Skip to Main Content
Current safety-critical embedded systems provide support for increasingly diverse and complex tasks, whose levels of criticality can be extremely different. Rather than validating all software to the highest level of confidence, it is more efficient to focus the validation effort on the most critical components. Consequently, it must be ensured that residual design faults in low criticality software cannot corrupt high criticality components. This paper defines an object-oriented integrity policy which ensures that such a property is enforced. Each object is assigned an integrity level related to its criticality. The policy defines rules to access the object methods so that no object can be corrupted by a lower integrity component. Several sorts of objects are accommodated, enabling safety-critical applications to be designed with great flexibility. This is illustrated by a prototype which is implemented on a CORBA-compliant distributed system.