Murphy Was Here
My boss once said that “All system failures are caused by design faults.” This is because, regardless of the requirements, critical systems should be designed to never fail. It is extremely rare for a critical system to fail in a way that was anticipated by the designers (e.g., redundancy exhaustion). This keynote will explore the factors that lead to designers underestimating the possibility/probabilities of certain failures. Examples of rare, but actually occurring, failures will be given. These will include Byzantine faults, component transmogrification, “evaporating” software, and exhaustively tested software that still failed. Problems that Formal Methods could have found before actual occurrence will be identified as well as problems that are still intractable with the current state of the art. The well known Murphy’s Law states that: “If anything can go wrong, it will go wrong.” For critical systems, the following should be added: “And, if anything can’t go wrong, it will go wrong anyway.”
Mr. Driscoll is a Honeywell Engineer Fellow with over 45 years of experience in the design of safety-critical and security-critical systems, including the aspects of hardware, software, and systems design. He has nearly 50 patents issued or pending and over 50 papers published in these areas. He was instrumental in creating several network standards, including ARINC 659 SAFEbus, SAE AS4710 PI-bus, and IEEE 1149 JTAG. He led the effort to create the “Handbook for Data Network Evaluation Criteria” for the FAA. Mr. Driscoll created the concept and terminology for “time and space partitioning”. He has been the electronic system architect for space vehicles (e.g., NASA’s Orion Crew Exploration Vehicle), aircraft (e.g., Boeing 777 AIMS), ground and unmanned underwater vehicles (classified). Prior to joining Honeywell, he worked in the areas of voice and data cryptography for the U.S. Army Security Agency and has developed cryptography specifically for real-time systems.