnected and a bug in a seemly innocent device (a smart lamp, a connected toothbrush or a stereo system) can result in a major failure of a larger system.
The rise of IoT and consequent damages done by hackers exploiting buggy IoT devices, it is forcing engineers to pay more attention to software correctness and it is reasonable to assume that in few years the need for software certification will leave aerospace to colonize all the software application areas such as IoT, business software, AI, and others.
This part of the coursewill introduce the audience to the concept of software certification, starting from the ideas behind certifications, moving to the DO-178C (the American certification standard for aviation) and then closing with the study of some practical cases from real world.

Tuillio Vardanega (University of Padua, Italy)

December 17 - DAY 3 The Ravenscar profile in software development
The Ravenscar Profile (RP) is a compiler-enforced subset of the concurrency-and-synchronization model supported by the Ada programming language. The RP is interesting in a number of ways. Ada has been one of the first programming languages to embrace concurrent programming and to provide structured support for it, designed around algebraic principles that would give it solid grounds.
The RP originated in 1997, after the 1995 periodic revision of the language, which made Ada’s concurrency slicker, making room for data-oriented synchronization in contrast with traditional control-synchronization. This feature was fit for use in real-time systems that would employ (restricted forms of) concurrency instead of static schedule tables, seeking better responsiveness, flexibility, and time-efficiency.
Technically, the RP is a set of restrictions, designed so that their use in an application would provide three key benefits: (1) Stripping the run-time system of all excluded features; (2) allowing the compiler to ascertain statically the conformance of the source program to the profile restrictions and (3) enabling the application of advanced scheduling analysis to the system. The resulting system would be a small-footprint image, perfectly equipped to run on resource-constrained bare-board hardware, with no operating system.
This part of the course will introduce the audience to the Ravenscar Profile, both from a theoretical (in the morning) and practical (in the afternoon) viewpoint. At the end of this part the participants will know what the RP is and how to use it in practical cases.


DAY 1 No special requirements
DAY 2 A PC with Octave is required. Octave is available for Linux, MacOS, Windows and BSD and it is freely downloadable from
DAY 3 A PC with the AdaCore GPS environment is required for the second part. The GPS environment is available both for Windows and Linux and it is freely downloadable from

The webinar course is addressed to doctoral students, young researchers and professionals with interest in software safety, on a first come first served basis.
The registration fee is 100,00 Euro + VAT taxes*, where applicable (bank charges are not included).
Undergraduate and postgraduate students (PhD) as well as young researchers are exempted from the registration fee.
Online registration is available at courses/E2004
A message of confirmation will be sent to accepted participants.
The application deadline is November 5, 2020

* Italian VAT is 22%.